[tor-dev] Proposal Waterfilling

s7r s7r at sky-ip.org
Wed Mar 7 22:54:17 UTC 2018


Florentin Rochet wrote:
> Hello,
> On 2018-03-07 14:31, Aaron Johnson wrote:
>> Hello friends,
>>> 1) The cost of IPs vs. bandwidth is definitely a function of market
>>> offers. Your $500/Gbps/month seems quite expensive compared to what
>>> can be found on OVH (which is hosting a large number of relays): they
>>> ask ~3 euros/IP/month, including unlimited 100 Mbps traffic. If we
>>> assume that wgg = 2/3 and a water level at 10Mbps, this means that,
>>> if you want to have 1Gbps of guard bandwidth,
>>> - the current Tor mechanisms would cost you 3 * 10 * 3/2 = 45 euros/month
>>> - the waterfilling mechanism would cost you 3 * 100 = 300 euros/month
>> The question of what the cheapest attack is can indeed be estimated by
>> looking at market prices for the required resources. Your cost
>> estimate of 3.72 USD/Gbps/month for bandwidth seems off by two orders
>> of magnitude.
> Let me merge your second answer here:
>> I see that I misread your cost calculation, and that you estimated $37.20/Gbps/month instead of $3.72/Gbps/month. This still seems low by an order of magnitude. Thus, my argument stands: waterfilling would appear to decrease the cost to an adversary of getting guard probability compared to Tor’s current weighting scheme.
> There is still something wrong.  Let's assume the adversary wants to run
> 1 Gbps of real guard bandwidth.
> With vanilla Tor, the cheapest (considering only OVH) is:
> VPS SSD 1 (https://www.ovh.com/fr/vps/vps-ssd.xml): You need 10 of them
> to reach 1Gbps of bandwidth, but you need 15 of them to actually relay 1
> Gbps in the guard position (due to wgg = 2/3 roughly). This is our
> calculation above: 3*10*3/2 = 45 euros/month (or a few more dollars).
> With Waterfilling, we assume above a water level of 10 Mbits, so we need:
> 100 VPS SSD 1 relaying 1Gbps at the guard position, which the cost turns
> to be 3*100 = 300 euros/month.

A VPS is a shared resource environment. All VPSes on a single physical
server share the same NIC(s). While they do advertise a port speed (like
unlimited traffic at 100 mbps, 250 mbps, 1gbps, etc) they actually refer
to the theoretical physical NIC speed. Absolutely all of them have
something like a 'fair usage policy', which means that if you use more
than n % of your port's theoretical max speed during m % of time, they
will either:

a) throttle your VPS to something they find reasonable, like 5mbps or
10mbps maximum (could be far less);

b) suspend your service and force you to get dedicated hardware +
dedicated switch port and bandwidth.

I can guarantee you will never ever _ever_ run 1gpbs of total real
effective bandwidth at the guard position at the cost of 45 euros /
month nowhere in the world (doesn't matter if it's Europe, US or
whatever). Try getting a 3 euros VPS and you'll see that you won't be
able to saturate its port for too long.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 508 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20180308/9d50decd/attachment.sig>

More information about the tor-dev mailing list