[tor-dev] Global semi-passive adversary: suggestion of using expanders
Tom Ritter
tom at ritter.vg
Fri Aug 23 02:15:29 UTC 2013
So I don't work for Tor, nor am I a graph theorist, but I'll add a few
preliminary thoughts.
On 22 August 2013 21:08, Paul-Olivier Dehaye
<paul-olivier.dehaye at math.uzh.ch> wrote:
> As far as I can tell, the main threat by a global passive adversary comes
> from traffic analysis (?).
A Global Passive Adversary is technically outside of Tor's threat
model (see https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#Whatattacksremainagainstonionrouting)
- but if there are easy ways to make it more difficult for such an
adversary, at a low engineering cost - then Tor tends to be up for
them.
> This attack should become easier as the number of
> Tor nodes increases (?)
I'm not sure I agree with that. If the adversary is not global, but
only partly global, then network diversity is crucial. If the
adversary is truely global, I don't think more nodes would help as
much as more _traffic_.
> A dual way to see this is that
> not enough mixing can happen around a node for incoming/outgoing edge pairs,
> bar injecting a huge amount of fake traffic.
In what sense do you use the word 'mixing'? In the traffic analysis
literature, I think it tends to refer to mix networks, and collecting
several messages into a pool before releasing some or all of them
(http://crypto.is/blog/mix_and_onion_networks).
-tom
More information about the tor-dev
mailing list