Dishonest Tor relay math question - tor-talk is to lazy
Dear Cypherpunks community, I came across a post on the Whonix forum recently. Since I am also interested in this question I copied it here: https://forums.whonix.org/t/math-behind-honest-tor-nodes/12464 http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion... The question (edited): How can I calculate how much impact X honest Tor relays have? Is it better to calculate with bandwidth consumed (250Gbps), despite the number of relays (~7000)? Basically, I want to get the mathematical equation to this statement: I run X Tor relays at Y Mb/s each and by doing so I secure Z % of the Tor network! Starting thoughts: - Each “normal” route has three nodes involved: Guard, Middle, Exit - I am aware of guard pinning and vanguard protection for middle relay pinning - Maybe it is easier to assume an infinite usage time of the network to eliminate guard and vanguard pinning - I guess the best is to assume a scenario with 1%, 5%, 10%, etc. dishonest relays My take on this: Tor has approximately 7000 relays. If I consider a number of 5% malicious relays, this would be: 350 My calculation: (1/(7000/350))*(1/(7000/349))*(1/(7000/348)) = 0.000123931 = 0.0123931% 1) Is my approach correct? 2) Not every relay has the same bandwidth. How could I change the calculation to make it more realistic? 3) How can I add the effect of guard fixation? 4) How can I include the effect of mid-node fixation by the vanguard? I would love to hear your thoughts about it and a concrete math equation would be amazing.
How can I calculate how much impact X honest Tor relays have? Is it better to calculate with bandwidth consumed (250Gbps), despite the number of relays (~7000)?
Basically, I want to get the mathematical equation to this statement: I run X Tor relays at Y Mb/s each and by doing so I secure Z % of the Tor network! Starting thoughts: - Each “normal” route has three nodes involved: Guard, Middle, Exit - I am aware of guard pinning and vanguard protection for middle relay pinning - Maybe it is easier to assume an infinite usage time of the network to eliminate guard and vanguard pinning - I guess the best is to assume a scenario with 1%, 5%, 10%, etc. dishonest relays
My take on this: Tor has approximately 7000 relays. If I consider a number of 5% malicious relays, this would be: 350 My calculation: (1/(7000/350))*(1/(7000/349))*(1/(7000/348)) = 0.000123931 = 0.0123931%
1) Is my approach correct?
Generically, assuming you're only running the exit use case, not the HS onion case. You'll probably want to consider some adjustments... - There's not 7k exits, only ~1k, but it's a ratio term so then it only matters if you're expecting different densities of bad/good across each of the guard/mid/exit roles. - There's not 7k guards, only ... . - tor only uses family, /nn cidr blocks, etc once in a circuit... effect is not 7k nodes, but G groups made up of 1-N nodes. Read torspec, scrape consensus, determine the resultant number G that tor actually gives itself to choose from. - Some nodes are down, sleeping, busy, filtered, etc. - Not all exits serve the clearnet ports you want. - Circuits expire, nodes rotate, etc.
2) Not every relay has the same bandwidth. How could I change the calculation to make it more realistic?
Read torspec, scrape consensus, determine how tor is allocating clients across its bandwidth gravity well, etc. See also... https://metrics.torproject.org/
3) How can I add the effect of guard fixation? 4) How can I include the effect of mid-node fixation by the vanguard?
You didn't really define exactly what attack ("dishonesty") you're trying to model, so these settings could render you anywhere from safe, to having no effect and thus still being subject to the exploit. See also... https://anonbib.freehaven.net/ https://git.torproject.org/torspec/
What I want to know is the percentage risk of x malicious nodes to deanonymize a user by controlling the full circuit. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, October 8, 2021 7:35 AM, grarpamp <grarpamp@gmail.com> wrote:
How can I calculate how much impact X honest Tor relays have? Is it better to calculate with bandwidth consumed (250Gbps), despite the number of relays (~7000)? Basically, I want to get the mathematical equation to this statement: I run X Tor relays at Y Mb/s each and by doing so I secure Z % of the Tor network! Starting thoughts:
- Each “normal” route has three nodes involved: Guard, Middle, Exit - I am aware of guard pinning and vanguard protection for middle relay pinning
- Maybe it is easier to assume an infinite usage time of the network to eliminate guard and vanguard pinning
- I guess the best is to assume a scenario with 1%, 5%, 10%, etc. dishonest relays
My take on this: Tor has approximately 7000 relays. If I consider a number of 5% malicious relays, this would be: 350 My calculation: (1/(7000/350))(1/(7000/349))(1/(7000/348)) = 0.000123931 = 0.0123931%
1. Is my approach correct?
Generically, assuming you're only running the exit use case, not the HS onion case.
You'll probably want to consider some adjustments...
- There's not 7k exits, only ~1k, but it's a ratio term so then it only matters if you're expecting different densities of bad/good across each of the guard/mid/exit roles.
- There's not 7k guards, only ... . - tor only uses family, /nn cidr blocks, etc once in a circuit... effect is not 7k nodes, but G groups made up of 1-N nodes. Read torspec, scrape consensus, determine the resultant number G that tor actually gives itself to choose from.
- Some nodes are down, sleeping, busy, filtered, etc. - Not all exits serve the clearnet ports you want. - Circuits expire, nodes rotate, etc.
2. Not every relay has the same bandwidth. How could I change the calculation to make it more realistic?
Read torspec, scrape consensus, determine how tor is allocating clients across its bandwidth gravity well, etc. See also... https://metrics.torproject.org/
3. How can I add the effect of guard fixation? 4. How can I include the effect of mid-node fixation by the vanguard?
You didn't really define exactly what attack ("dishonesty") you're trying to model, so these settings could render you anywhere from safe, to having no effect and thus still being subject to the exploit.
See also... https://anonbib.freehaven.net/ https://git.torproject.org/torspec/
On 09/10/2021 22:17, PrivacyArms wrote:
What I want to know is the percentage risk of x malicious nodes to deanonymize a user by controlling the full circuit.
there isn't a simple answer, but you can work out a lower bound like this: First, note that the actual nodes do not need to be dishonest, the attacker only needs to be able to get traffic data from the node's ISP or somewhere else in the 'net. There are three nodes in use, but the middle node doesn't matter. You could have 20 nodes in between and they still wouldn't matter. If both entry and exit nodes are traffic-compromised then the user can be deanonymised by traffic analysis in roughly one session. Here I am assuming sessions with say 10 blobs of traffic, which is low for eg an internet site visit. Suppose 50% of nodes are traffic-compromised, then if a user makes one session the chances of compromise of the session are 1/4. If the user makes 10 sessions then the probability of deanonymisation of one of those sessions is 94%. Note that any modes in eg the UK or US are automatically traffic-compromised, because GCHQ and NSA can get traffic data for them without specific warrants (and a warrant for traffic data for a Tor node would be almost automatically granted anyway).. Also any traffic which *goes through* the US or UK is traffic-compromised. Peter Fairbrother
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, October 8, 2021 7:35 AM, grarpamp <grarpamp@gmail.com> wrote:
How can I calculate how much impact X honest Tor relays have? Is it better to calculate with bandwidth consumed (250Gbps), despite the number of relays (~7000)? Basically, I want to get the mathematical equation to this statement: I run X Tor relays at Y Mb/s each and by doing so I secure Z % of the Tor network! Starting thoughts:
- Each “normal” route has three nodes involved: Guard, Middle, Exit - I am aware of guard pinning and vanguard protection for middle relay pinning
- Maybe it is easier to assume an infinite usage time of the network to eliminate guard and vanguard pinning
- I guess the best is to assume a scenario with 1%, 5%, 10%, etc. dishonest relays
My take on this: Tor has approximately 7000 relays. If I consider a number of 5% malicious relays, this would be: 350 My calculation: (1/(7000/350))(1/(7000/349))(1/(7000/348)) = 0.000123931 = 0.0123931%
1. Is my approach correct?
Generically, assuming you're only running the exit use case, not the HS onion case.
You'll probably want to consider some adjustments...
- There's not 7k exits, only ~1k, but it's a ratio term so then it only matters if you're expecting different densities of bad/good across each of the guard/mid/exit roles.
- There's not 7k guards, only ... . - tor only uses family, /nn cidr blocks, etc once in a circuit... effect is not 7k nodes, but G groups made up of 1-N nodes. Read torspec, scrape consensus, determine the resultant number G that tor actually gives itself to choose from.
- Some nodes are down, sleeping, busy, filtered, etc. - Not all exits serve the clearnet ports you want. - Circuits expire, nodes rotate, etc.
2. Not every relay has the same bandwidth. How could I change the calculation to make it more realistic?
Read torspec, scrape consensus, determine how tor is allocating clients across its bandwidth gravity well, etc. See also... https://metrics.torproject.org/
3. How can I add the effect of guard fixation? 4. How can I include the effect of mid-node fixation by the vanguard?
You didn't really define exactly what attack ("dishonesty") you're trying to model, so these settings could render you anywhere from safe, to having no effect and thus still being subject to the exploit.
See also... https://anonbib.freehaven.net/ https://git.torproject.org/torspec/
On Sun, 10 Oct 2021 01:06:19 +0100 Peter Fairbrother <peter@tsto.co.uk> wrote:
Also any traffic which *goes through* the US or UK is traffic-compromised.
actually it's any traffic going through networks 'owned' by the jew-anglo-US nazis. And those networks are everywhere, not only inside the US-UK-isreal cessspool. Plus, traffic going through the networks of 'allies' of the above mentioned trash, like, say, the european turds who get their marching orders from the jew-anglo-US nazis, should be considered 'compromissed' as well. ps: isn't agent fairbrother funny, trying to pose as a non-government shill?
Peter Fairbrother
TorProject is censoring? I was not aware of that fact.
Of course you're not aware, that's how censors work [1], they shitcan the messages so no subscribers can see them. Go look at all the messages that appear here but never made it to their lists. They're cowards from the truth because their paychecks depend on keeping the issues buried from their funders and users. Tor Project Inc is full of $hit, they lie, they censor, they're hypocrites, they hide and refuse to answer, they kick out independents, spend more time on wokestering than work product, and more. Tor Project Inc and Roger Dingledine defrauded buyer of their $2M NFT by falsely advertising was first onion when it was not. And that's all before ever looking at tor's 20+ year old design and its whitewashed failure to keep pace with advances of its adversaries. And as any search for Tor, or this phrase, on this list will tell you... "Tor Stinks -- NSA" Tor really needs forked away from Tor Project Inc and its people, and or naturally deprecated by multiple newer and better competing overlay networks. Sorry to burst your bubble. [1] Same hidden influence as when 80+% of your media outlets and social nets are owned by deep partisans of one political party and they use their companies to propagandize, filter, censor, uprank, demonetize, cancel, etc... thus steering and defrauding nations of elections via mind control of all you see and hear.
Hi, IIRC the assumed number of malicious nodes is much higher. Then you do not include the assumed number of honest, but compromised nodes. How much would your equation help Tor users, in different locations, if ISPs would hand over to third parties who is using Tor with port 9050 and 9051, so that third parties could take further actions in the long run? Regards Stefan On Thu, Oct 7, 2021 at 10:51 PM PrivacyArms <privacyarms@protonmail.com> wrote:
Dear Cypherpunks community,
I came across a post on the Whonix forum recently. Since I am also interested in this question I copied it here: https://forums.whonix.org/t/math-behind-honest-tor-nodes/12464 http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion...
The question (edited): How can I calculate how much impact X honest Tor relays have? Is it better to calculate with bandwidth consumed (250Gbps), despite the number of relays (~7000)?
Basically, I want to get the mathematical equation to this statement: I run X Tor relays at Y Mb/s each and by doing so I secure Z % of the Tor network! Starting thoughts: - Each “normal” route has three nodes involved: Guard, Middle, Exit - I am aware of guard pinning and vanguard protection for middle relay pinning - Maybe it is easier to assume an infinite usage time of the network to eliminate guard and vanguard pinning - I guess the best is to assume a scenario with 1%, 5%, 10%, etc. dishonest relays
My take on this: Tor has approximately 7000 relays. If I consider a number of 5% malicious relays, this would be: 350 My calculation: (1/(7000/350))*(1/(7000/349))*(1/(7000/348)) = 0.000123931 = 0.0123931%
1) Is my approach correct? 2) Not every relay has the same bandwidth. How could I change the calculation to make it more realistic? 3) How can I add the effect of guard fixation? 4) How can I include the effect of mid-node fixation by the vanguard?
I would love to hear your thoughts about it and a concrete math equation would be amazing.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, October 8, 2021 8:05 AM, Stefan Claas <spam.trap.mailing.lists@gmail.com> wrote:
.... the assumed number of malicious nodes is much higher. Then you do not include the assumed number of honest, but compromised nodes.
*this* is the question. i know from experience the calibur is poorly calibrated. but if you threat model is nation state, you've got bigger problems ... :P~ best regards, -----BEGIN PGP SIGNATURE----- iNUEAREKAH0WIQRBwSuMMH1+IZiqV4FlqEfnwrk4DAUCYWNVd18UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0NDFD MTJCOEMzMDdEN0UyMTk4QUE1NzgxNjVBODQ3RTdDMkI5MzgwQwAKCRBlqEfnwrk4 DOpjAP447c849HAzEjFkZWE+Za0elFn5nAglMaaYJ/l57KjBGgD+Pd5GYWhiaOzL Ojd2vbxm9aGmXt/W86E1VQeOOlE9uzo= =12W3 -----END PGP SIGNATURE-----
On Sun, 10 Oct 2021 21:05:39 +0000 coderman <coderman@protonmail.com> vomited:
but if you threat model is nation state, you've got bigger problems ... :P~
wow - shocking - copypasted piece of idiotic garbage from fascist turd-US govt agent coderman. 'nation states' are the only 'threat' that any sane person cares about, turd.
participants (6)
-
coderman
-
grarpamp
-
Peter Fairbrother
-
PrivacyArms
-
Punk-BatSoup-Stasi 2.0
-
Stefan Claas