(micro)payments for anonymous routing in Tor?

Josh Albrecht thejash at gmail.com
Wed Sep 24 00:44:39 PDT 2008

> * payments turn it into a service with an expected outcome.  Assumably
> (among others) that is 1) your anonymity is maintained and 2) your payment
> is completed successfully.  What happens _when_ something goes wrong? As of
> now, the first thing that Tor says is "This is experimental software. Do not
> rely on it for strong anonymity. " It would have to add, "Do not rely on
> this to successfully route your financial transactions" and while the first
> is a warning most can accept, the second may really scare us.

This came up on IRC as well.  Someone pointed out that the paper's
assumption of "honest but curious" banks might not be valid (ie, the
bank might cheat).  However, there are a few counter-arguments to that
that I see.

For the S-coins, it will be immediately obvious to a relay that the
bank is cheating, because the relay can validate whether the payment
is good or not on its own.  For the A-coins, the answer is trickier.
The relays can still check the validity of the payment, but the client
could be "double-spending".  If the bank pays A-coins even in the case
of double-spending, the bank can never cheat.  The downside is that
anonymous clients can then cheat to get slightly more value for
A-coins than they put in.  This is a serious problem because it would
allow the client to pay multiple relays that they control, essentially
duplicating their money for free.

Thus, the bank must decline all payment for double-spent A-coins, or
at least allow only one payment for any A-coin.  However, clients can
still validate that the bank is not cheating by withdrawing and
depositing A-coins at any time in an attempt to catch the bank
cheating.  This is more of an economic argument--the bank has an
incentive to maintain user trust so that it can continue to do
business.  The value gained by cheating some users of A-coins would
likely be less than the expected gain from NOT having to worry about
the risk of someone demonstrating that the bank is cheating.

Also, the values at stake are:  1.  very small, and 2.  greater than
the current profit of zero for relay operators.  It's not that relay
operators have to rely on Tor for their financial security--they
could, with this scheme, make some modest amount to cover their costs.
 No single relay operator should ever have a significant amount of
money in the system that could possibly be at risk.

> On Wed, Sep 24, 2008 at 12:05 AM,  <tor-operator at sky-haven.net> wrote:
> How do you pay anonymously yet have the system fairly permit "paid" traffic to
> have higher priority?  With anonymity intact, how do you audit and enforce
> this policy?

I think your first question was about how to ensure that giving
priority to certain traffic does not introduce any new attacks against
anonymity?  In that case, I'm not sure, but it is not at all clear to
me that this would decrease anonymity.  Does anyone see such an

As for the second question, I think it was:  what prevents relay
operators from choking off all unpaid traffic, in order to maximize
profits?  As an answer to that, I'd say that not much prevents them
from doing that.  Perhaps there are anonymity benefits to allowing
unpaid traffic as well (since there would be more ambiguity as to the
original source of the traffic).  There might also be ethical benefits
to allowing unpaid traffic, ie, much the same motivation for the
current operators of Tor relays.  Finally, if this were the default
behavior, novice users would be unlikely to change it, and that alone
might be enough bandwidth for unpaid users.

Thanks for the thoughts!
 - Josh

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list