Dishonest Tor relay math question - tor-talk is to lazy

PrivacyArms privacyarms at protonmail.com
Sat Oct 9 14:17:25 PDT 2021 

What I want to know is the percentage risk of x malicious nodes to deanonymize a user by controlling the full circuit.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Friday, October 8, 2021 7:35 AM, grarpamp <grarpamp at gmail.com> wrote:

> > How can I calculate how much impact X honest Tor relays have?
> > Is it better to calculate with bandwidth consumed (250Gbps), despite the
> > number of relays (~7000)?
> > Basically, I want to get the mathematical equation to this statement:
> > I run X Tor relays at Y Mb/s each and by doing so I secure Z % of the Tor
> > network!
> > Starting thoughts:
> > 

> > -   Each “normal” route has three nodes involved: Guard, Middle, Exit
> > -   I am aware of guard pinning and vanguard protection for middle relay
> >     pinning
> >     

> > -   Maybe it is easier to assume an infinite usage time of the network to
> >     eliminate guard and vanguard pinning
> >     

> > -   I guess the best is to assume a scenario with 1%, 5%, 10%, etc. dishonest
> >     relays
> >     

> > 

> > My take on this:
> > Tor has approximately 7000 relays.
> > If I consider a number of 5% malicious relays, this would be: 350
> > My calculation:
> > (1/(7000/350))(1/(7000/349))(1/(7000/348))
> > = 0.000123931
> > = 0.0123931%
> 

> > 1.  Is my approach correct?
> 

> Generically, assuming you're only running the
> exit use case, not the HS onion case.
> 

> You'll probably want to consider some adjustments...
> 

> -   There's not 7k exits, only ~1k, but it's a ratio term
>     so then it only matters if you're expecting different
>     densities of bad/good across each of the guard/mid/exit roles.
>     

> -   There's not 7k guards, only ... .
> -   tor only uses family, /nn cidr blocks, etc once in a circuit...
>     effect is not 7k nodes, but G groups made up of 1-N nodes.
>     Read torspec, scrape consensus, determine the resultant
>     number G that tor actually gives itself to choose from.
>     

> -   Some nodes are down, sleeping, busy, filtered, etc.
> -   Not all exits serve the clearnet ports you want.
> -   Circuits expire, nodes rotate, etc.
> 

> > 2.  Not every relay has the same bandwidth. How could I change the
> >     calculation to make it more realistic?
> >     

> 

> Read torspec, scrape consensus, determine how tor is
> allocating clients across its bandwidth gravity well, etc.
> See also...
> https://metrics.torproject.org/
> 

> > 3.  How can I add the effect of guard fixation?
> > 4.  How can I include the effect of mid-node fixation by the vanguard?
> 

> You didn't really define exactly what attack ("dishonesty")
> you're trying to model, so these settings could render you
> anywhere from safe, to having no effect and thus still being
> subject to the exploit.
> 

> See also...
> https://anonbib.freehaven.net/
> https://git.torproject.org/torspec/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - privacyarms at protonmail.com - 0x6ECBFF11.asc
Type: application/pgp-keys
Size: 3278 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20211009/709ba4d0/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 855 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20211009/709ba4d0/attachment.sig>

More information about the cypherpunks mailing list