[messaging] Ronion anonymous routing protocol framework

Jeff Burdges burdges at gnunet.org
Sat Oct 14 08:12:10 PDT 2017

On Sat, 2017-10-14 at 16:44 +0300, Nazar Mokrynskyi wrote:
> However, for this attack you'll need to control 2 nodes in the
> established circuit, which is not terribly bad for large networks IMO.

Attackers can be the recipient for free, so they only need to become the
hidden service's guard.  Tor slows them down by rotating guards slowly,
and making nodes wait to become guards, but it's easy enough for a
persistent and patient attacker to do this.  

An ephemeral or secret hidden service like onion share sounds okay, but
anything long lived like ricochet or news sites can be exposed. 

You can expose anything with a timing attack of course, but these
tagging attacks give you a very high level of proof they moment they


p.s.  I noticed an amusing countermeasure that's morally inspired by
verifiable mix nets:  We could defeat the end-to-end tagging by MACing
at each hop, not so expensive if we extend the cell sizes, not sure if
this enables other attacks in the circuit based context however.  We
could avoid expanding cell sizes by accumulating the MACs and eventually
sending them to the client or HS.  If a even small amount of the traffic
is dummy traffic, then these could be used to prove miss behavior by
nodes, removing their guard flag.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20171014/45db2d22/attachment.sig>

More information about the Messaging mailing list