diff options
| author | Nick Mathewson <nickm@torproject.org> | 2023-11-09 09:08:21 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2023-11-09 09:09:07 -0500 |
| commit | e5ace3667dcbbf893c6b632fd4e3f16114fd2a0e (patch) | |
| tree | 6ecc1f3b11eab1fdca3e7f324b4909d8f7a0cb1d | |
| parent | 270fe70ca083c3757059f4e12889da1127f0e5cc (diff) | |
| download | torspec-e5ace3667dcbbf893c6b632fd4e3f16114fd2a0e.tar.gz torspec-e5ace3667dcbbf893c6b632fd4e3f16114fd2a0e.zip | |
vanguards-spec: use simpler links.
| -rw-r--r-- | spec/vanguards-spec/full-vanguards.md | 14 | ||||
| -rw-r--r-- | spec/vanguards-spec/index.md | 2 | ||||
| -rw-r--r-- | spec/vanguards-spec/vanguards-lite.md | 4 |
3 files changed, 10 insertions, 10 deletions
diff --git a/spec/vanguards-spec/full-vanguards.md b/spec/vanguards-spec/full-vanguards.md index deb9564..a3a9448 100644 --- a/spec/vanguards-spec/full-vanguards.md +++ b/spec/vanguards-spec/full-vanguards.md @@ -81,7 +81,7 @@ pin specific relays, similar to how a user is allowed to pin specific Guards. A hidden service rotates relays from the 'third_guard_set' at a random time between MIN_THIRD_GUARD_LIFETIME and MAX_THIRD_GUARD_LIFETIME hours, as weighted by the [max(X,X) -distribution](../vanguards-spec/vanguards-stats.md#MaxDist), chosen for each +distribution](./vanguards-stats.md#MaxDist), chosen for each relay. This skewed distribution was chosen so that there is some probability of a very short rotation period, to deter compromise/coercion, but biased towards the longer periods, in favor of a somewhat lengthy Sybil attack. For @@ -103,8 +103,8 @@ rotation period; there is no strong motivation for it otherwise, other than to be long. In fact, it could be set as long as the Guard rotation, and longer periods MAY be provided as a configuration parameter. -From the [Sybil rotation table](../vanguards-spec/vanguards-stats.md#SybilTable) in [statistical -analysis](../vanguards-spec/vanguards-stats.md), with NUM_LAYER2_GUARDS=4, it +From the [Sybil rotation table](./vanguards-stats.md#SybilTable) in [statistical +analysis](./vanguards-stats.md), with NUM_LAYER2_GUARDS=4, it can be seen that this means that the Sybil attack on layer3 will complete with 50% chance in 18\*45 days (2.2 years) for the 1% adversary, 180 days for the 5% adversary, and 90 days for the 10% adversary, with a 45 day average @@ -117,17 +117,17 @@ for the 10% adversary. We set MIN_THIRD_GUARD_LIFETIME to 1 hour, and MAX_THIRD_GUARD_LIFETIME to 48 hours inclusive, for an average rotation rate of 31.5 hours, using the -[max(X,X) distribution](../vanguards-spec/vanguards-stats.md#MaxDist). +[max(X,X) distribution](./vanguards-stats.md#MaxDist). (Again, this wide range and bias is used to discourage the adversary from exclusively performing coercive attacks, as opposed to mounting the Sybil attack, so increasing it substantially is not recommended). From the [Sybil rotation -table](../vanguards-spec/vanguards-stats.md#SybilTable) in [statistical -analysis](../vanguards-spec/vanguards-stats.md), with NUM_LAYER3_GUARDS=6, it +table](./vanguards-stats.md#SybilTable) in [statistical +analysis](./vanguards-stats.md), with NUM_LAYER3_GUARDS=6, it can be seen that this means that the Sybil attack on layer3 will complete with 50% chance in 9\*31.5 hours (15.75 days) for the 1% adversary, ~4 days for the 5% adversary, and 2.62 days for the 10% adversary. -See the [statistical analysis](../vanguards-spec/vanguards-stats.md) for more +See the [statistical analysis](./vanguards-stats.md) for more analysis on these constants. diff --git a/spec/vanguards-spec/index.md b/spec/vanguards-spec/index.md index 44883e9..3d75065 100644 --- a/spec/vanguards-spec/index.md +++ b/spec/vanguards-spec/index.md @@ -25,7 +25,7 @@ directly (see again [Proposal #344](../proposals/344-protocol-info-leaks.txt)). This specification assumes that Tor protocol side channels have 100% accuracy and are undetectable, for simplicity in [reasoning about expected attack -times](../vanguards-spec/vanguards-stats.md). Presently, such 100% accurate +times](./vanguards-stats.md). Presently, such 100% accurate side channels exist in silent form, in the Tor Protocol itself. As work on addressing Tor's protocol side channels progresses, these attacks diff --git a/spec/vanguards-spec/vanguards-lite.md b/spec/vanguards-spec/vanguards-lite.md index 38f1041..877a5ad 100644 --- a/spec/vanguards-spec/vanguards-lite.md +++ b/spec/vanguards-spec/vanguards-lite.md @@ -10,7 +10,7 @@ longer than 1 month. Because it is for short-lived activity, its rotation times are chosen with the Sybil adversary in mind, using the [max(X,X) skewed -distribution](../vanguards-spec/vanguards-stats.md#MaxDist). +distribution](./vanguards-stats.md#MaxDist). We let NUM_LAYER2_GUARDS=4. We also introduce a consensus parameter `guard-hs-l2-number` that controls the number of layer2 guards (with a @@ -28,7 +28,7 @@ and maximum of 22 days. This makes the average lifetime of approximately two weeks. Significant extensions of this lifetime are not recommended, as they will shift the balance in favor of coercive attacks. -From the [Sybil Rotation Table](../vanguards-spec/vanguards-stats.md#SybilTable), +From the [Sybil Rotation Table](./vanguards-stats.md#SybilTable), with NUM_LAYER2_GUARDS=4 it can be seen that this means that the Sybil attack on Layer2 will complete with 50% chance in 18\*14 days (252 days) for the 1% adversary, 4\*14 days (two months) for the 5% adversary, and 2\*14 days (one |