> On Mar 7, 2018, at 5:12 PM, Florentin Rochet <florentin.roc...@uclouvain.be> 
> wrote:
> Hello,
> On 2018-03-07 14:31, Aaron Johnson wrote:
>> Hello friends,
>>> 1) The cost of IPs vs. bandwidth is definitely a function of market
>>> offers. Your $500/Gbps/month seems quite expensive compared to what
>>> can be found on OVH (which is hosting a large number of relays): they
>>> ask ~3 euros/IP/month, including unlimited 100 Mbps traffic. If we
>>> assume that wgg = 2/3 and a water level at 10Mbps, this means that,
>>> if you want to have 1Gbps of guard bandwidth,
>>> - the current Tor mechanisms would cost you 3 * 10 * 3/2 = 45 euros/month
>>> - the waterfilling mechanism would cost you 3 * 100 = 300 euros/month
>> The question of what the cheapest attack is can indeed be estimated by
>> looking at market prices for the required resources. Your cost
>> estimate of 3.72 USD/Gbps/month for bandwidth seems off by two orders
>> of magnitude.
> Let me merge your second answer here:
>> I see that I misread your cost calculation, and that you estimated 
>> $37.20/Gbps/month instead of $3.72/Gbps/month. This still seems low by an 
>> order of magnitude. Thus, my argument stands: waterfilling would appear to 
>> decrease the cost to an adversary of getting guard probability compared to 
>> Tor’s current weighting scheme.
> There is still something wrong.

What’s wrong? $37.20Gbps/month = 30 Euros/Gbps/month, which is what you are 
claiming. This would be the lowest price for a sustained Gbps transfer by a 
significant margin among all of the deals that have appeared on this thread. 
The other lowest was from Alex, who found $100/Gbps/month. I somewhat doubt 
that you could actually achieve 1Gbps sustained for 30 Euros/month on a shared 
VPS or that OVH would actually tolerate using this much bandwidth at this 
little cost. It would at least be a notable new record for the cheapest 
possible Tor bandwidth, as far as I can tell.

> With Waterfilling, we assume above a water level of 10 Mbits, so we need:
> 100 VPS SSD 1 relaying 1Gbps at the guard position, which the cost turns
> to be 3*100 = 300 euros/month.

This calculation is much too kind to waterfilling :-) Why pay for a full 
100Mbps with only 1 IPv4 address when you only need 10Mbps/IP to achieve the 
same guard probability? Earlier I showed an example of a cheaper VPS 
<https://my.hiformance.com/cart.php?a=add&pid=165>) that appears to provide for 
just $0.63/month a VPS with an IPv4 address that is capped at 6Mbps sustained 
througput. This would be a more economical way (3.5x cheaper) to attack 
waterfilling. Alternatively, I bet you could get bulk IPv4 addresses for much 
cheaper than the $3/month that OVH charges for its SSD VPS, which you could 
then potentially apply to your 100Mbps (or larger) server to get 10Mbps and 
more cheaply attack waterfilling. For example, OVH provides 256 IP addresses 
for its dedicated servers at no monthly cost 
 These servers can be had for at least 55 euros/month, which provides 500Mbps 
unlimited. With two of those, you could achieve the above attack on 
waterfilling for 110 euros = $136.36/month instead of 300 euros/month = 
$371.92/month. Once we’re talking about trying to achieve a large fraction of 
the Tor network, which requires many Gbps in vanilla Tor, the fixed cost of a 
server becomes a smaller fraction of the total cost and the savings from the 
free extra IPs become greater.

> That depends on the kind of policy that the Tor network could put in
> place. If we decide that large families become a threat in
> end-positions, we may just aggregate all the bandwidth of the family,
> and apply Waterfilling. That would not kick them off, but would create a
> kind of 'quarantine'. Same kind of suggestion than the one just below.

This seems to be a different argument than you were making, which was that the 
many servers must appear to be run independently, which I still disagree with.

> This is what Waterfilling does: increase the cost of a well-defined
> attacker and offer clients to choose into a more "diverse" network.

Sorry, I still don’t agree. It increases the cost in terms of number of IP 
addresses required and causes clients to spread out more across guards with 
different IP addresses. This is a narrow notion of diversity and not one that I 
think is useful as a design principle.

tor-dev mailing list

Reply via email to