> On Mar 7, 2018, at 5:12 PM, Florentin Rochet <florentin.roc...@uclouvain.be>
> On 2018-03-07 14:31, Aaron Johnson wrote:
>> Hello friends,
>>> 1) The cost of IPs vs. bandwidth is definitely a function of market
>>> offers. Your $500/Gbps/month seems quite expensive compared to what
>>> can be found on OVH (which is hosting a large number of relays): they
>>> ask ~3 euros/IP/month, including unlimited 100 Mbps traffic. If we
>>> assume that wgg = 2/3 and a water level at 10Mbps, this means that,
>>> if you want to have 1Gbps of guard bandwidth,
>>> - the current Tor mechanisms would cost you 3 * 10 * 3/2 = 45 euros/month
>>> - the waterfilling mechanism would cost you 3 * 100 = 300 euros/month
>> The question of what the cheapest attack is can indeed be estimated by
>> looking at market prices for the required resources. Your cost
>> estimate of 3.72 USD/Gbps/month for bandwidth seems off by two orders
>> of magnitude.
> Let me merge your second answer here:
>> I see that I misread your cost calculation, and that you estimated
>> $37.20/Gbps/month instead of $3.72/Gbps/month. This still seems low by an
>> order of magnitude. Thus, my argument stands: waterfilling would appear to
>> decrease the cost to an adversary of getting guard probability compared to
>> Tor’s current weighting scheme.
> There is still something wrong.
What’s wrong? $37.20Gbps/month = 30 Euros/Gbps/month, which is what you are
claiming. This would be the lowest price for a sustained Gbps transfer by a
significant margin among all of the deals that have appeared on this thread.
The other lowest was from Alex, who found $100/Gbps/month. I somewhat doubt
that you could actually achieve 1Gbps sustained for 30 Euros/month on a shared
VPS or that OVH would actually tolerate using this much bandwidth at this
little cost. It would at least be a notable new record for the cheapest
possible Tor bandwidth, as far as I can tell.
> With Waterfilling, we assume above a water level of 10 Mbits, so we need:
> 100 VPS SSD 1 relaying 1Gbps at the guard position, which the cost turns
> to be 3*100 = 300 euros/month.
This calculation is much too kind to waterfilling :-) Why pay for a full
100Mbps with only 1 IPv4 address when you only need 10Mbps/IP to achieve the
same guard probability? Earlier I showed an example of a cheaper VPS
<https://my.hiformance.com/cart.php?a=add&pid=165>) that appears to provide for
just $0.63/month a VPS with an IPv4 address that is capped at 6Mbps sustained
througput. This would be a more economical way (3.5x cheaper) to attack
waterfilling. Alternatively, I bet you could get bulk IPv4 addresses for much
cheaper than the $3/month that OVH charges for its SSD VPS, which you could
then potentially apply to your 100Mbps (or larger) server to get 10Mbps and
more cheaply attack waterfilling. For example, OVH provides 256 IP addresses
for its dedicated servers at no monthly cost
These servers can be had for at least 55 euros/month, which provides 500Mbps
unlimited. With two of those, you could achieve the above attack on
waterfilling for 110 euros = $136.36/month instead of 300 euros/month =
$371.92/month. Once we’re talking about trying to achieve a large fraction of
the Tor network, which requires many Gbps in vanilla Tor, the fixed cost of a
server becomes a smaller fraction of the total cost and the savings from the
free extra IPs become greater.
> That depends on the kind of policy that the Tor network could put in
> place. If we decide that large families become a threat in
> end-positions, we may just aggregate all the bandwidth of the family,
> and apply Waterfilling. That would not kick them off, but would create a
> kind of 'quarantine'. Same kind of suggestion than the one just below.
This seems to be a different argument than you were making, which was that the
many servers must appear to be run independently, which I still disagree with.
> This is what Waterfilling does: increase the cost of a well-defined
> attacker and offer clients to choose into a more "diverse" network.
Sorry, I still don’t agree. It increases the cost in terms of number of IP
addresses required and causes clients to spread out more across guards with
different IP addresses. This is a narrow notion of diversity and not one that I
think is useful as a design principle.
tor-dev mailing list