3

Resources. This answer explains well what happens at NEWNYM request, and I also dig into the code, yet my lack of knowledge on low level networking prevents me to make a proper design decision if stream isolation is enough for me or not.

Stream Isolation. By stream isolation I mean creating new TCP connection with uname/pwd authentication to Tor's Socks5 proxy to a remote hidden service.

Context. I am working a Bitcoin privacy technology that depends on a user to have two separate identity to the server (Alice and Bob). So the server must not be able to figure out there is a connection between Alice and Bob.

Alternatives.

  1. Right now, whenever a change happens between Alice and Bob I send a NEWNYM signal to Tor, dispose all connections and build new one. This of course slow, because Tor rate limits NEWNYM requests for a few seconds and the existing connections are disposed, then new ones are built.

  2. I could create a two connections with isolated streams for Alice and Bob and conduct the communication there. This would be super fast, but I am not sure if it's sufficient.

  3. Or I could use some hybrid model, where I create two stream isolated connections for Alice and Bob, just like in point 2, however whenever an identity change happens I send a NEWNYM or CLEARDNSCACHE? signal to Tor and don't dispose the existing connections. I'm not sure this makes sense though.

Question. Can the server somehow learn the connection between Alice and Bob in 1. 2. and 3. alternative?

nopara73
  • 173
  • 6

1 Answers1

1

Can the server somehow learn the connection between Alice and Bob in 1. 2. and 3. alternative?

Sort answer: 1. No. 2. Yes. 3. Yes.

Long answer:

A NEWNYM signal, among some administrative code, does the following 3 things:

circuit_mark_all_dirty_circs_as_unusable();
addressmap_clear_transient();
rend_client_purge_state();

circuit_mark_all_dirty_circs_as_unusable(); Marking circuits dirty simply ensures stream isolation for new connections. Stream isolation obviously doesn't provide any privacy benefits compared to stream isolation.

For this case the short answer changes to: 1. No. 2. No. 3. No.

addressmap_clear_transient(); clears the client side DNS cache.

Clearing the client side DNS cache DOES NOT provide privacy improvement against hidden services.
Clearing the client side DNS cache DOES provide privacy improvement against clearnet connections.

Read more about it in this answer.

For this case the short answer changes to: 1. No. 2. depends if hidden service 3. depends if hidden service

rend_client_purge_state(); clears the state of the rendezvous client.

It could be possible for an onion service to create an oracle that would allow it to link Alice and Bob if they're simply using Stream Isolation copared to if their connections were re-made after a NEWNYM signal was sent.

Read more about it in this answer.

For this case the short answer changes to: 1. No. 2. Yes. 3. Yes.

nopara73
  • 173
  • 6