Torcoin: Funding anonymity

Tuesday 08 July 2014

There is a new altcoin on the horizon called TorCoin! A recent proposal was published for an altcoin which aims to reward Tor relay node operators with coins. They currently run these nodes for altruistic reasons, but TorCoin would incentivize them with tokens, tradeable on exchanges for bitcoin. The Torcoin proposal is a bit complicated, and there are many misconceptions about Tor already, so let's try to carefully unpack the ideas.

The Onion Router Tor is a network that provides a measure of anonymity for users. Users' IP addresses are hidden, and onlookers can only know that a user is using the Tor network - not what they're doing. It has helped people living under oppressive regimes to access information freely for over 10 years now. Tor is an important part of an overall privacy strategy for maintaining confidentiality online, according to the Electronic Freedom Foundation. But it's not without problems, and TorCoin is a proposal to fix one of the major issues plaguing the network. Tor is that privacy focused network, which prevents anyone from seeing both who is using it and what they are doing, and TorCoin will provide value to those who make it work.

What is Tor?

The Tor Project is a group of people working to bring better anonymity to everyone. Tor was originally developed by the US Navy, and still gets most of its funding from the US government, but has been independent and completely open source since 2002.

At the heart of it all is a protocol for routing all traffic though randomly chosen nodes on the network, in order to mask the IP address of the client. Masking your IP addresses is particularly important for those who want to keep their geographic location secret. Voices of political dissent in times of great governmental suppression are in particular need of tools which allow them not to disclose their location.

Tor stands for "The Onion Router" and the onion metaphor is a useful way to think about how the network operates.

Routing information is encrypted in layers, peeled back by nodes as they relay the traffic through the Tor network,

so that relays only know where to send the traffic next and where it came from.

A node will therefore never know both the source and destination of that traffic.

Any client can use this network, with any endpoint on the other side, but web browsing seems to be the most common. A modified version of the open source Firefox browser is typically used, called the Tor Browser. Any normal website can be accessed with it, as well as hidden Tor services via .onion domains which are only accessible using the network. TorCoin is an attempt to bolster the ranks of those who make it all work behind the scenes.

What is Tor?

Image source: Bits Of Freedom, Wikimedia Commons

Routing on Tor Network

Routing network traffic is the primary thing that Tor does. A client gets a list of relay nodes, chooses an entry point to the network, and random nodes from the list, and thus creates a pathway through the network. For example, before a web browser sends an HTTP Request to a server it establishes a route consisting of three randomly chosen hops on the network to use as a path. After that, the request is sent on the regular Internet to the server, which cannot see the originating client's IP address, since the request actually came from an exit node on the network.

A specific path through the network, known as a circuit is currently assembled by obtaining a list of nodes from special servers on the network called Directory Servers. The other piece of this TorCoin proposal is called Torpath, and it introduces enhanced versions of these called Assignment Servers. The idea is to provide a circuit through the network which will be publicly verifiable, and can therefore serve as the basis for proof of bandwidth.

Proof of Bandwidth

Torpath has Assignment Servers doing more than just assembling and publishing lists of relays on the network. They provide the mechanism by which TorCoins can be validated. We asked Miles Richardson, one of the authors of the TorCoin white paper, how the Assignment Servers would function. He explained,

"Assignment servers post a public list of all the circuits they create. Only clients and relays on the same circuit can find each other in the list, but they can sign each Torcoin they create with a signature that anyone can match to a circuit on the list. This ensures that the existence of a Torcoin implies it was created as a result of the Torpath assignment protocol, which eliminates the threat of collusion and lying about bandwidth transfer."

Relay nodes that prove they participated in routing packets through the network will have the right to claim new TorCoins. This method of issuance of the currency is TorCoin's replacement for the proof-of-work computations that bitcoin uses, and directly rewards those who provide critical resources to the network. As the TorCoin whitepaper explains:

To “mine” a TorCoin, a relay transfers bandwidth over the Tor network. Since relays can sell TorCoin on any existing altcoin exchange, TorCoin effectively compensates them for contributing bandwidth to the network, and does not require clients to pay for access to it.

This idea is untested, and many will want to be cautious about adding any complexity to the system. Online anonymity is generally a fragile thing, compromised by even the smallest of flaws. Security experts will be watching closely, and when a prototype is launched they will be eager to test for vulnerabilities.

However the paper's authors claim that Torpath is designed to resist certain common types of attack. In particular, sybil attacks. In these attacks on peer-to-peer networks, many malevolent nodes are introduced to the network in order to increase the odds of successful collusion. Colluding nodes on the Tor network can potentially expose the endpoints of a circuit, revealing both the client and the intended destination for requests made by that client.

To combat that threat, only information about the adjacent node on the network is known by any node in the circuit. So on the first hop, for example, the relay node passing it along to the second node would not be able to discover either the third node, or the actual destination. Nodes only unlock the information they need to correctly route traffic to the next hop on the circuit.

Tor relay flags

Why the need to incentivize these folks?

Currently the Tor network currently has about 5600 relay nodes providing bandwidth for traffic which comes from roughly 2.5 million users directly connecting to the network. By contrast there are only nine Directory Servers currently, which compile new lists of active relay nodes every hour.

There are obviously not enough relay nodes to be as responsive as it should be. More importantly, the network needs more diversity in terms of who runs relays and where they are located. Currently, a handful of nations are overrepresented, despite the work of projects like Torservers.net, a German non-profit whose mission is to operate and encourage others to operate relay nodes - particularly very important exit nodes.

To realize why relay operators in more countries are needed, consider the following. Your entry point to the network, called a guard relay, there’s about a 84% likelihood that the chosen node is located in Germany, USA, Netherlands or France at the time of this writing. It seems that the odds of your exit node being located in Germany, Netherlands, USA, France or Switzerland is about 76%. It is highly desirable to have relay operators in many countries.

Thus the mission of TorCoin - to provide a mechanism by which relay nodes operators can be incentivized financially. Remember that these relays are the very backbone of the Tor network, without which no traffic could get routed to it's destination. If you want to support online privacy, but can't or won't run a relay node, buying TorCoins on an exchange will be a good start. A prototype should be out soon so stay tuned!

Mike Ward


comments powered by Disqus