ZXAD (pronounced "zed-zad") is a zero-knowledge based private Tor exit abuse detection system. ZXAD detects large-volume traffic attacks without revealing any information, apart from the fact that some user is conveying a high volume of traffic through Tor.
See our paper for more information:
Akshaya Mani and Ian Goldberg. "ZXAD: Zero-knowledge Exit Abuse Detection for Tor". 20th ACM Workshop on Privacy in the Electronic Society, November 2021.
This repository contains a docker image with the source code of a kyber-based implementation (in go) and a libsnark-based implementation (in C++), as well as timing scripts.
You can either build the docker image yourself with ./build-docker
,
or download and install the image with ./download-docker
(note:
718MB download!). Either method will create a docker image named
zxad
.
Run the image in the usual way: docker run -it zxad bash
The libsnark-based code is in the snarkcode
directory:
cd snarkcode
./run_timings
zxad_mnt4_true.out
./get_timings < zxad_mnt4_true.out > zxad_timings.csv
will output
a csv with the measured timings.
The first few columns are:
The remaining columns are the name of each step of the proof or verification, and the time for that step in milliseconds.
The kyber-based code is in the code
directory:
cd code/src
The three benchmarks can be run by:
Blind signature transfer and BLS signature
cd Bproof/benchmark/
./benchmark.sh [no_of_iterations]
will write output to benchmark.csvCircuit token proof
cd Circuitproof/benchmark/
./benchmark.sh [no_of_iterations]
will write output to benchmark.csvStream token proof and Hash to G1
cd Streamproof/benchmark/
./benchmark.sh [no_of_iterations] [ring_length]
will write output to benchmark.csvThe proving and verifying times for the stream token proof are in milliseconds. All other timings are in microseconds. All proof sizes are in bytes.