That said, you are absolutely correct, and my colleague and long-time friend David Salamon (the person who has been the lead author of the whitepaper) wants that to be very clear. We are implementing bandwidth burning (and are even discussing some interesting extensions of this scheme involving both Turing-complete-w/-limited-execution-time programmable bandwidth burning as well as a form of global bandwidth burning), so whether you call that a "known weakness" for all of Orchid or not is slightly confusing ;P.
When we have actual software that someone could possibly use I am going to be pretty adamant that there are good disclosures in the UI with respect to the security tradeoffs, and for right now the whitepaper goes into extreme lengths to qualify what is or is not possible, in our current understanding, with and without bandwidth burning in place. (We are also looking into taking aspects of the algorithm and building it out with a proof assistant to have even greater assurances.)
2) One place where Orchid will hopefully shine (in the future tense, as this part is decidedly not yet implemented) is that we are working to allow multiple routes to/from the destination exit node using a scheme similar to MPTCP, which solves a lot of the bottleneck issues you normally find running through an overlay network.
BBC New article from 2007: http://news.bbc.co.uk/2/hi/technology/6971904.stm Running decentral market code and tech portfolio: https://github.com/Tribler/tribler/wiki
Notes after reading your whitepaper, latency and complexity matter. We copied the Tor packet layout and deployed a simple NAT puncture method to avoid difficulties. Your proposed approach looks like many years of work.
In general some of the hardest problems / known weaknesses of the protocol at this stage is:
* Client bootstrap - what entry nodes to connect to? (saurik answered this in response to other questions)
* Current software connects to Ethereum nodes using an Ethereum light client, as Ethereum network traffic is not hardened it can easily be fingerprinted and blocked by GFW and others.
* Difficulty of medallion Proof-of-Work, basically it boils down to that if it's easy to join the network as a relay or exit node, then it's easy for a large attacker to join with many nodes. Making it harder for attackers to join / maintain active position in the network also makes it harder / more expensive for regular nodes.
* Payment anonymity. Currently it's as pseudo-anonymous as regular Ethereum transactions. Whitepaper has some discussion on future improvements there.
(2) The main driver here is economics - relay and exit nodes are paid by users for their bandwidth and relay of traffic. This forms an emergent, decentralized market that hopefully will find an equilibrium where there is plenty of overlay/secure bandwidth available at what the market prices it.
So far our models and simulations on this are limited, so we cannot make strong statements on how this will scale in practice. However, if we look at Bitcoin/Ethereum transaction (miner) fees, we see a live example of a working decentralized market that is very responsive and adjusts to supply/demand without any central intervention/control.
2. Given that todays secure overlay networks generally offer extremely bad performance in the Mbit region compared to using the underlay where 10G uplinks are becoming widespread for servers, and the extra hops increase latency, do you think secure overlays will ever be near enough to underlay speed to become widely used? Do you have experience how well ORCHID scales up? And out?
[edit: Don't mean to sound too harsh. I am very glad you're doing work in this area.]