I've been looking into simple graph-theoretic metrics for Roster to quantifying Tor's susceptibility to traffic correlation attacks, mostly using BGPStream, https://bgpstream.caida.org/ .

All of the academic literature I've read talks about the risk to Tor users of an AS being in the path between client <-> guard + exit <-> destination.

Questions:
(1) To ensure I'm not measuring the wrong thing, can someone be more specific on the correlation attack scenario for Tor hidden services?

(2) Just guessing, but would be it be the same but replace "exit <-> destination" with: "HS server <-> HS guard" ?

(3) If yes to (2), the natural solution is simply to install a Tor relay on the HS server itself so that there's no ASpath between the two?

Comments greatly appreciated.  I'm not an internet routing expert and I want to ensure Roster is incentivizing the right things to harden the network.

-V