It is unlikely that they will build the entire circuit by luck, although they only need to own one out of three key nodes (entry guards) to deanonymize the server. They can find the entry guard by doing the attack I already explained the technical details of. No you don't need to decrypt the stream to prove beyond reason of doubt that the content in question is served from that location, you can just send the SR server a message with a self introduced pattern in the inter packet arrival times and then observe the line looking for that pattern. That will prove beyond a reasonable doubt that the SR server has been located. They would also have pretty good luck using a website fingerprinting attack, CCC made a classifier that can identify a website by analysis of the encrypted Tor stream with 60% accuracy. There are other traffic analysis techniques that can prove to various degrees, often beyond a reasonable doubt, that the server has been located. Another thing they could do is restart the server at the data center and then observe silk road website and see if there is a down time correlation, this is called an intersection attack. So there I gave three examples of how you are wrong, would you like me to continue because I can go on about this all day if need be. Also they are not going to need to decrypt Truecrypt or DM-crypt because they will just flash freeze the ram and dump it into a forensic laptop, then they will recover the encryption keys. I doubt silk road is even using encapsulation material or physical intrusion detection systems on his server to try to prevent this, but if enough of a fuck was given about Silk Road the military of USA has already gotten around tamper resistant memory systems similar to this. Anyway they will try to minimize down time as much as possible if they do an attack stemming from physical seizure of the server. After all, they would rather spy on the unecrypted addresses noobs are sending through the SR server, and possibly use SR server as a position to carry out application layer attacks against clients, etc, than they would take down such a valuble intelligence source and scare everyone away from it. Nice try though. Also I doubt even the FBI is stupid enough to add all of their Tor nodes to the same family, that would prevent them from being used to do a substantial number of attacks against the Tor network. Entry guards help prevent a lot of attacks if you are using them properly (if you are using a live CD that doesn't have persistence, like Amnesia, you are not properly using entry guards). However, entry guards will only slightly slow many attackers down if the target is a hidden service (or if the target has their browser taken over and has used isolation, although if the user has their browser taken over and they are not using isolation techniques they are fucked already).