[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: POW / rPOW

To: mixminion-dev@xxxxxxxxxxxxx
Subject: Re: POW / rPOW
From: Nick Mathewson <nickm@xxxxxxxxxxxxx>
Date: Thu, 23 Dec 2004 22:19:01 -0500
Cc: mixminion-dev@xxxxxxxx
Delivered-to: archiver@seul.org
Delivered-to: mixminion-dev-outgoing@seul.org
Delivered-to: mixminion-dev@seul.org
Delivery-date: Thu, 23 Dec 2004 22:19:59 -0500
In-reply-to: <e692861c0412222217468fce76@mail.gmail.com>
Mail-followup-to: Nick Mathewson <nickm@xxxxxxxxxxxxx>, mixminion-dev@xxxxxxxxxxxxx, mixminion-dev@xxxxxxxx
References: <e692861c0412222217468fce76@mail.gmail.com>
Reply-to: mixminion-dev@xxxxxxxxxxxxx
Sender: owner-mixminion-dev@xxxxxxxxxxxxx
User-agent: Mutt/1.4.1i

Hi, and thanks for your interest in Mixminion!

On Thu, Dec 23, 2004 at 01:17:56AM -0500, Gregory Maxwell wrote:
> has any thought been given to the use of proof of work tokens
> (hashcash) or reusable proof of work tokens (rpow) for message
> admission control to the mixminion network?

Yes, it has, from time to time.  There are some standard objections to
proof-of-work stuff that would need to be surmounted.

First of all, what is the threat model?  An attacker with a botnet can
beat proof of work designs.  Whom are we trying to prevent from doing
what?

The model in these cases usually turns into something like "we can't
do anything about the botnet case, so let's assume we're against a
would-be flooder with hardware resources comparable to the typical
user.  Let's assume they're either trying to DoS the network by
consuming as much of its resources as possible, or that they're trying
to abuse the network by flooding a newsgroup or mailbombing a user."

Anti-flooding/mailbombing seems hard.  Where these proposals have
usually broken down in the past is when they try to specify actual
costs.  Usually, they either aren't high enough to prevent the
unwanted behavior, or they are high enough to make many desirable
network uses impossible.  Often, they do both.

Anti-DoS has some promise, especially in the area of reducing the
'force multiplier' of a DoS attack.  (That's the ratio of network
resources to the resources an attacker must spend to waste them.)
Right now, the biggest force multiplier for a DoS attack in the
Mixminion design is in the use of SSL for transferring data.  An
attacker can force an SSL resonder (the Mixminion server in this case)
to perform a comparatively expensive RSA decrypt at the expense of
sending a few un-decryptable bytes of junk, with no encryption
required.  But this could possibly be solvable by rate-limiting failed
SSL handshakes, rather than requiring POW for each one.

So in summary, if you have a _specific_ proposal of how stuff should
work, sure, let's look at it.  But if you were asking, "have you
considered proof-of-work systems?", the answer is "yes, but we haven't
found a design we really believe in yet."

thanks again for your interest.
-- 
Nick Mathewson

Attachment: pgpXHYKMA5OAS.pgp
Description: PGP signature

References:
- POW / rPOW
  - From: Gregory Maxwell

Prev by Author: Re: mixminion start error
Previous by thread: POW / rPOW
Index(es):
- Author
- Thread