Thus spake Tom Ritter (tom@xxxxxxxxx): > I used to be a big proponent of proof-of-work schemes, but I've scaled > back my preference significantly. There's two problems with them: > > 1) An attacker can use economies of scale to get better results than > an ordinary user. If a user takes 5 minutes, an attacker can use GPUs > or ASICs to take 20 seconds. What about Memory Based Puzzles? https://research.microsoft.com/pubs/54395/memory-longer-acm.pdf is one example. A Google search for Memory Based Puzzled will turn up a ton more. > 2) Attackers almost never, or would never, pay or use their own > computers to compute proof of work schemes - they use victims of a > botnet. In which case the only person hampered by a proof of work > scheme are the legitimate users.[0] Are such attackers likely to also use Tor? > Mike Hearn has given a good amount of thought to deposit-based > systems. Pay a server $5 or 5 bitcoins, and if you're a legitimate > user (not dormant) for X months you can get the money back. (Or you > never get the money back, and the payment is smaller). In this > scenario, the cost of an account cannot be reduced via scaling; and > while you can use a botnet to mine bitcoins, now that GPU/ASIC/FPGA > bitcoin mining is the norm CPU-based botnets will be more expensive > that the income they generate. This sounds decent, too. > [0] There's definitely some parallels to DRM there... > [1] I reserve the right, as always, to change it if swayed by a good argument ;) For the record, I'm not trying to change your mind wrt memory puzzles. I think Tor should deploy multiple Mozilla Persona[1] servers that issue Persona identities, each with their own criteria. By leveraging Persona, we would provide sites with an out-of-the-box ability to choose the rate limiting system they want to accept. For example, a provider might decide that bitcoin.persona.torproject.org provides sufficiently expensive "identities" to block abuse, but discover that multi-captcha.persona.torproject.org and busywork.persona.torproject.org do not. We could also create a blinding step to unlink your bitcoin address from the Persona identity we give you, but then we probably need to introduce a delay to ensure sufficient mixing. But such a delay will probably only serve to allow us to more effectively rate limit abuse. 1. https://developer.mozilla.org/en-US/docs/Persona -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk