[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Onion Service - Intropoint DoS Defenses



Ok, thanks, I was actually thinking about PoW on the Introduction Point itself, but it would need to add a round trip, like some sort of "authentication based PoW" before allowing to send the INTRODUCE1 cell. At least it would make the overhead of clients higher than I.P. as the clients would need to compute the PoW function and the I.P. only to verify it. So if right now the cost of the attack is "low" we can add an overhead of +10 to the client and only +2 to the I.P. (for example) and the hidden service doesn't need to do anything.

I will write down my idea and send it here.

On 31/5/19 20:26, Roger Dingledine wrote:
On Thu, May 30, 2019 at 09:03:40PM +0200, juanjo wrote:
And just came to my mind reading this, that to stop these attacks we could
implement some authentication based on Proof of Work or something like that.
This means that to launch such an attack the attacker (client level) should
compute the PoW and must have many computing power, while normal
clients/users don't need almost any change. Actually this is what PoW is
very useful.
Check out https://bugs.torproject.org/25066 for more details on this idea.

There are still some interesting design questions to be resolved before
it's really a proposed idea.

--Roger

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev