[tor-dev] Onion Service - Intropoint DoS Defenses

juanjo juanjo at avanix.es
Fri May 31 18:40:54 UTC 2019


Ok, thanks, I was actually thinking about PoW on the Introduction Point 
itself, but it would need to add a round trip, like some sort of 
"authentication based PoW" before allowing to send the INTRODUCE1 cell. 
At least it would make the overhead of clients higher than I.P. as the 
clients would need to compute the PoW function and the I.P. only to 
verify it. So if right now the cost of the attack is "low" we can add an 
overhead of +10 to the client and only +2 to the I.P. (for example) and 
the hidden service doesn't need to do anything.

I will write down my idea and send it here.

On 31/5/19 20:26, Roger Dingledine wrote:
> On Thu, May 30, 2019 at 09:03:40PM +0200, juanjo wrote:
>> And just came to my mind reading this, that to stop these attacks we could
>> implement some authentication based on Proof of Work or something like that.
>> This means that to launch such an attack the attacker (client level) should
>> compute the PoW and must have many computing power, while normal
>> clients/users don't need almost any change. Actually this is what PoW is
>> very useful.
> Check out https://bugs.torproject.org/25066 for more details on this idea.
>
> There are still some interesting design questions to be resolved before
> it's really a proposed idea.
>
> --Roger
>
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev


More information about the tor-dev mailing list