[tor-dev] [RFC] Proposal: A First Take at PoW Over Introduction Circuits
David Goulet
dgoulet at torproject.org
Wed Jul 1 14:41:53 UTC 2020
On 22 Jun (17:52:44), George Kadianakis wrote:
> Hello there,
>
> here is another round of PoW revisions:
> https://github.com/asn-d6/torspec/tree/pow-over-intro
> I'm inlining the full proposal in the end of this email.
>
> Here is a changelog:
> - Actually used tevador's EquiX scheme as our PoW scheme for now. This is still
> tentative, but I needed some ingredients to cook with so I went for it.
> - Fold in David's performance measurements and use them to get some
> guesstimates on the default PoW difficulty etc.
> - Enable overlapping seed system.
> - Enrich the attack section of the proposal some more.
> - Attempt to fix an effort estimation attack pointed by tevador.
> - Added a bunch of "BLOCKER" tags around the proposal for things that we need
> to figure out or at least have some good intuition if we want to have
> guarantees that the proposal can work before we start implementing.
>
> Here is what needs to happen next:
>
> - David's performance measurements have been really useful, but they open a
> bunch of questions on auxiliary overheads. We are now performing more
> experiments to confirm the performance numbers we got and make sure we are
> not overshooting. I noted these issues down as BLOCKER in the proposal.
> While doing so we also found a pretty serious bug with our scheduler that we
> trying to fix:
> https://gitlab.torproject.org/tpo/core/tor/-/issues/40006
[snip]
(For the record)
Ok now that this bug has been fixed here are the new numbers. The time per
INTRO2 cell, on average, is the same as in the proposal.
Big difference is that Tor is not handling on average ~15 cells per mainloop
round during heavy DDoS. It is 15 and not 32 (theoretical limit) because the
service also handles a lot of DESTROY cells due to the rendezvous circuit
failing but also due to some seconds where no cells are processed because tor
is busy doing other things.
We've also confirmed that the theoretical value of 180 requests per second in
the proposal actually is valid. During high DDoS time, we've observed on
average 165 cells per second (by removing few outliers since tor has other
events that prevents cell processing for 1-3 seconds sometimes.
We've observed rate of 185cells/second so the 180 numbers holds here imo.
Cheers!
David
--
aivM0ymbv1PERLUJ1ZMsGtCDACQ3MpuWDLc0zbwJjqQ=
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20200701/a0226e11/attachment.sig>
More information about the tor-dev
mailing list