[HN Gopher] Proof-of-Work Defense for Onion Services
___________________________________________________________________
Proof-of-Work Defense for Onion Services
Author : simonpure
Score : 41 points
Date : 2023-08-24 21:57 UTC (1 hours ago)
(HTM) web link (blog.torproject.org)
(TXT) w3m dump (blog.torproject.org)
| extraduder_ire wrote:
| I'm surprised something like this wasn't done sooner, and also
| haven't read the proposal [0] in enough detail to tell if this
| will lead to more data affecting the anonymity of users. Should
| be fine though, since it's tied user-to-service and not stored
| anywhere.
|
| I'm wondering how much this will decrease load on the service
| being proxied vs the nodes themselves though, I assume it'll have
| more benefit to services since access is spread out between
| multiple nodes.
|
| [0]:
| https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/p...
| pawelduda wrote:
| What's preventing abusers from getting new identities when the
| PoW kicks in and continuing the DDoS?
|
| Edit: looks like PoW is set per "service" that's under attack
| rather than client?
| [deleted]
| hbfdhfdhadfhnfa wrote:
| I though that its the last hop that operators control and they
| can intercept the traffic thats the problem. but this only saves
| them money and costs the users more when energy is expensive
| cypherpunks01 wrote:
| With regular Tor > Web traffic, yes the exit relay (last hop)
| is able to tell the destination and can gather other metadata
| or intercept/modify unencrypted traffic.
|
| With Onion Services however, there is no exit relay. Services
| are encrypted end to end between the client and the hidden
| service.
| dylkil wrote:
| It limits denial of services attacks on onion services
| Animats wrote:
| This has been suggested before, for email spam.
|
| Cloudflare could do this, too. Every time you access a busy site,
| seconds to minutes of useless crunching. The overall effect would
| be to drain batteries worldwide.
| sneak wrote:
| The suggestion for PoW for email bonds was called Hashcash, by
| Adam Back, and involved partial hash collisions.
|
| http://www.hashcash.org/
|
| It served as the inspiration for Bitcoin's PoW mining,
| interestingly enough.
| dnstalk wrote:
| Just like ads! They wear your battery but without your consent
| ivirshup wrote:
| Hey, that's not a fair assessment.
|
| It would also dump greenhouse gasses into the atmosphere.
| quickthrower2 wrote:
| Hold on you just made DoS more expensive, but a hell of alot more
| effective. If I need a RTX4090 to access your site now, the
| attacker has succeeded.
| extraduder_ire wrote:
| I think difficulty also kind-of scales per-user, due to the
| queue mechanism.
| codetrotter wrote:
| There are PoW algorithms specifically developed to resist GPU
| and ASIC. Typically they do this by being memory intensive
| instead of (or in addition to) being compute intensive.
| hsbauauvhabzb wrote:
| The article itself lacks details on what proof of work
| actually is - based on your answer I'm assuming compute
| rather than captcha. Is there any example algorithms that are
| easy to understand? I'm curious to see an algo that's
| expensive for the client but cheap for the server to verify,
| I assume it involves reversing an equation or similar?
| whimsicalism wrote:
| Pretty much any NP problem that we can't currently solve in
| polynomial time, ie. prime factorization - can be a PoW.
|
| I'm not sure which are specialized for GPU-resistance,
| probably not prime factorization given it can be
| parallelized
| checkdrain wrote:
| Equihash (Birthday Problem): Memory Hardness
| https://en.m.wikipedia.org/wiki/Equihash
|
| RandomX (Execution of a random program): Memory Hardness
| (Inc. cache sizes), Speculative Execution/Branching, ILP,
| some sort of chaining https://github.com/tevador/RandomX/bl
| ob/master/doc/design.md
| codetrotter wrote:
| One of the most known compute based PoW algorithms is the
| one used by Bitcoin.
|
| Basically it goes like this:
|
| You are challenged to use some piece of data given to you,
| and to add some data to it, which will produce a hash with
| a given number of leading zeroes.
|
| For example let's say I challenge you to find a sha3 hash
| of ("response to codetrotter for comment 37255449 on HN" +
| any data of your choosing), with difficulty set to 3.
| Meaning that in order for me to accept the hash, it has to
| have at least three leading zeroes.
|
| The higher the difficulty, the higher number of leading
| zeroes I ask for from you. Which in turn means it will take
| you more time to find. Because the only way to find a
| fitting hash is to try a bunch of different data until you
| find a fitting hash.
|
| The neat thing is that while it takes a lot of time for you
| to find a matching hash, it is trivially simple for me to
| validate your claim when you've found a matching hash.
|
| For this kind of PoW, people have developed software that
| runs on GPU faster than most CPU can do. And then they
| developed specialised hardware to be even faster - ASICs.
|
| That in turn is where memory-based algorithms come into
| play. To make the people with GPUs and ASICs not have an
| advantage over others.
| grug_htmx_dev wrote:
| Currently attacking is nearly free, and you can't access the
| site at all anyway.
___________________________________________________________________
(page generated 2023-08-24 23:00 UTC)