o_e_l_e_o (OP)
In memoriam
Legendary
 Offline
Activity: 2268
Merit: 18507
|
 |
June 02, 2023, 11:18:05 AM |
|
https://gitlab.torproject.org/tpo/core/tor/-/commit/8b46d1c6ca20b8c99b979569c7432a97d8fc20a1o Major features (onion service, proof-of-work):
- Implement proposal 327 (Proof-Of-Work). This is aimed at thwarting
introduction flooding DoS attacks by introducing a dynamic Proof-Of-Work
protocol that occurs over introduction circuits. This introduces several
torrc options prefixed with "HiddenServicePoW" in order to control this
feature. By default, this is disabled. Closes ticket 40634.
It uses the Equi-X algorithm, which is itself developed from RandomX, which is the ASIC resistant PoW algorithm used by Monero. It is also being developed by the same user, tevador. There's a fantastic post here which explains how this is going to work and what the end user will experience: https://darkdot.com/articles/tor-ddos-leads-to-proof-of-work/. Site admins can manually decide how much PoW is required to reach their site, and users can decide how much PoW they are willing to perform. Hopefully this puts an end to DDoS on Tor.
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
tromp
Legendary
Offline
Activity: 978
Merit: 1077
|
|
June 02, 2023, 12:44:10 PM
Last edit: June 02, 2023, 01:32:25 PM by tromp Merited by DaCryptoRaccoon (3) |
|
It uses the Equi-X algorithm, which is itself developed from RandomX, which is the ASIC resistant PoW algorithm used by Monero.
To be more precise, we should distinguish between PoW algorithms and the hash functions they use. E.g. when people say Bitcoin's PoW is SHA256, what they mean is that it uses the Hashcash PoW with the SHA256 hash function (iterated twice). Equi-X is the Equihash PoW algorithm using HashX as underlying hash function. The latter is derived from the RandomX hash function used in Monero's Hashcash PoW algorithm. |
|
|
|
|
She shining
Jr. Member
Offline
Activity: 38
Merit: 24
|
|
June 02, 2023, 12:59:24 PM |
|
I thought POW was created by Moni naor and Cynthia Dwork.
Tor have been on this project for a long time now,i know its difficult to implement but still think their adoption was kinda slow and passive. According to the link the project is implementing a form of proof of work similar to POS,but instead of stakes works are staked,which can really help tackling small,mid or maybe large botnet but won't this make the system way slower? Can a computer with relatively poor computation power still effectively use it? Saw online while trying to understand more on the attack a term called hactivist . https://gridinsoft.com/blogs/ddos-for-hire-used-by-hacktivists/ The reason for the recent uprising of DDoS attack and, particularly, DDoS-for-hire services, is hacktivists activity. Hacktivism has evolved from loosely structured groups to a more mature ecosystem with diverse motivations and sources. It got a massive punch particularly after the beginning of the Russia-Ukrainian war. As a result, hacktivist groups have become more organized and conduct military-like operations with precise positioning and clear objectives won't this organized attack pose a threat to the system in its early adoption? But in all I wish the project success because having a network that boast of good anonymity is uncommon
|
|
|
|
|
tromp
Legendary
Offline
Activity: 978
Merit: 1077
|
|
June 02, 2023, 01:31:13 PM |
|
I thought POW was created by Moni naor and Cynthia Dwork.
Naor & Dwork invented the concept of PoW, while Adam invented Hashcash, the first practical PoW algorithm [1]. [1] https://en.wikipedia.org/wiki/Proof_of_work |
|
|
|
|
NotATether
Legendary
Offline
Activity: 1582
Merit: 6695
bitcoincleanup.com / bitmixlist.org
|
|
June 02, 2023, 05:43:18 PM |
|
Hopefully this puts an end to DDoS on Tor.
Oh it will alright, but it will also get Greenpeace's angry wrath  At this point, these watchdogs should just go after Netflix, your IDE, software updater, and all your games for your COU contributing to the carbon footprint. We shall hear what they have to say about this eventually, if their XRP fallguy they even care at all  Saw online while trying to understand more on the attack a term called hactivist . https://gridinsoft.com/blogs/ddos-for-hire-used-by-hacktivists/ The reason for the recent uprising of DDoS attack and, particularly, DDoS-for-hire services, is hacktivists activity. Hacktivism has evolved from loosely structured groups to a more mature ecosystem with diverse motivations and sources. It got a massive punch particularly after the beginning of the Russia-Ukrainian war. As a result, hacktivist groups have become more organized and conduct military-like operations with precise positioning and clear objectives won't this organized attack pose a threat to the system in its early adoption? But in all I wish the project success because having a network that boast of good anonymity is uncommon The internet is not a WWII battlefield and should be treated as neutral protected space. This especially goes for IP addresses running important and constructive protocols like DNS and Tor. Hacktivists should not be allowed to abuse the system as well. |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
gmaxwell
Moderator
Legendary
Offline
Activity: 4158
Merit: 8382
|
|
June 03, 2023, 07:57:29 AM |
|
Context: scammer Craig Wright pays people to spread that line because: (1) He has some narcissistic rivalry with everyone who understands technology better than him (which is lot of people!), (2) he doesn't understand proof of work well enough to realize that a version with a trap-door is fundamentally unsuitable for almost every application people talk about using proof of work. It's just pathetic. Unfortunately, the whole thing about history being written by the victors only applies to stuff like warfare where the losers are literally killed. Lots of people who don't know better end up picking up and repeating his narratives-- he stands to gain from spending to spread his bullshit and invests heavily in it. Other people don't care to stop him. Thanks for speaking up for the truth. |
|
|
|
|
o_e_l_e_o (OP)
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18507
|
|
June 03, 2023, 11:53:17 AM |
|
Something interesting I read when looking more closely at this: Incoming rendezvous requests will be prioritized based on the amount of effort a client chooses to make when computing a solution to the puzzle. The service will periodically update a suggested amount of effort, based on attack load, and disable the puzzle entirely when the service is not overloaded. So it's not an all or nothing thing as I had initially assumed - the service stipulates x amount of work, if you complete x or more you are connected, if you complete less than x you are not connected. Rather, it's based on prioritization. If you complete less than the suggested amount then you might still connect, but your connection will simply be a lower priority than those who have completed more work. I'm really keen to try this out. Wonder how long it will be before some sites start implementing it? |
|
|
|
|
PrimeNumber7
Copper Member
Legendary
Offline
Activity: 1610
Merit: 1899
Amazon Prime Member #7
|
|
June 03, 2023, 01:20:36 PM |
|
I'm really keen to try this out. Wonder how long it will be before some sites start implementing it?
I assume this is only an option for hidden services (so only .onion sites). Although facebook is not very privacy friendly to most (all?) of their users (based on the amount of data they collect on them), they do have a tor version of their site, and I can see them implementing this as a means to help others to implement this to prevent DoS attacks on hidden services. |
|
|
|
|
|
Cricktor
|
|
June 03, 2023, 01:47:18 PM |
|
I understood it that this PoW demand for a circuit rendezvous is only issued when the Tor service detected some kind of DDoS situation. In a network or connection pressure situation the PoW will be enforced to mitigate the pressure otherwise it's not enabled and demanded by the Tor service. I like this approach and the idea behind it.
Will be interesting to see if it works well and does what it's designed for.
|
|
|
|
Wind_FURY
Legendary
Offline
Activity: 2898
Merit: 1823
|
|
June 03, 2023, 03:13:04 PM |
|
Hopefully this puts an end to DDoS on Tor.
Oh it will alright, but it will also get Greenpeace's angry wrath At this point, these watchdogs should just go after Netflix, your IDE, software updater, and all your games for your COU contributing to the carbon footprint. We shall hear what they have to say about this eventually, if their XRP fallguy they even care at all Don't worry about "Green Peace", their people at the top don't actually care. Tin-foil hats on, but just like the World Economic Forum, it's merely one of the organizations created to help achieve the elite's Globalist Agenda. Saw online while trying to understand more on the attack a term called hactivist https://gridinsoft.com/blogs/ddos-for-hire-used-by-hacktivists/ The reason for the recent uprising of DDoS attack and, particularly, DDoS-for-hire services, is hacktivists activity. Hacktivism has evolved from loosely structured groups to a more mature ecosystem with diverse motivations and sources. It got a massive punch particularly after the beginning of the Russia-Ukrainian war. As a result, hacktivist groups have become more organized and conduct military-like operations with precise positioning and clear objectives won't this organized attack pose a threat to the system in its early adoption? But in all I wish the project success because having a network that boast of good anonymity is uncommon It will, just like how miners could be hired and be a threat against nascent altcoins, BUT it's not without a cost which is the point of POW. Want to attack it? Pay the price because sometimes it won't be cheap. |
| .SHUFFLE.COM.. | ███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████ | ███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████ | .
...Next Generation Crypto Casino... |
|
|
|
|
Synchronice
|
|
June 03, 2023, 10:04:19 PM |
|
There's a fantastic post here which explains how this is going to work and what the end user will experience: https://darkdot.com/articles/tor-ddos-leads-to-proof-of-work/. Site admins can manually decide how much PoW is required to reach their site, and users can decide how much PoW they are willing to perform. Hopefully this puts an end to DDoS on Tor. I think you slightly misunderstood that part. Service administrator can manually enable or disable PoW for an Onion service, i.e. the administrator can leave it disabled if there is not an attack or enable it in case there is an attack. Also, website administrator can't manually decide how much PoW is required for individuals to reach their site, it's automatically adjusted by the tor Daemon, based on the scope of the attack. |
|
|
|
|
larry_vw_1955
|
|
June 04, 2023, 03:38:44 AM |
|
So it's not an all or nothing thing as I had initially assumed - the service stipulates x amount of work, if you complete x or more you are connected, if you complete less than x you are not connected. Rather, it's based on prioritization. If you complete less than the suggested amount then you might still connect, but your connection will simply be a lower priority than those who have completed more work.
but they still have to take requests and check if the appropriate amount of work has been done. that takes resources just doing that. you could overload a server with that type of bogus request and what are they going to do?  i'm not an expert on tor. |
|
|
|
|
tromp
Legendary
Offline
Activity: 978
Merit: 1077
|
|
June 04, 2023, 07:43:50 AM
Last edit: June 04, 2023, 12:25:37 PM by tromp Merited by ABCbits (4), o_e_l_e_o (4) |
|
but they still have to take requests and check if the appropriate amount of work has been done. that takes resources just doing that.
You're right that a DDOS attacker can submit bogus PoW proofs at negligible cost and these still need to be verified. The HashX docs make these claims regarding Performance [1] > HashX was designed for fast verification. Generating a hash function from seed takes about 50 μs and a 64-bit nonce can be hashed in under 100 ns (in compiled mode) or in about 1-2 μs (in interpreted mode). Obviously, with hash function generation being about 3 orders of magnitude slower than a SHA256 hash computation, fast verification was not the prime design objective. It was designed for ASIC resistance first, and fast verification second. The EquiX PoW verification makes 8 HashX computations, but they're all from a single generated function, so detecting the bogus PoW takes about 50 μs. Hopefully that's fast enough to deter such attacks. EDIT: apparently TOR already faces about 260 μs overhead in request processing before it can verify the PoW, so there's very little benefit in further reducing this 50 μs. [1] https://github.com/tevador/hashx |
|
|
|
|
|
|
|
Cricktor
|
|
June 04, 2023, 09:46:34 PM |
|
but they still have to take requests and check if the appropriate amount of work has been done. that takes resources just doing that.
I'm not a Tor expert either. I read that those Tor rendezvous circuits are something "expensive" for the Tor participants, whatever that means. Apparently it made sense to implement this PoW challenge for those rendezvous circuits, if needed under some DDoS stress. Usually it's computationally way more expensive to do the PoW than to check if correct PoW has been done and submitted. It's likely similar to what is done in Bitcoin mining. Finding a valid block hash is multi-magnitudes of computational work more expensive than validating the correctness of a Bitcoin block header hash. |
|
|
|
|
larry_vw_1955
|
|
June 04, 2023, 11:47:08 PM
Last edit: June 05, 2023, 12:47:47 AM by larry_vw_1955 |
|
You're right that a DDOS attacker can submit bogus PoW proofs at negligible cost and these still need to be verified. The HashX docs make these claims regarding Performance [1]
Thanks for the info but: A few comments on this proposal: https://github.com/torproject/torspec/blob/main/proposals/327-pow-over-intro.txtThe protocol involves the following major steps:
1) Service encodes PoW parameters in descriptor [DESC_POW]
2) Client fetches descriptor and computes PoW [CLIENT_POW]
3) Client completes PoW and sends results in INTRO1 cell [INTRO1_POW]
4) Service verifies PoW and queues introduction based on PoW effort
[SERVICE_VERIFY]
5) Requests are continuously drained from the queue, highest effort first,
subject to multiple constraints on speed [HANDLE_QUEUE]
The Service seems like it could be still subject to ddos attacks anyway as it has to provide POW parameters in step 1 and then verify the PoW in step 4. So it has to first communicate to the client, providing some information, then it has to perform processing to verify the PoW is correct. if all of those requests by the client are fake then that's wasting bandwidth of the server and its computing power. 3.4.1. PoW verification [POW_VERIFY]
To verify the client's proof-of-work the service MUST do the following steps:
a) Find a valid seed C that starts with POW_SEED. Fail if no such seed
exists.
b) Fail if N = POW_NONCE is present in the replay cache
(see [REPLAY_PROTECTION])
c) Calculate R = ntohl(blake2b_32(P || ID || C || N || E || S))
d) Fail if R * E > UINT32_MAX
e) Fail if equix_verify(P || ID || C || N || E, S) != EQUIX_OK
f) Put the request in the queue with a priority of E
If any of these steps fail the service MUST ignore this introduction request
and abort the protocol.
I'm not going to pretend like I understand the reasons for all of these steps but if any of them fails then the introduction request must be denied. That means all of them have to be checked to make sure none of them fail, in the worst case scenario you would find yourself going through all of them until you hit step f. For every bogus request, it might have to go rhgouh steps a,b,c,d,e and then maybe it fails on step f for whatever reason. maybe all those steps are extremely fast and efficient, well they better be!
"Third-party anonymous credentials" -- We can use anonymous credentials and a
third-party token issuance server on the clearnet to issue tokens
based on PoW or CAPTCHA and then use those tokens to get access to the
service. See [REF_CREDS] for more details.
This seems like a better idea to separate the PoW component of things completely. Then you could add on PoW protection to all kinds of different services too. After looking at this thing for a few minutes, the only real question that comes to mind is why they didn't come up with an idea like this sooner. Presumably DDOS attacks are not a new thing for Tor...and it's not really anything new. I think they did it with email way back in the day. Where to stop spam, they required some PoW be done that took a few seconds. Simple way to stop spam...
I'm not a Tor expert either. I read that those Tor rendezvous circuits are something "expensive" for the Tor participants, whatever that means. Apparently it made sense to implement this PoW challenge for those rendezvous circuits, if needed under some DDoS stress. Usually it's computationally way more expensive to do the PoW than to check if correct PoW has been done and submitted. It's likely similar to what is done in Bitcoin mining. Finding a valid block hash is multi-magnitudes of computational work more expensive than validating the correctness of a Bitcoin block header hash.
strange thing is how they can turn off the PoW when it's not needed. But clients can still do the PoW anyway to get a higher priority in the "Queue". So people with more powerful machines (modern ones), well they can be expedited while poorer people with lower end machines can get ignored. Ignored means treated with lower priority. means more waiting. |
|
|
|
|
|
larry_vw_1955
|
|
June 06, 2023, 03:19:41 AM |
|
Providing PoW parameters (on step 1) is extremely cheap since the parameter is only updated every ~2 hours. See section 3.1 for details. And IMO few μs to verify PoW is very fast.
i was talking about step 2 regarding network bandwidth: 2) Client fetches descriptor and computes PoW [CLIENT_POW] someone could still try and saturate the server's bandwidth/ability to process requests for the "descryptor" a better solution would not require the server to send out anything to the client until after the client successfully submitted a valid PoW... “The attacks exploit the inherent asymmetric nature of the onion service rendezvous protocol, and that makes it a hard problem to defend against. During the rendezvous protocol, an evil client can send a small message to the service while the service has to do lots of expensive work to react to it. This asymmetry opens the protocol to DoS attacks, and the anonymous nature of our network makes it extremely challenging to filter the good clients from the bad.” thats a poorly designed protocol in the first place then. |
|
|
|
|
NotATether
Legendary
Offline
Activity: 1582
Merit: 6695
bitcoincleanup.com / bitmixlist.org
|
|
June 06, 2023, 09:38:46 AM |
|
Providing PoW parameters (on step 1) is extremely cheap since the parameter is only updated every ~2 hours. See section 3.1 for details. And IMO few μs to verify PoW is very fast.
i was talking about step 2 regarding network bandwidth: 2) Client fetches descriptor and computes PoW [CLIENT_POW] someone could still try and saturate the server's bandwidth/ability to process requests for the "descryptor" a better solution would not require the server to send out anything to the client until after the client successfully submitted a valid PoW... But server need to send description which contain PoW parameter in order for client to perform and submit valid PoW in first place. And AFAIK sending descriptor to client should be extremely cheap since descriptor is static data which only updated as needed (e.g. every ~2 hours to update PoW parameters) and could be cached easily. In the more extreme case, a TOR relay's proxy server could theoretically cache this information on a CDN such as Akamai, which would then transform the problem into a DDoS attack on said CDNs, which could cause them to sinkhole the IP addresses involved. Or perhaps the sinkholing can be done by the relays themselves with the proper network infrastructure, since I don't know if it's even practical for CDNs to get involved, even if it is in the very early stages before the bridges/guard nodes do anything else. |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
|
darkv0rt3x
|
|
June 06, 2023, 01:56:31 PM |
|
An out of the blue question:
I2P seems to be using hashcash as means of preventing email spamming and DDoS (back in the days by Adam Back, iirc)... I2P is way newer than Tor so why is Tor only now adopting a more effective way of dealing with DDoS? They did use anything else before now?
|
Bitcoin is energy. Bitcoin is freedom
I rather die on my feet than living on my knees!
|
|
|
ABCbits
Legendary
Offline
Activity: 2856
Merit: 7409
Crypto Swap Exchange
|
|
June 07, 2023, 10:32:16 AM Merited by darkv0rt3x (1) |
|
--snip--
In the more extreme case, a TOR relay's proxy server could theoretically cache this information on a CDN such as Akamai, which would then transform the problem into a DDoS attack on said CDNs, which could cause them to sinkhole the IP addresses involved. Or perhaps the sinkholing can be done by the relays themselves with the proper network infrastructure, since I don't know if it's even practical for CDNs to get involved, even if it is in the very early stages before the bridges/guard nodes do anything else. I really hope people who run Tor hidden service wouldn't resort to 3rd party CDN. Even OnionBalance and Endgame which created for Tor hidden service isn't recommended by Tor project (as stated by article shared by OP). An out of the blue question:
I2P seems to be using hashcash as means of preventing email spamming and DDoS (back in the days by Adam Back, iirc)... I2P is way newer than Tor so why is Tor only now adopting a more effective way of dealing with DDoS?
I don't know since when I2P add Hashcash. But PoW proposal for Tor has been around since 2020[1] and the idea itself seems to be few years older. And FYI, I2P isn't exactly new since it was created on 2003[2]. They did use anything else before now?
Yes, some of them mentioned on their documentation[3]. [1] https://lists.torproject.org/pipermail/tor-dev/2020-June/014381.html[2] https://www.geti2p.net/en/blog/post/2021/08/28/History-of-I2P[3] https://community.torproject.org/onion-services/advanced/dos/ |
|
|
|
|
