Tor To Implement Proof Of Work Client Puzzle To Mitigate DoS Attacks
The proposal introduces a proof of work system used to identify and verify genuine users. A complimentary draft proposal also might introduce "Res tokens" for further DoS attack resistance.
- Proposal 327 - A First Take at PoW Over Introduction Circuits "aims to thwart introduction flooding DoS attacks by introducing a dynamic Proof-Of-Work protocol that occurs over introduction circuits."
- "If we ever hope to have truly reachable global onion services, we need to make it harder for attackers to overload the service with introduction requests. This proposal achieves this by allowing onion services to specify an optional dynamic proof-of-work scheme that its clients need to participate in if they want to get served.'
- "We hope that this proposal can help us defend against the script-kiddie attacker and small botnets. This is just the beginning in DoS defences for Tor and there are various futured designs and schemes that we can investigate."
- The proposal is still tagged as preliminary draft but its implementation was recently marked as "ready to merge."
- A complementary proposal 331 aims to introduce of "Res tokens" which "can offer protection against even extremely strong attackers."
GitLab Repo
Proposal 327 / Proposal 331
Blog Post (April 2020) / Archive