On 13/6/19 12:21, George Kadianakis wrote:
Is this a new cell? What's the format? Are these really keys or are they just nonces?
Yes sorry, they are nonces.
This was only a proposal for a proposal.
Is this a new cell? What's the format? Are these really keys or are they just nonces?
IMO we should not do this through a new cell because that increases the round-trip by one. Instead we should just embed the PoW parameters in the onion service descriptor and clients find them there.
Yes, this is a new cell triggered only when DoS limit is reached.
We can't embed it on the onion service descriptor because the attacker could precompute the PoW and make a dictionary attack. The IPKey (will be a nonce) should unique for each new connecting client that wants to send the INTRODUCE2.
What we want this way is increasing the cost of an attacker by many times vs only a little overhead to the I.P.
That looks like a naive PoW scheme. It would perhaps be preferable to try to find a GPU/ASIC-resistant or memory-hard PoW scheme here, to minimize the advantage of adversaries with GPUs etc.? Are there any good such schemes?
Also services should definitely be able to configure the difficulty of the PoW, and IMO this should again happen through the descriptor.
That PoW scheme was just a simple example. We should find the right choice. Something hard to find but easy to check.