[tor-bugs] #7202 [Tor]: Implement ntor handshake or its successor
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Nov 26 07:04:12 UTC 2012
#7202: Implement ntor handshake or its successor
--------------------------------+-------------------------------------------
Reporter: karsten | Owner:
Type: project | Status: new
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Keywords: SponsorZ tor-relay | Parent:
Points: | Actualpoints:
--------------------------------+-------------------------------------------
Comment(by mikeperry):
Hrmm. I am worried that ntor is even more asymmetric and DoS-vulnerable
than what we have now. It seems as though ntor CREATE2 cells will cost a
client roughly 0 computation if it wants to spam ntor CREATE2's at a node
and ignore the results. The server, on the other hand, has to do a lot of
exponentiations and HMACing.
Crazy idea: What if we included a hash of the CREATE2 cell's content, with
some additional requirements on the hash to be verified server-side as
proof-of-work. For example, we could require timestamp+nonce parameter
additions (that are themselves hashed) such that the hash has a certain
number of leading zeroes. Nodes could also verify that they don't see
repeats of this hash value over some time period after which they would
simply discard CREATE2 with old enough timestamps, without hashing
anything.
This makes discarding replayed CREATE2s require zero crypto from the
server, and can be made to be arbitrarily costly for the client (dare I
say it: perhaps via a consensus parameter specifying the required hash
prefix?)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7202#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list