[tor-dev] Proposal for PoW DoS defenses during introduction (was Re: Proposal 305: ESTABLISH_INTRO Cell DoS Defense Extension)

Aaron Lye lye at math.uni-bremen.de
Thu Jun 13 13:28:00 UTC 2019

George Kadianakis:
>>      2.Client computes POW.
>>      Do{
>> Generates random 8 bytes key (ClientKey).
>> Generates hash(sha512/256 or sha3??) of
>> hash(IPKey + ClientKey)
>> } while (hash does not start with "abcde")
> That looks like a naive PoW scheme. It would perhaps be preferable to
> try to find a GPU/ASIC-resistant or memory-hard PoW scheme here, to
> minimize the advantage of adversaries with GPUs etc.?  Are there any
> good such schemes?

It may be worth looking at Argon2 [1] which is designed to maximize the
cost of password cracking on ASICs based on memory-hard functions.
A different approach is the input-dependent use of several different
hash functions (cf. e.g. [2]).

[1] https://www.cryptolux.org/images/0/0d/Argon2.pdf
[2] https://www.pascalcoin.org/storage/whitepapers/RandomHash_Whitepaper.pdf

> Also services should definitely be able to configure the difficulty of
> the PoW, and IMO this should again happen through the descriptor.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20190613/e5e62f6d/attachment.sig>

More information about the tor-dev mailing list