š
Original date posted:2014-11-13
š Original message:Hi Mike, hi Ivan, hi all,
>
> >
> > Since when? This has been a recognized approach since people called it
> > "hashcash" ([1] - before cryptocurrencies were even invented).
> >
>
> I only know of one site that worked the way you propose: TicketMaster, a
> long time ago. They used it as a less harsh form of blocking for IPs that
> they strongly suspected were bots, which is what you suggest indeed. But
> 99% of the hard work of that system was in scoring the connections. The
> actual PoW part didn't work that great because bots have much more patience
> than humans do.
>
I think the proposal back then was targeted at e-mail
delivery. Interestingly, one of today's most common approaches
against unsolicited e-mails, DKIM, can also be considered as being a
relative to PoW if we consider that bulk mailer operators don't
like it because of the CPU burden it creates. But with e-mail, people
tend to see it even as an advantage to also have identification of the
participants, so it's no surprise that pure PoW approaches did not
achieve importance.
With cryptocurrencies, it's different. Combating DoS without
creating additional ways to identify users is something where many
interested users can be found.
Humans may have less patience than an attacker who just wants to
achieve his DoS objective in a batch processing manner. But humans
also don't care if their patience is put to the test by having to
wait until one Tor exit node is finally unbanned, or by waiting for
the connection PoW to finish because it temporarily got harder due to
an attack.
No doubt that a dedicated attacker can have an (even big) advantage
resource-wise. But this is no different between the case where both
computing power and the number of Tor exit nodes are the resource to
compete on, and the case where it's just the resource of Tor exit
nodes that gets exhausted. But by giving users the choice of proving
their dedication through a connecting PoW challenge, I would expect
users having more possibilities of finding their way through a
DoS-imposed partial outage. After all, the possibly powerful attacker
has to invest his resources into making all access routes to the
network unusable, while for well-behaved users, every single access
route that still works is useful. Therefore, I think it makes sense to
add more degrees of freedom.
> Other sites also use proofs of work, but they're CAPTCHAs i.e. human PoWs.
> And unfortunately those don't work very well these days either :(
>
None of these measures are perfect. But I think we can achieve a
solution that is good enough. Hopefully without integrating a
centralized captcha provider ;)
>
> > To be clear, I do not propose to have _all_ clients do complicated
> > work. Just those using an address which has been misbehaving.
>
>
> Yes, I understand, but then you're back to scoring clients - the hard part
> - and the only question is do you slow down that client by sticking them at
> the bottom of a work queue or by requiring them to solve a difficult PoW.
> The best approach is the first one because that scales naturally .... you
> don't have to define some notion of misbehaviour, you just prioritise
> amongst clients.
>
On the one hand, I think that to some extent, the work queue based
throttling just moves the problem from making it hard to connect
towards making it hard to do something useful with your connection.
But as I touched above, I see the merit that comes from the PoW-based
approach in allowing well-behaving users to explore multiple axes of
putting effort into connecting. Expanding on this approach, I think
that the work queue based approach and PoW could be combined, leading
to three measures the nodes can use for throttling misbehaving
clients:
* scaling up connection PoW
* throttling the connection on the work queue
* throttling the IP on the work queue
The challenging part would be to properly tune the extent of the three
measures in order to throttle attackers' messages with minimum
impact to well-behaving users.
> The current notion of "misbehaviour" is only somewhat useful. It's easy to
> classify reasonable behaviour as harmful and shoot yourself in the foot. We
> managed this at least once back in 2010 when we actually released a version
> of Bitcoin that interpreted a normal request to serve the block chain as a
> DoS attack! It couldn't serve the chain at all! Additionally many things
> that can be interpreted as an attack like sending a message with a bad
> signature can also be caused just by mistakes, or version skew during
> software upgrades. So it's very tricky to get this right.
>
Sure, but that's a different topic. It may not be even realistic
to have a model which can be reduced to deciding between purposeful
misbehaviour and regular usage. But an attacker who wants to cut off
IPs from the network will always use whatever misbehaviour that leads
to maximum penalty, meaning that it is a decision between not
penalizing at all, or doing so.
> That's important because one quite common way big sites suffer DoS attacks
> is by accidentally having real users create a DoS "attack" by e.g. pushing
> a bad software update, or by having sudden and unexpected press-driven
> growth, etc. You really don't want to force users to sit around waiting and
> wasting battery. It's better to serve as many requests as you can up to
> your absolute limit and try to ensure as many of them as possible are good.
>
I'd say, better have a few Tor-based users realize that they
should look for a fixed update because their client has to do PoW for
connecting, rather than having all Tor-based users locked out.
Still, users should be notified that something is unusual.
>
> > Exactly. Not every user may like to have a cookie by which an observer
> >>
> > might get the chance to even link his connection to his previous
> > connections, thereby allowing the discussed deanonymization technique
> > to get even more effective.
> >
>
> I doubt it matters. Any DoS attack that's powerful enough to use up most of
> the networks resources is probably being driven by a botnet of some kind,
> and *all* legitimate users will lose in an even fight against a botnet.
>
> Cookies can be somewhat anonymized. For example a cookie that is merely a
> signature over a timestamp of some kind (doesn't have to be an secp256k1
> signature) can be normalised to the day or week. So you can prove you've
> been using Bitcoin for say 3 years but it doesn't pin you down precisely.
>
> This isn't perfect: attackers can and do "age" accounts before preparing
> for abuse. Proof of UTXO is another way to rank users. If you're richer
> you're presumably more important for the network to process than poor
> people. However you end up back at a CPU imbalance. PoW can possibly play a
> role here to even it out: the cost of submitting a UTXO proof should be at
> least equal to the cost of verifying the signature, but that is a PoW small
> enough that users would not notice.
>
Both cookies and Proof of UTXO sound like interesting approaches, but
I still see additional possibilities to deduce information about the
user identity here. They could be a nice addition for a better
approach to handle DoS attacks, but I would disagree when it comes to
only providing possibly privacy-weakening approaches.
I'm looking forward to your comments.
Best regards,
Isidor
Isidor Zeuner [ARCHIVE] /
npub1wzā¦2jvxz
2023-06-07 15:27:26
in reply to nevent1qā¦08y4
Author Public Key
npub1wz2sm8h4ylh9dn28688vjzwrmhaxnh3jl04p8jk3qeq7umwf8cus72jvxzPublished at
2023-06-07 15:27:26Event JSON
{
"id": "14776ca30fb204e426f2191c44532a78fc8dfd0041eeb678e089cc64010ea004",
"pubkey": "70950d9ef527ee56cd47d1cec909c3ddfa69de32fbea13cad10641ee6dc93e39",
"created_at": 1686151646,
"kind": 1,
"tags": [
[
"e",
"426b86886ed2692c653d0a32489b54db329204f33a58ed13debb2629dea8b06d",
"",
"reply"
],
[
"p",
"a23dbf6c6cc83e14cc3df4e56cc71845f611908084cfe620e83e40c06ccdd3d0"
]
],
"content": "š
Original date posted:2014-11-13\nš Original message:Hi Mike, hi Ivan, hi all,\n\n\u003e\n\u003e \u003e\n\u003e \u003e Since when? This has been a recognized approach since people called it\n\u003e \u003e \"hashcash\" ([1] - before cryptocurrencies were even invented).\n\u003e \u003e\n\u003e\n\u003e I only know of one site that worked the way you propose: TicketMaster, a\n\u003e long time ago. They used it as a less harsh form of blocking for IPs that\n\u003e they strongly suspected were bots, which is what you suggest indeed. But\n\u003e 99% of the hard work of that system was in scoring the connections. The\n\u003e actual PoW part didn't work that great because bots have much more patience\n\u003e than humans do.\n\u003e\n\nI think the proposal back then was targeted at e-mail\ndelivery. Interestingly, one of today's most common approaches\nagainst unsolicited e-mails, DKIM, can also be considered as being a\nrelative to PoW if we consider that bulk mailer operators don't\nlike it because of the CPU burden it creates. But with e-mail, people\ntend to see it even as an advantage to also have identification of the\nparticipants, so it's no surprise that pure PoW approaches did not\nachieve importance.\n\nWith cryptocurrencies, it's different. Combating DoS without\ncreating additional ways to identify users is something where many\ninterested users can be found.\n\nHumans may have less patience than an attacker who just wants to\nachieve his DoS objective in a batch processing manner. But humans\nalso don't care if their patience is put to the test by having to\nwait until one Tor exit node is finally unbanned, or by waiting for\nthe connection PoW to finish because it temporarily got harder due to\nan attack.\n\nNo doubt that a dedicated attacker can have an (even big) advantage\nresource-wise. But this is no different between the case where both\ncomputing power and the number of Tor exit nodes are the resource to\ncompete on, and the case where it's just the resource of Tor exit\nnodes that gets exhausted. But by giving users the choice of proving\ntheir dedication through a connecting PoW challenge, I would expect\nusers having more possibilities of finding their way through a\nDoS-imposed partial outage. After all, the possibly powerful attacker\nhas to invest his resources into making all access routes to the\nnetwork unusable, while for well-behaved users, every single access\nroute that still works is useful. Therefore, I think it makes sense to\nadd more degrees of freedom.\n\n\u003e Other sites also use proofs of work, but they're CAPTCHAs i.e. human PoWs.\n\u003e And unfortunately those don't work very well these days either :(\n\u003e\n\nNone of these measures are perfect. But I think we can achieve a\nsolution that is good enough. Hopefully without integrating a\ncentralized captcha provider ;)\n\n\u003e\n\u003e \u003e To be clear, I do not propose to have _all_ clients do complicated\n\u003e \u003e work. Just those using an address which has been misbehaving.\n\u003e\n\u003e\n\u003e Yes, I understand, but then you're back to scoring clients - the hard part\n\u003e - and the only question is do you slow down that client by sticking them at\n\u003e the bottom of a work queue or by requiring them to solve a difficult PoW.\n\u003e The best approach is the first one because that scales naturally .... you\n\u003e don't have to define some notion of misbehaviour, you just prioritise\n\u003e amongst clients.\n\u003e\n\nOn the one hand, I think that to some extent, the work queue based\nthrottling just moves the problem from making it hard to connect\ntowards making it hard to do something useful with your connection.\n\nBut as I touched above, I see the merit that comes from the PoW-based\napproach in allowing well-behaving users to explore multiple axes of\nputting effort into connecting. Expanding on this approach, I think\nthat the work queue based approach and PoW could be combined, leading\nto three measures the nodes can use for throttling misbehaving\nclients:\n\n* scaling up connection PoW\n* throttling the connection on the work queue\n* throttling the IP on the work queue\n\nThe challenging part would be to properly tune the extent of the three\nmeasures in order to throttle attackers' messages with minimum\nimpact to well-behaving users.\n\n\u003e The current notion of \"misbehaviour\" is only somewhat useful. It's easy to\n\u003e classify reasonable behaviour as harmful and shoot yourself in the foot. We\n\u003e managed this at least once back in 2010 when we actually released a version\n\u003e of Bitcoin that interpreted a normal request to serve the block chain as a\n\u003e DoS attack! It couldn't serve the chain at all! Additionally many things\n\u003e that can be interpreted as an attack like sending a message with a bad\n\u003e signature can also be caused just by mistakes, or version skew during\n\u003e software upgrades. So it's very tricky to get this right.\n\u003e\n\nSure, but that's a different topic. It may not be even realistic\nto have a model which can be reduced to deciding between purposeful\nmisbehaviour and regular usage. But an attacker who wants to cut off\nIPs from the network will always use whatever misbehaviour that leads\nto maximum penalty, meaning that it is a decision between not\npenalizing at all, or doing so.\n\n\u003e That's important because one quite common way big sites suffer DoS attacks\n\u003e is by accidentally having real users create a DoS \"attack\" by e.g. pushing\n\u003e a bad software update, or by having sudden and unexpected press-driven\n\u003e growth, etc. You really don't want to force users to sit around waiting and\n\u003e wasting battery. It's better to serve as many requests as you can up to\n\u003e your absolute limit and try to ensure as many of them as possible are good.\n\u003e\n\nI'd say, better have a few Tor-based users realize that they\nshould look for a fixed update because their client has to do PoW for\nconnecting, rather than having all Tor-based users locked out.\n\nStill, users should be notified that something is unusual.\n\n\u003e\n\u003e \u003e Exactly. Not every user may like to have a cookie by which an observer\n\u003e \u003e\u003e\n\u003e \u003e might get the chance to even link his connection to his previous\n\u003e \u003e connections, thereby allowing the discussed deanonymization technique\n\u003e \u003e to get even more effective.\n\u003e \u003e\n\u003e\n\u003e I doubt it matters. Any DoS attack that's powerful enough to use up most of\n\u003e the networks resources is probably being driven by a botnet of some kind,\n\u003e and *all* legitimate users will lose in an even fight against a botnet.\n\u003e\n\u003e Cookies can be somewhat anonymized. For example a cookie that is merely a\n\u003e signature over a timestamp of some kind (doesn't have to be an secp256k1\n\u003e signature) can be normalised to the day or week. So you can prove you've\n\u003e been using Bitcoin for say 3 years but it doesn't pin you down precisely.\n\u003e\n\u003e This isn't perfect: attackers can and do \"age\" accounts before preparing\n\u003e for abuse. Proof of UTXO is another way to rank users. If you're richer\n\u003e you're presumably more important for the network to process than poor\n\u003e people. However you end up back at a CPU imbalance. PoW can possibly play a\n\u003e role here to even it out: the cost of submitting a UTXO proof should be at\n\u003e least equal to the cost of verifying the signature, but that is a PoW small\n\u003e enough that users would not notice.\n\u003e\n\nBoth cookies and Proof of UTXO sound like interesting approaches, but\nI still see additional possibilities to deduce information about the\nuser identity here. They could be a nice addition for a better\napproach to handle DoS attacks, but I would disagree when it comes to\nonly providing possibly privacy-weakening approaches.\n\nI'm looking forward to your comments.\n\nBest regards,\n\nIsidor",
"sig": "2349eca37e3c1acc937ea0b546edc0accded689383c9ca048b5994568d373741efc674559a91131d46c942ee865ba5279a840bbfa0236632db8e1ecff147e1a7"
}