Objective 1, Activity 2: Denial of service defences

This is the parent ticket to hold any tickets under this activity, including:

• Reducing the amount of circuits that they build over time on the Tor network
• Providing more ways for onion service administrators to control the influx of incoming users in heavy traffic scenarios.
• Improving our defense mechanisms by:
  • Decreasing onion service load on the Tor network, by slowing down Tor circuit creation on startup.
  • Optimizing relevant onion service functions that are called multiple times therefore taking a lot of the CPU.
  • Making it harder for adversaries to force services to rotate their introduction points.
• Writing a Tor software change proposal for a “rendezvous approver” API that can be useful for:
  1. Rate limiting; allow at most N unauthenticated clients over a set time period
  2. Extra-conservative logic like "stop accepting connections during potential guard discovery"
  3. Limiting capacity to control server load; only allow N simultaneous clients.
  4. Protocol-tuned rules for things like Ricochet
  5. More advanced pre-rendezvous authorization
  6. Load-balancing across multiple servers running Tor onion services
• Closing client circuit once the INTRO1/ACK dance has been completed, decreasing load on the Tor network.