This is an initial implementation of new functionality for mitigating DoS attacks on onion services using a proof-of-work client puzzle, based on work by several folks:
- Thanks tevador for the underlying PoW algorithm, Equi-X
- George Kadianakis, Mike Perry, David Goulet, and tevador for the proposal 327 specification this implements
- David Goulet, Roger Dingledine, and Mike Perry wrote most of this implementation last year
This addresses ticket #40634 (closed) and provides an initial implementation. As noted in the ticket there's room for improvement, but at this stage the feature might be considered useful and the wire protocol stabilized.
The Equi-X implementation is covered by the LGPL. As noted in #40634 (closed) there are a few integration approaches we could have taken, but the approach that seemed to make the most sense for our needs was to integrate equix directly into the
src/ext tree and implement an optional GPL-licensed build mode for tor and libtor. To get the new proof-of-work system, clients and services must both be built with
--enable-gpl and services must have the
HiddenServicePoWDefensesEnabled torrc option at runtime.