Skip to content

prop327: Implement PoW over Introduction Circuits

Ghost User requested to merge (removed):ticket40634_local into main

This is an initial implementation of new functionality for mitigating DoS attacks on onion services using a proof-of-work client puzzle, based on work by several folks:

  • Thanks tevador for the underlying PoW algorithm, Equi-X
  • George Kadianakis, Mike Perry, David Goulet, and tevador for the proposal 327 specification this implements
  • David Goulet, Roger Dingledine, and Mike Perry wrote most of this implementation last year

This addresses ticket #40634 (closed) and provides an initial implementation. As noted in the ticket there's room for improvement, but at this stage the feature might be considered useful and the wire protocol stabilized.

The Equi-X implementation is covered by the LGPL. As noted in #40634 (closed) there are a few integration approaches we could have taken, but the approach that seemed to make the most sense for our needs was to integrate equix directly into the src/ext tree and implement an optional GPL-licensed build mode for tor and libtor. To get the new proof-of-work system, clients and services must both be built with --enable-gpl and services must have the HiddenServicePoWDefensesEnabled torrc option at runtime.

Merge request reports