Author: Isidor Zeuner 2014-11-13 22:52:43
Published on: 2014-11-13T22:52:43+00:00
The discussion revolves around using a Proof of Work (PoW) approach to combat DoS attacks in cryptocurrencies. The PoW approach has been recognized since it was called "hashcash" before the invention of cryptocurrencies. While other sites used PoW, such as TicketMaster, it did not work well against bots who have more patience than humans. DKIM is another PoW approach that bulk mailer operators do not like because of the CPU burden it creates. However, users tend to see it as an advantage to identify participants. With cryptocurrencies, PoW can be used to combat DoS without creating additional ways to identify users. While dedicated attackers may have an advantage resource-wise, providing users with the choice of proving their dedication through a connecting PoW challenge will enable them to find their way through a DoS-imposed partial outage. Three measures nodes can use for throttling misbehaving clients include scaling up connection PoW, throttling the connection on the work queue, and throttling the IP on the work queue. Properly tuning the extent of these measures is necessary to throttle attackers' messages with minimum impact on well-behaving users.It is important to note that misclassification of reasonable behavior as harmful could lead to shooting oneself in the foot. One common way big sites suffer DoS attacks is by accidentally having real users create a DoS "attack" by pushing a bad software update or having sudden and unexpected press-driven growth. Users should be notified when something unusual occurs. While cookies and Proof of UTXO sound like interesting approaches, they provide additional possibilities to deduce information about the user identity. Therefore, solely providing possibly privacy-weakening approaches is not ideal.
Updated on: 2023-06-09T02:26:35.428556+00:00