Published on: 2014-11-27T03:29:24+00:00
The conversation between Mike and Isidor revolves around the impact of DKIM and PoW/hash-cash in email businesses. Isidor argues that bulk mailing companies use destination DKIM toggling to reduce CPU usage, but this may become impractical when using Bitcoin over Tor. He also challenges Mike's statement on humans not caring about delays but their source, suggesting that users do notice slow website or mobile wallet performance and avoid them. Mike counters that Tor is a separate issue and notifying users of anomalies would be unhelpful since they cannot take actionable decisions. They agree that the solution to a privacy-attacking DoS attack is to not use Tor at all, while solving an attack on the entire Bitcoin network is much more challenging.A former employee considers DKIM as a cheap and irrelevant aspect in the email business. Proof of Work (PoW) has not effectively deterred spamming efforts as it confuses bulk mail with spam. Slow website performance does matter to humans as it negatively impacts revenue. PoW tokens can be useful in a shared toolbox if nodes cannot prioritize connections, but if all users are subjected to PoW, it could lead to game over. Tor should be considered separately from the DoS problem, and users generally do not care about technical jargon like peer-to-peer networks or Tor. The solution to a privacy-attacking DoS attack is to avoid using Tor, while solving an attack on the entire Bitcoin network is more complex.The discussion centers on using PoW to combat DoS attacks in cryptocurrencies. PoW has been recognized since the days of "hashcash" before cryptocurrencies existed. However, it did not work well against bots, who have more patience than humans. DKIM, another PoW approach, is disliked by bulk mailer operators due to the CPU burden it creates. Nevertheless, users see it as advantageous for identifying participants. In cryptocurrencies, PoW can be used to combat DoS without compromising user identification. Allowing users to prove their dedication through a connecting PoW challenge can help them navigate a DoS-imposed partial outage. Nodes can utilize measures such as scaling up connection PoW, throttling the connection on the work queue, and throttling the IP on the work queue to throttle misbehaving clients. However, proper tuning of these measures is crucial to minimize the impact on well-behaving users.It is important to avoid misclassifying reasonable behavior as harmful to prevent unintended consequences. Big sites often suffer DoS attacks due to accidental bad software updates or unexpected press-driven growth. Users should be notified when unusual events occur. Approaches like cookies and Proof of UTXO provide additional possibilities to deduce user identity, making them less ideal for maintaining privacy. The use of PoW as a defense against DoS attacks has been recognized since the pre-cryptocurrency days of "hashcash." However, scoring connections and distinguishing bots from humans remains a challenge. Human PoWs in the form of CAPTCHAs also prove ineffective. Concerns about using cookies to link connections and deanonymize users are mitigated by the likelihood of DoS attacks being driven by botnets. Proof of UTXO presents another way to rank users, but it carries CPU imbalances that can be leveled out with a small PoW cost.Isidor proposes a PoW-based approach to prevent DoS attacks on Tor exit nodes for Bitcoin. He suggests that only misbehaving clients should be required to do the PoW, making it harder for attackers to sustain their attacks. Mike suggests that work prioritization and queueing mechanisms, along with finding ways to distinguish "good" clients from "bad" ones, are the correct solutions. However, preserving privacy while implementing these measures poses challenges. Isidor proposes having both options available - allowing those who can solve the anti-DoS PoW to connect, albeit slower, while those who prefer weaker clients can sacrifice privacy for connectivity using cookies.The article discusses the difficulty of addressing DoS attacks on Tor exit nodes used for connecting to Bitcoin. Requiring all clients to perform complicated work wouldn't solve the issue and would make weak clients vulnerable while attackers' botnets solve PoWs. The article suggests implementing work prioritization and queueing mechanisms to distinguish "good" clients from "bad" ones. However, maintaining privacy during this process is challenging. Requiring clients to present a cookie during resource exhaustion events to prove their longevity and allow them to jump the queue may be a long-term solution.To improve privacy when posting transactions using unrelated inputs, the article suggests using only the same set of nodes for subsequent transactions with the same input addresses. This approach mirrors how Tor uses different circuits for connecting to different hosts. Completely banning Tor exit nodes may not be the best solution, but throttling them using a PoW-based access control scheme could be more effective. Scaling up the connecting difficulty for misbehaving addresses would discourage DoS attacks on Tor exit nodes for Bitcoin connectivity.
Updated on: 2023-08-01T10:17:22.140245+00:00