Tor turns to proof-of-work puzzles to defend onion network from DDoS attacks

Tor, which stands for The Onion Router, weathered a massive distributed denial-of-service (DDoS) storm from June last year through to May.

While that attack has subsided, DoS abuse remains a persistent problem, one that degrades the performance of the anti-censorship service and has left many worried about its security.

Tor's onion routing is a privacy technology that dates back two decades. It basically works by relaying your internet traffic through a shifting maze of nodes so that, with some clever encryption encapsulation, a network eavesdropper, as one example, will struggle or be unable to discern your true public IP address, which could be used to identify you and link any observed online activity to you specifically. Caveats apply.

The project remains a target for governments and a boon for those who want to communicate privately. Those using Tor may access .onion addresses via the Tor Browser, which is good but not perfect.

(Tor can be used to access non-onion services on the public internet, but this article concerns fending off DDoS attacks that disrupt access to .onion sites.)

To thwart future debilitating DDoS attacks, Tor developers have been working on a defense first proposed in April 2020. It just arrived in Tor version 0.4.8.4 and it relies on a mechanism developed in 1992 by Moni Naor and Cynthia Dwork as a defense against DoS and spam but made famous for energy profligacy by Bitcoin: proof-of-work.

Essentially, clients trying to reach .onion services may be asked to complete small proof-of-work tests. If you're connecting as a legit user, you shouldn't notice anything. If you're trying to hammer the project's network of nodes with lots of repeated connections, the proof-of-work challenges may well hamper your attempts.

"​​If we ever hope to have truly reachable global onion services, we need to make it harder for attackers to overload the service with introduction requests," explain Tor contributors George Kadianakis, Mike Perry, David Goulet, and Tevador in the project outline. "This proposal achieves this by allowing onion services to specify an optional dynamic proof-of-work scheme that its clients need to participate in if they want to get served."

The updated software, used to run Tor nodes, now supports a proof-of-work challenge called EquiX. Designed by Tevador, who developed Monero's proof-of-work algorithm, it is "a CPU-friendly client puzzle with fast verification and small solution size (16 bytes)."

It appears this computation will not go toward cryptomining, which some may feel is a lost revenue opportunity and others may welcome as an ethical necessity.

• FYI: Tor Browser is very much still a thing and getting updates
• Malware disguised as Tor browser steals $400k in cryptocash
• Veilid: A secure peer-to-peer network for apps that flips off the surveillance economy
• Last rites for the UK's Online Safety Bill, an idea too stupid to notice it's dead

In a blog post, Pavel Zoneff, director of communications for The Tor Project, explained that the way .onion services have been designed to provide privacy by obscuring user IP addresses makes them vulnerable to DoS attacks while also hindering IP-based rate limiting.

Tor's proof-of-work puzzle defaults to zero effort and is designed to scale up as network stress rises, taking into account client and server feedback.

Before accessing an onion service, a small puzzle must be solved, proving that some 'work' has been done by the client

"Before accessing an onion service, a small puzzle must be solved, proving that some 'work' has been done by the client," Zoneff said. "The harder the puzzle, the more work is being performed, proving a user is genuine and not a bot trying to flood the service. Ultimately the proof-of-work mechanism blocks attackers while giving real users a chance to reach their destination."

The hope is that making increasingly large computational demands on attackers will discourage abuse while allowing legitimate traffic to continue, though some legit users may notice a difference. According to Zoneff, users who submit only a few network requests will experience a small delay, on the order of five milliseconds for faster devices and as much as 30 milliseconds on slower hardware.

"If the attack traffic increases, the effort of the work will increase, up to roughly 1 minute of work," said Zoneff, who likened the experience to waiting on a slow network connection.

The initial proposal points out that this may affect Tor users on mobile devices more than on desktop devices, since prolonged puzzle-solving could drain the device's battery.

Tor developers may want to give more thought to the downsides of proof-of-work as the recent debut of Veilid, a novel peer-to-peer networking technology, suggests alternative approaches to anonymity-preserving communication.

It's early days, but the ability of Veilid to route around such attacks could be crucial if enough users get on board. ®