We do the research, you get the alpha!
Since mid-2022, the privacy preserving Tor network has been plagued by denial of service attacks, making the network sluggish and—at times downright impossible to use.
In its latest software release,Tor is aiming to "defend" against these attacks with proof of work, the same cryptographic mechanism that underpins and secures Bitcoin. Using proof of work in some manner to prevent attacks has been an idea in the Tor community for many years. Now it’s finally in place.
The goal of this roll out is to require attackers to use more computational resources to execute their attacks.
Tor is a network that privatizes the IP addresses of people who use it. It's also used by Bitcoin and other cryptocurrency advocates to improve their privacy, hiding the IP address of Bitcoin nodes or where transactions are coming from, for instance.
Though Bitcoin and Tor now both use proof of work, technology by the same name, the privacy network's implementation is quite different since its developers have crafted it specifically to guard against attacks on Tor.
"There are algorithmic similarities, but there are a few important distinctions. Tor's proof-of-work system is dynamic: instead of forcing clients to go after a static target, we ask clients to 'bid' using their proof-of-work effort," The Tor Project director of strategic communications Pavel Zoneff told Decrypt.
"Onion services" are websites or services that run over Tor, shielding the website's ip address. The network's algorithm is able to detect when a website is receiving a bunch of traffic at once — say from an attacker. When that happens, proof of work kicks in, requiring users to use more computational effort to visit the website.
Normal users shouldn't notice this change, but attackers will, since they’ll have to use much more computational impact to have the same impact.
"We believe that the introduction of a proof-of-work mechanism will disincentivize attackers by making large-scale attacks costly and impractical while giving priority to legitimate traffic," Zoneff explained in the post announcing the release.