Since the middle of 2022, the Tor network, designed to protect privacy, has been grappling with a barrage of denial of service (DoS) attacks. These attacks have significantly slowed down the network’s performance and, at times, rendered it nearly unusable.
Tor Fights Back with Proof of Work
In its latest software update, Tor takes a stand against these attacks by implementing a defense strategy based on proof of work (PoW). This cryptographic mechanism, famously associated with securing Bitcoin, is being leveraged by Tor to counteract the ongoing DoS attacks. The idea of using PoW to thwart attacks has been a topic of discussion within the Tor community for years, and now it has finally materialized.
Shifting the Computational Battle
The primary objective of this implementation is to compel attackers to expend greater computational resources in order to carry out their disruptive activities. By introducing PoW, Tor aims to shift the balance of power by making attacks more resource-intensive for malicious actors.
Unique Implementation for Tor
While both Bitcoin and Tor employ a PoW mechanism, they differ significantly in their implementation. Tor’s version of proof of work has been specifically tailored by its developers to safeguard against attacks on the network. According to Pavel Zoneff, Director of Strategic Communications at The Tor Project, while there are similarities in the algorithms, there are key distinctions. Tor’s dynamic proof-of-work system involves clients participating in a “bidding” process, channeling their proof-of-work efforts to counter potential threats.
Safeguarding Onion Services
Tor hosts “onion services,” which are websites or services accessible through the network, protecting the anonymity of their IP addresses. The network’s algorithm has the capability to detect sudden spikes in traffic, often indicative of an attack. In response, the proof-of-work mechanism kicks in, requiring users to invest more computational resources to access these services. This change is designed to go unnoticed by regular users but significantly impacts attackers, who now face increased computational hurdles.
Disincentivizing Attackers, Prioritizing Legitimate Traffic
Pavel Zoneff highlighted the motivation behind this approach in the software release announcement. He explained that the integration of a proof-of-work mechanism is intended to discourage attackers by rendering large-scale attacks economically and practically infeasible. Simultaneously, the mechanism aims to prioritize genuine network traffic, reinforcing Tor’s commitment to protecting users’ privacy and online experiences.
