After several years in development, the Tor Project successfully merged its proof-of-work function yesterday into the main branch of the Tor software package. This means that after the next Tor software patch is released and widely implemented among nodes, the Denial of Service (DoS or DDoS) attacks that have plagued the network for years should be considerably lessened.
The Tor network was plagued by persistent DDoS attacks throughout much of 2022, which not only led to several major darknet markets being unreachable for weeks or months at a time but had a broader effect of slowing down the entire network, for almost all of its users. Such attacks are nothing new for Tor, however, and solutions for how to mitigate them have been the subject of debate among developers for years.
In Aug 2020, the Tor Project published a blog post explaining how the implementation of proof of work could be used to make it more costly for attackers attempting to DDoS the network. In Oct 2022, after such attacks had reached critical levels, a status update on the technical implementation of proof of work was published, with a proposal being formally introduced on Mar 17, 2023. Yesterday saw the efforts of the proposal being merged into the main Tor code base, although it remains to be seen what results the changes will have on DDoS attacks.
Announcement of Tor’s proof of work merge by Paris on the Dread forum.
“While Proof-Of-Work has been traditionally used to power blockchains, it was originally suggested for DoS protection. Tor devs have been exploring the space and we believe that such a system could work wonders against the DoS attacks the network is currently experiencing.” – The Tor Project, Sept 2020
The concept of proof of work was first introduced in 1999. It was formally incorporated into Adam Back’s hashcash system in 2002, in a paper titled Hashcash – A Denial of Service Counter-Measure. Hashcash was designed to prevent email spam by requiring an email sender to perform a small bit of computational work; the “proof” of which was added to the email header. Emails containing such headers could then be verifiably ascertained as not containing spam.
Although hashcash is only used in a handful of implementations today, proof of work was famously adopted by Bitcoin in 2009 for the purpose of Bitcoin mining. Other popular cryptocurrencies that currently use Proof of Work for coin mining include Dogecoin, Litecoin, and Monero.