Proof of Work (PoW) defense for Onion Service is released

We are thrilled to announce that the Proof of Work (PoW) protection for Onion Services is now available for general adoption with the tor 0.4.8.4 stable release.

If you’re an Onion Service operator, your feedback will help us identify issues with this new protection and ensure its reliability.

What is the PoW protection for Onion Service?

Proof of Work (PoW) is a cryptographic mechanism where a computing system can prove to another that they have performed some computational effort.

The Proof of Work (PoW) defense for Onion Services is a way to protect against Denial of Service (DoS) attacks by prioritizing, when under stress, clients that have proved to the service that they performed a number of resource-intensive operations.

It’s a way to prioritize verified effort (but not a way to verify users), which means attackers would have trouble launching many requests to an Onion Service, but users will possibly have resources to do their legitimate requests.

In other words, Onion Services may be configured to offer a Client Puzzle if they’re under heavy load, and to prioritize incoming client connections containing solutions to the puzzle.

For an overview of this new protection, check it’s blog post.

For a deeper explanation about how it works, check the PoW FAQ and Proposal 327.

How to try PoW

If you operate an Onion Service and believe that it may be subject to high traffic or even a DoS attack, you may help Tor by giving feedback about the PoW protection.

To setup the PoW protection, please follow the steps outlined at the Onion Services DoS Guidelines page. This involves:

  1. Using a GPL-covered C Tor binary version 0.4.8.4 onwards (your software distribution may already provide it or you might need to compile it yourself).

  2. Enable the protection for each of your Onion Services with HiddenServicePoWDefensesEnabled 1.

  3. Monitor your services with MetricsPort (be careful to not expose this port publicly) and tools like Prometheus and Grafana.

  4. Tune HiddenServicePoWQueueRate and HiddenServicePoWQueueBurst for each Onion Service as needed.

During DoS attacks, you might also want to increase verbosity on your logs for a short while to help understanding what’s going on. To do that, use a Log configuration like this:

Log info file /var/log/tor/info.log

Submit your feedback

For general questions about PoW, you can leave a comment in this post, or start a new thread.

If you believe that you have found a non-security issue, submit your feedback at the Tor GitLab repository for technical reports. Include a clear description of the problem, your Tor logs, steps to reproduce it, and any relevant details.

In the other hand, if you think you found a security issue, follow the procedure at the Security Policy page in order to report it privately.

Be careful with the data you share in your bug reports (MetricsPort data or log files). When in doubt, don’t share it at first and ask for help on how to clean them.

By testing PoW and reporting any issues, bugs, or suggestions, you will contribute significantly to refining its performance and optimizing its capabilities. Your participation will not only benefit the Tor community but also help advance the Internet freedom community.

4 Likes

Hi, excited to see this get released!

I saw that 0.4.8.4 packages have been uploaded to deb.torproject.org, but they don’t appear to have been compiled with the required --enable-gpl option (based on looking at the tor --version output). Is Tor planning to provide GPL-covered Debian packages or are we on our own for that? I’m asking specifically for SecureDrop, which uses the deb.torproject.org packages but would like to enable this.

1 Like

GPL-covered packages will be soon available at deb.torproject.org:

2 Likes