spacemeshos / pm

Project management. Meta-tasks related to research, dev, and specs for the Spacemesh protocol and infrastructure.
http://spacemesh.io/
Creative Commons Zero v1.0 Universal
2 stars 0 forks source link

PoET DDOS mitigation #305

Closed mathcrypto closed 11 months ago

mathcrypto commented 1 year ago

Goal: Protect PoET providers from spam attacks.

The original design for this was that the poet validates the post-proof before accepting a registration. But this proved too hard to maintain because just validating the post-proof is considerable work. Currently, the poet doesn't scale well. In the meantime, we implemented some proof of work which later on was replaced by the certification service explained here.

The way the certification design work is:

When smeshers contact the poet, the poet will provide them with a URL and a public key. This means they have to pre-register before they register with the poet. They then use this URL to get a certification for their identity specifically. The certification service validates that they had a valid post-proof with this identity, it returns to them a certificate that can be used forever (maybe adding an expiration date). This certificate basically says that this identity invested some upfront work. Theoretically, you can DDOS the certification service but that would only prevent new comers from registration since old ones already have a valid certificate

Problem with this approach and proposed improvements: The risk of DDOS is still there because validating a PoST proof is costly for the certifier and we should add PoW to protect the certifier from DoS attacks. The amount of work should exceed the work required to validate the PoST proof, to create symmetry (so submitting an invalid PoST proof would cost the attacker as much as it costs us to validate it). See discussion here

Final goal:

The idea is that eventually you'll have paid poets. And with paid poets, the poets will pay for storage and people will pay the poets. So if somebody wants to spam the network, they can but they have to pay for it which means there is a cost to this attack and it won't be for free.

See https://github.com/spacemeshos/pm/issues/290