
DDoSCoin: Cryptocurrency with malicious proof of work - kwantam
https://www.usenix.org/conference/woot16/workshop-program/presentation/wustrow
======
Rauchg
Despite this malicious use-case, it's entirely possible that the underlying
proof-of-work technique (using the target server's TLS signatures for
validation) can inspire some noble applications or smart contracts :)

As a somewhat contrived example, instead of blindly trusting that a certain
monitoring system like "Uptime Robot" is checking your servers (or going
through an expensive access_log based verification), you could verify their
proof-of-connection.

~~~
vessenes
That's a nice idea. I think you'd want the opposite though, mostly, proof that
the site is down. That's a bit harder.

I guess you could ask someone to provide a TLS-notarized response from a TLS-
compatible uptime checker.

~~~
droffel
You could include the hash of the last block in the network as part of your
handshake, along with a nonce, and pay out tiny amounts of currency to whoever
produces a signed handshake containing that hash (as long as the signed
handshake is below a certain number? Not sure if that's useful or not in this
situation). But if you want proof of uptime, having a TLS-notarized response
with a handshake containing a previous block hash is pretty solid proof.

------
vessenes
I haven't done a deep dive, but I think this same proof of work could be
instrumented in a smart contract to create a DDOS market, without publishing a
new blockchain.

Oraclize has already built TLS verification into their solidity contracts for
instance. So you could outsource most of the work there, I think.

EDIT: Yes, this would definitely work, and be a lot less effort than the
paper.

~~~
zmanian
I think you are right. The same techniques could be applied in ethereum to
reward ddos attackers.

It's beautiful and terrible at the same time. <3

We may have found a deeper horror than assignation markets.

~~~
wtracy
Did you mean assassination markets, or does "assignation" have another meaning
I'm not aware of?

~~~
zmanian
I meant the former...

~~~
stcredzero
Assignation markets would probably be an overall societal good, especially if
combined with decriminalization.

------
kbody
Quite related: [https://tlsnotary.org/](https://tlsnotary.org/)
[https://github.com/tlsnotary/tlsnotary](https://github.com/tlsnotary/tlsnotary)
TLS notarization is a genius idea, but the UX is what is holding it back.
However, I'm sure there's room for innovation in this part, just like DDoSCoin
shows.

------
niftich
Intriguing concept, but malicious is orthogonal to illegal, although they are
often correlated.

Namely, in several jurisdictions, including the one that the paper is
presented in, (D)DOS is illegal -- a different point to debate -- making this
_particular_ proof-of-work _both_ malicious and illegal.

A more intriguing one would be one that's merely (debatably) malicious but not
_per se_ illegal, like, say, password hash cracking, which is similar enough
to existing PoW schemes to make feasible.

~~~
rcthompson
In jurisdictions where it's illegal, would possession of this currency
constitute evidence that a person committed a crime?

~~~
wongarsu
It wouldn't proove that you committed the crime, since you could have gotten
the currency through other means. It's also not certain proof that somebody
committed a crime, since the currency could have been mined by someone for
whoom this was legal.

On the other hand, if the DDoS target is located in a country where DDoS is
illegal, then in that jurisdiction possession of the currency is certainly
evidence that some unknown party participated in the DDoS. That might give
police certain priviledges around confiscating any coins, depending on
jurisdiction.

------
jerguismi
Can't the website owner make quite easily as much TLS proofs as he wants?

~~~
viraptor
As mentioned it's addressed. But also there's an easy defence of just updating
the certificate key if under such attack. With Let's encrypt around, getting a
new certificate is not a huge deal anymore. And rekeying is possible with some
other services as well.

~~~
schoen
> With Let's encrypt around, getting a new certificate is not a huge deal
> anymore.

You'd hit the rate limit pretty quickly, though, if you had to keep doing this
repeatedly on the same day!

------
runeks
I looked through the paper and couldn't find it, so I'll ask here: what is the
motivation behind this? I don't understand the purpose of this system. I
understand that some people are paid to perform DDoS attacks against specific
targets. I don't understand how a special crypto currency changes this.

    
    
        > Miners are incentivized to send and receive 
        > large amounts of network traffic to and from the 
        > target in order to produce a valid proof-of-work.
    

No they are not. Just because you create a "crypto currency", which rewards
some activity, does not mean people will start performing this activity.
Unless they mistakenly believe the tokens they earn somehow have value. A
mined crypto currency needs to have value _before_ miners are incentivized to
do what it takes to mine coins.

It seems like any paper with the word "Blockchain" in it gets votes to the top
regardless of whether or not the system actually provides any additional
value. Designing useless systems is not hard.

    
    
        > In order to allow victims to be (temporarily) selected for
        > DoS, DDoSCoin allows “bounties” for targeting specific servers. To accomplish this, DDoSCoin 
        > introduces a new payment opcode, PAY_TO_DDOS, 
        > that can be used in transactions subject to 
        > certain constraints. 
    

So miners perform DDoS attacks to earn coins, and then send these coins in a
transaction which incentivizes others to perform DDoS attacks? This makes no
sense. A group of supposed DDoS attackers "incentivizing" each other to
perform attacks to earn tokens they themselves have created.

~~~
chaosfox
what you are missing is that with this system the miner can prove he performed
the attack.

The ability to perform DDoS attacks is already valuable in itself, as you said
yourself, but you can't prove who performed the attack or that the attack was
performed at all, this system allows miners to create the proof by performing
the very act of DDoS.

~~~
stingraycharles
Yes, but that could also be used in just a marketplace, for example, and still
does not merit a crypto currency. The neat thing here is that it's
programmable and freely accessible to anyone. As others have mentioned, that
allows this to be used in smart contracts, etc.

------
digi_owl
Every day we seem to inch our way towads Accelerando...

~~~
adamhepner
Thank you, this seems like an interesting lecture!

------
cakoose
A primary feature of OTR-style communication protocols is deniable
authentication. If Alice and Bob communicate via OTR, Alice can't can prove
(cryptographically) to anyone else that the messages she received were
actually from Bob.

Would an OTR-style protocol be immune any type of DOS proof-of-work? Are there
disadvantages to having deniable authentication for the kinds of communication
that TLS is used for today?

Edit: according to the paper, the attack only works on TLS 1.2+, and only
works on the setup phase. Apparently, TLS allows you to forge the contents of
the communication. Does OTR allow you to forge the setup phase as well?

------
qwertyuiop924
I had an idea for a cryptocurrency whose PoW would incentivise stealing and
erasing files from other computers. I even wrote some code for it, but it
seems to have gone missing...

------
bustajystander
I don't see how it is any different than hedging against any real commodity or
stock in a traditional banking sense...

------
amingilani
I would love to see Anonymous flock to an implementation of this. Hacktivism
with a reward.

------
mmaunder
Crawlcoin instead? SE's prove due diligence.

~~~
vessenes
I think the issue there is getting a scheme that has the asymmetric
validation. And you want the results of a crawl.

You could merkle up the different pages you've crawled, and combine with a
part of your public key to get a unique hash. But, the question is why would
someone pay for it?

------
tener
Finally we can have a fair market for DDoS! This is what will liberate the
system from the evil overlords of DDoS corporations!!!

