As a somewhat contrived example, instead of blindly trusting that a certain monitoring system like "Uptime Robot" is checking your servers (or going through an expensive access_log based verification), you could verify their proof-of-connection.
I guess you could ask someone to provide a TLS-notarized response from a TLS-compatible uptime checker.
Oraclize has already built TLS verification into their solidity contracts for instance. So you could outsource most of the work there, I think.
EDIT: Yes, this would definitely work, and be a lot less effort than the paper.
It's beautiful and terrible at the same time. <3
We may have found a deeper horror than assignation markets.
Namely, in several jurisdictions, including the one that the paper is presented in, (D)DOS is illegal -- a different point to debate -- making this particular proof-of-work both malicious and illegal.
A more intriguing one would be one that's merely (debatably) malicious but not per se illegal, like, say, password hash cracking, which is similar enough to existing PoW schemes to make feasible.
On the other hand, if the DDoS target is located in a country where DDoS is illegal, then in that jurisdiction possession of the currency is certainly evidence that some unknown party participated in the DDoS. That might give police certain priviledges around confiscating any coins, depending on jurisdiction.
Interesting choice of words. Orthogonal variables are by definition uncorrelated.
You'd hit the rate limit pretty quickly, though, if you had to keep doing this repeatedly on the same day!
> Miners are incentivized to send and receive
> large amounts of network traffic to and from the
> target in order to produce a valid proof-of-work.
It seems like any paper with the word "Blockchain" in it gets votes to the top regardless of whether or not the system actually provides any additional value. Designing useless systems is not hard.
> In order to allow victims to be (temporarily) selected for
> DoS, DDoSCoin allows “bounties” for targeting specific servers. To accomplish this, DDoSCoin
> introduces a new payment opcode, PAY_TO_DDOS,
> that can be used in transactions subject to
> certain constraints.
Context matters. When they say "Miners" they describe a model with miners who are people whose objective is to gain this cryptocurrency. Providing a way to do it is the same as providing incentive. If you're a random uninterested Jo Blogs, you're not a miner in this scenario.
> So miners perform DDoS attacks to earn coins, and then send these coins in a transaction which incentivizes others to perform DDoS attacks? This makes no sense.
It doesn't mean that this is the only way to earn them. The currency could start pre-mined for example so it could be a private network of someone organising a one-time attack. Or the coins could be traded for another currency,
The ability to perform DDoS attacks is already valuable in itself, as you said yourself, but you can't prove who performed the attack or that the attack was performed at all, this system allows miners to create the proof by performing the very act of DDoS.
You don't send actual transactions with the PAY_TO_DDOS opcode. Transactions are just how messages are passed around on blockchains. This transaction sets a bounty. Day to day, miners mine by hitting on a preselected whitelist, and can also monitor bounties looking for higher paying targets.
The reasoning you have used could be applied to bitcoins, after all it has no sense it is just people sending bits to each other and wasting computational resources.
Instead look at it this way. There is some people in the economy which want to pay for some services(DDOS) with currency, $. It just happens that those activities are illegal which the new crypto-currency helps to conceal(with respect to those who will punish you) and verify(regarding the contract parties), which is also important because the government won't enforce the contract if you are scammed. Or it brings some value added in other ways such as enhanced privacy, easier transactions... Even if the marginal improvement over existing options is small it serves as a way to bootstrap the value of the new currency.
After a value is reached the market will exchange $ for the new currency until it reaches a settlement price.
You focus was on the supply side, thinking that people won't perform DDOS for some bits in exchange. But there will be a market in which the people on the demand side will be willing to buy those bits which at the same time will give DDOSers a way to convert bits to $. After all nobody would hoard those bits and take them to the grave.
And I know that I still haven't explained how that value can be bootstraped. I will propose you a theory about the bootstrap value. For the first transaction I only need to assume that people are heterogeneous regarding risk aversion and that people can act according to expectations. The person that initially holds those tokens isn't necessarily the person that will use them first in exchange for a DDOS, those tokens can be sold.
A risk-taker client could, based on the total number of tokens and the aggregated value added of the currency(maybe only partially) over the rest of previous currencies, calculate a ratio of tokens to $ as an expectation of its future exchange rate. The estimation of the current value for the current exchange rate would take other factors into account such as liquidity, risk... that will tend to undervalue the new currency until there is more liquidity, certainty... The degree of undervaluation will be equivalent to a discount rate of other assets of similar risk and liquidity. This client would be willing to pay the amount of dollars equivalent to the value a standard service(SER) at the current exchange rate.
Then a risk-taker DDOSer estimating a similar current eschange rate will ask for for the amounts of tokens convertible to the amounts of dollars of a standard service(SER). In order to match those buyers and sellers it isn't necessary to have an exact price. The length bargaining range would be composed by the sum of the value added to the buyer(VA_b) and the value added to the seller(VA_s), and any price on that range will reach settlement.
This creates an interval of settlement prices [SER - VA_s, SER + VA_d] for which the transaction is profitable to both parties. This happens as long as the new currency helps to create value for these parties "VA_d + VA_s > 0"
The only remaining attack is arbitrage. What prevents anyone from forking the currency and creating/attributing bits for/to himself? Once anyone betrays the consensus ledger, the rest of the players will only accept the change and assume the new risk if the reward is greater than the current value of their share in the old branch plus some amount to compensate for the risk. This is clearly unprofitable for the usurper. And if he could make any profit, deceive some them or steal from a minority, what prevents a second round of usurpers from seizing again some value? This could be played to infinity, then the uncertainty would bring down the value of the currency until it crashes to 0.
With respect to other currencies like bitcoin this arbitrage argument could be solved if the new currency creates enough value to offset the risk and costs of switching.
Would an OTR-style protocol be immune any type of DOS proof-of-work? Are there disadvantages to having deniable authentication for the kinds of communication that TLS is used for today?
Edit: according to the paper, the attack only works on TLS 1.2+, and only works on the setup phase. Apparently, TLS allows you to forge the contents of the communication. Does OTR allow you to forge the setup phase as well?
You could merkle up the different pages you've crawled, and combine with a part of your public key to get a unique hash. But, the question is why would someone pay for it?