From 31543981c1df6d7ff048a3980ddf155c38dc0cd5 Mon Sep 17 00:00:00 2001 From: nazeh Date: Fri, 29 Nov 2024 13:24:10 +0300 Subject: [PATCH] docs: update censorship resistance docs with the IP distribution consideration --- docs/censorship-resistance.md | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/docs/censorship-resistance.md b/docs/censorship-resistance.md index d8e9513b..7f947790 100644 --- a/docs/censorship-resistance.md +++ b/docs/censorship-resistance.md @@ -61,7 +61,10 @@ that limits the number of nodes to 8 for each IP, and uniformly disrtibute these ### Solution -The solution used in this implementation is to store data to all nodes closer to the target than the `expected distance to k (edk)` instead of just the closest `k` nodes. +To circumvent vertical sybil attack, we make sure to store data to as many of the closest nodes -that responded to our GET query- as necessary +to satisfy both the following requirements: + +#### One or more nodes are further from the target than the `expected distance to k (edk)`. To understand what that means, consider that we have a rough estimation of the DHT size (which we obtain as explained in the documentation of the [Dht Size Estimate](./dht_size_estimate.md)), then we can _expect_ that the closest `k` nodes, are going to be @@ -80,6 +83,23 @@ If we store data in all nodes until `edk` (the expected distance of the first 2 Because the nature of the DHT queries, we should expect to get a response from at least one of these honest nodes as we query closer and closer nodes to the target info hash. +#### Minimum number of unique subnets with 6 bits prefix. + +An extreme, and unlikely, but possible way to defeat our `edk` approach to detect vertical sybil attacks, is to DDoS all the honest nodes +and replace them with enough nodes owned by the attacker. + +To find enough nodes to replace the nodes until `edk` the attacker needs ~4 `/8` blocks, or a single `/6` block. + +However, we can make this much more expensive, by keeping track of the number of unique `6 bit prefixes` in each GET query response, +and store data to enough nodes that have enough unique prefixes to match the average from previous queries. + +At the time of writing, this usually means the attacker needs to control up to 12 `/6` blocks. + +To recap, the attacker needs to do all the following: +1. DDoS all closest nodes until expected distance to the 20th node. +2. Own or control at least 20 IP addresses that are hashed to IDs closer to the target than the expected distance to the 20th node. +3. Make sure the 20 IPs from above belong to at least 12 different `/6` subnets. + ## Horizontal Sybil Attacks If an attacker can't perform a vertical Sybil attack, it has to run > 20 times the number of current honest nodes to have a good chance of taking over an info hash,