Skip to content

tor: enable PoW defenses for automatically created hidden services #33414

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
vasild wants to merge 3 commits into
base: master
Choose a base branch
from
Open

tor: enable PoW defenses for automatically created hidden services #33414

vasild wants to merge 3 commits into from

Conversation

@vasild
Copy link
Contributor

@vasild vasild commented Sep 17, 2025

Enable PoW defenses for hidden services that we create via Tor Control using the ADD_ONION command.

The ability to do that has been added in tor-0.4.9.2-alpha. Previous versions return a syntax error to the ADD_ONION command with PoWDefensesEnabled=1, so the approach here is to try with PoW and if we get syntax error, then retry without PoW.

Also update doc/tor.md with a hint on enabling PoW on manually configured Tor hidden services.

@vasild
tor: enable PoW defenses for automatically created hidden services
5aefa08 
Enable PoW defenses [1] for hidden services that we create via
Tor Control using the `ADD_ONION` command [2].

The ability to do that has been added in tor-0.4.9.2-alpha [3]. Previous
versions return a syntax error to the `ADD_ONION` command with
`PoWDefensesEnabled=1`, so the approach here is to try with PoW and if
we get syntax error, then retry without PoW.

[1] https://tpo.pages.torproject.net/onion-services/ecosystem/technology/security/pow/
[2] https://spec.torproject.org/control-spec/commands.html#add_onion
[3] https://gitlab.torproject.org/tpo/core/tor/-/commit/02c18044464bfe45f168b55297a785244094cfd5
@vasild
doc: add a hint to enable PoW defenses to manual hidden services
a61080a
@vasild
doc: add release notes for Tor PoW defenses
8a526d3
@DrahtBot DrahtBot added the P2P label Sep 17, 2025
@DrahtBot
Copy link
Contributor

DrahtBot commented Sep 17, 2025
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage & Benchmarks

For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/33414.

Reviews

See the guideline for information on the review process.
A summary of reviews will appear here.

Conflicts

Reviewers, this pull request conflicts with the following ones:

  • #33960 (log: Use more severe log level (warn/err) where appropriate by maflcko)
  • #29641 (scripted-diff: Use LogInfo over LogPrintf [WIP, NOMERGE, DRAFT] by maflcko)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

@dergoegge
Copy link
Member

dergoegge commented Sep 17, 2025

Should we then also add PoW to the connections that we make to other nodes running behind hidden services?

@willcl-ark
Copy link
Member

willcl-ark commented Sep 17, 2025

Should we then also add PoW to the connections that we make to other nodes running behind hidden services?

Reading the linked FAQ, the feature still supports "older clients" (which don't have PoW defence capability), but they may take a lower priority when a service considers itself under DoS. So no PoW is required on the client side.

When the client-side tor is new-enough, my understanding is that the puzzle-solving is automatically handled by Tor, and doesn't need client-side changes to the connection code, as it happens during the introduction. But I am not 100% certain.

@DrahtBot DrahtBot mentioned this pull request Sep 18, 2025
Merged
@fanquake
Copy link
Member

fanquake commented Sep 23, 2025

@laanwj you might have some thoughts here?

@DrahtBot DrahtBot mentioned this pull request Nov 27, 2025
Merged
@DrahtBot
Copy link
Contributor

DrahtBot commented Dec 2, 2025

🐙 This pull request conflicts with the target branch and needs rebase.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Needs rebase P2P

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@vasild @DrahtBot @dergoegge @willcl-ark @fanquake