Attacks

Spam

Since Tingl uses X25519 identity keypairs as a user identity, and since these keypairs could be quickly generated en masse, Tingl introduces additional mechanisms of spam protection.

Proof of Work

To make the cost of spamming the network with offline messages Tingl introduces requirement to attack proof of work nonce for every offline message sent accross the network. Essentially Tingl uses the same algorithm as Bitmessage (https://wiki.bitmessage.org/index.php/Proof_of_work).
In order for a message to be stored in the network, the client has to attach a nonce to a message. This nonce must reach a specific difficulty threshold when hashed alongside with the message payload. This threshold is dynamically derived from the global network difficulty
DD
, global network extra bytes difficulty
DeD_e
(the purpose of
DeD_e
is to add some extra weight to small messages), payload length in bytes
L(P)L(P)
where
PP
is payload bytes and message time to live in seconds
τ\tau
. Difficulty is higher for bigger payloads and messages that are intented to be stored for longer.
Let’s imagine Alice wants to store message
MM
in the network. She has to create a payload
PP
for her message first:
P=nonceTcEnc(M)P = nonce||Tc||Enc(M)
where
TcT_c
is a message creation timestamp and
Enc(M)Enc(M)
is encrypted message content.
Target threshold for this message will be:
target=264D(L(P)+De+τ(L(P)+De)216)target = \frac{2^{64}}{D(L(P) + D_e + \frac{\tau(L(P) + D_e)}{2^{16}})}
After that Alice proceeds with generating the
noncenonce
and producing hash
HH
:
H=SHA512(SHA512(P))H = SHA_{512}(SHA_{512}(P))
SHA512SHA_{512}
was chosen as it is widely supported and so that Bitcoin POW hardware cannot trivially be used for generating
HH
.
The goal is to generate such hash
HH
that is
H<targetH < target
, which is determined by reducing
HH
to unsigned 64-bit integer.
Smaller target leads to harder proof of work, so messages with larger
τ\tau
or
L(P)L(P)
require more effort from the client to be sent.
Finally when the right
noncenonce
is found, the client is ready to send the original message along with
noncenonce
using onion request.

TTL

Each message stored in the network has limited time to live (TTL) before being deleted. The maximum TTL is 48 hours.

DOS

A Denial-Of-Service attack is an attack on a computer or a network that causes the loss of a service. There exist many forms or methods to perpetrate a DOS attack. In the case of P2P networks, the most common form of a DOS attack is an attempt to flood the network with bogus packets, thereby preventing legitimate network traffic.
P2P networks generally are more resistant to DOS attacks due to their distributed nature. Instead of relying on a single or low number of centralized servers, making it a single point of failure, Tingl network is a distributed network of many independant nodes. For DOS attack to be successful attacker must conduct a DOS attack against majority nodes in the network, making such attack possible, but ”pricy” for adversary.
Network flooding attack is prevented by the message signature requirement in conjunction with node reputation mechanism. Every message sent to the network must be signed and nodes keep track of the messages a node’s already seen. A node will drop a duplicated message, thus preventing adversaries from easily flooding the network with duplicated messages. And the network will eventually rule misbehaving node out of the network. Also a node itself is responsible for it’s outbound traffic rate limiting and it’s own clients proper behaviour.

Sybil Attack

P2P systems in general are vulnerable to a class of attacks called Sybil attacks, in which one operator spins up a large number of DHT peers with distinct identities (generally called “Sybils”) to flood the network and gain an advantageous position.\par Network queries could be disrupted either by returning incorrect data or by not returning any data at all. To prevent such behaviour we introduce proof-of-stake requirement for service nodes. Every node should stake some currency in Tingl tokens (amount TBD) to be allowed to participate in the network. If the node is found guilty of disrupting the network operation, stake sum will be slashed from the node. Making it harder for adversary to disrupt the network.