Attacks

Spam

Since Tingl uses X25519 identity keypairs as a user identity, and since these keypairs could be quickly generated en masse, Tingl introduces additional mechanisms of spam protection.

Proof of Work

To make the cost of spamming the network with offline messages Tingl introduces requirement to attack proof of work nonce for every offline message sent accross the network. Essentially Tingl uses the same algorithm as Bitmessage (https://wiki.bitmessage.org/index.php/Proof_of_work).

In order for a message to be stored in the network, the client has to attach a nonce to a message. This nonce must reach a specific difficulty threshold when hashed alongside with the message payload. This threshold is dynamically derived from the global network difficulty $D$, global network extra bytes difficulty $D_e$ (the purpose of $D_e$ is to add some extra weight to small messages), payload length in bytes $L(P)$ where $P$ is payload bytes and message time to live in seconds $\tau$. Difficulty is higher for bigger payloads and messages that are intented to be stored for longer.

Let’s imagine Alice wants to store message $M$ in the network. She has to create a payload $P$ for her message first:

$$P = nonce||Tc||Enc(M)$$

where $T_c$ is a message creation timestamp and $Enc(M)$ is encrypted message content.

Target threshold for this message will be:

$$target = \frac{2^{64}}{D(L(P) + D_e + \frac{\tau(L(P) + D_e)}{2^{16}})}$$

After that Alice proceeds with generating the $nonce$ and producing hash $H$:

$$H = SHA_{512}(SHA_{512}(P))$$

​$SHA_{512}$ was chosen as it is widely supported and so that Bitcoin POW hardware cannot trivially be used for generating $H$.

The goal is to generate such hash $H$ that is $H < target$, which is determined by reducing $H$ to unsigned 64-bit integer.

Smaller target leads to harder proof of work, so messages with larger $\tau$ or $L(P)$ require more effort from the client to be sent.

Finally when the right $nonce$ is found, the client is ready to send the original message along with $nonce$ using onion request.

TTL

Each message stored in the network has limited time to live (TTL) before being deleted. The maximum TTL is 48 hours.

DOS

A Denial-Of-Service attack is an attack on a computer or a network that causes the loss of a service. There exist many forms or methods to perpetrate a DOS attack. In the case of P2P networks, the most common form of a DOS attack is an attempt to flood the network with bogus packets, thereby preventing legitimate network traffic.

P2P networks generally are more resistant to DOS attacks due to their distributed nature. Instead of relying on a single or low number of centralized servers, making it a single point of failure, Tingl network is a distributed network of many independant nodes. For DOS attack to be successful attacker must conduct a DOS attack against majority nodes in the network, making such attack possible, but ”pricy” for adversary.

Network flooding attack is prevented by the message signature requirement in conjunction with node reputation mechanism. Every message sent to the network must be signed and nodes keep track of the messages a node’s already seen. A node will drop a duplicated message, thus preventing adversaries from easily flooding the network with duplicated messages. And the network will eventually rule misbehaving node out of the network. Also a node itself is responsible for it’s outbound traffic rate limiting and it’s own clients proper behaviour.

Sybil Attack

P2P systems in general are vulnerable to a class of attacks called Sybil attacks, in which one operator spins up a large number of DHT peers with distinct identities (generally called “Sybils”) to flood the network and gain an advantageous position.\par Network queries could be disrupted either by returning incorrect data or by not returning any data at all. To prevent such behaviour we introduce proof-of-stake requirement for service nodes. Every node should stake some currency in Tingl tokens (amount TBD) to be allowed to participate in the network. If the node is found guilty of disrupting the network operation, stake sum will be slashed from the node. Making it harder for adversary to disrupt the network.