DDoSCoin Cryptocurrency with a Malicious Proof-of-Work
Eric Wustrow Benjamin VanderSloot University of Colorado Boulder University of Michigan [email protected] [email protected] Cryptocurrencies
• Digital, decentralized cash • Public ledger of transactions • Mining rewards
Source: bitcoin.org
2 Proof-of-Work
Source: bitcoin.org
3 Alternate Proofs-of-Work
• Bitcoin • Litecoin • Peercoin • Permacoin • TorPath • Primecoin
• DDoSCoin
4 Proof-of-Stake
• Peercoin • Coin-days are proof • Rate-limiting prevents proof-of-work • Coins can only age 90 days
5 Proof-of-DDoS
Miner Target
ciphers = DHE client random = SHA256(prev block||merkle root||N) cipher = DHE server random = 0x... certificate chain DH Parameters signed(client random, server random, DH Parameters)
SHA256(DH Parameters || signature || N)
6
1 Block Validation Proves many connections to a target server, and leaves the blockchain in a good state
Miner Target
ciphers = DHE client random = SHA256(prev block||merkle root||N) cipher = DHE server random = 0x... certificate chain DH Parameters signed(client random, server random, DH Parameters)
SHA256(DH Parameters || signature || N)
7
1 Target Selection
• Any server? • Fixed set of servers?
Our Solution • Proof-of-Stake blocks • PAY_TO_DDOS transactions
8 Target Selection
…
MinerMiner victim.com New Proof-of-DDoS block Proof-of-Stake block Prev block hash: 2f7c63… Prev block hash: cc2b1a… Tx Merkle root: 9c8f15… … Tx Merkle root: 839f2c… Nonce: 63a108… Diff: + vicX.com Proof-of-DDoS: 8b2761… Transactions: Transactions: * -> Miner Bob -> Bob (coinstake) Alice -> Bob [DDoS vic2.com] -> Eve Dave -> [DDoS vic2.com] (PAY_TO_DDOS) {proof} (PAY_TO_DDOS) 9 Proof-of-DDoS Implementation
1 Normal Under DDoS
0.8
0.6 CDF 0.4
0.2
0 10 100 1000 10000 10 Time (ms) Defenses
• Version or cipher suite changes • Victims claiming own rewards • Stakeholding • Legal action
11 Discussion
• Malicious “useful” proof-of-work • Challenges regarding bandwidth availability • Ethereum smart contracts • Ethical Forks • Barriers to adoption
12 Ethics
• Did not attack real servers • Did not publish the full coin
13 Ethics
• Did not attack real servers • Did not publish the full coin • Full disclosure
14 DDoSCoin Cryptocurrency with a Malicious Proof-of-Work
Eric Wustrow Benjamin VanderSloot University of Colorado Boulder University of Michigan [email protected] [email protected] Target Difficulty
• Global difficulty parameter • Adjust the rate at which transactions are processed • Per-domain difficulty parameter • Allow all targets to be viable • Constant time intervals • Initial difficulty set by user
16