Cryptographic puzzles and DoS resilience, revisited

  title={Cryptographic puzzles and DoS resilience, revisited},
  author={Bogdan Groza and Bogdan Warinschi},
  journal={Designs, Codes and Cryptography},
  • B. Groza, B. Warinschi
  • Published 1 October 2014
  • Computer Science, Mathematics
  • Designs, Codes and Cryptography
Cryptographic puzzles (or client puzzles) are moderately difficult problems that can be solved by investing non-trivial amounts of computation and/or storage. Devising models for cryptographic puzzles has only recently started to receive attention from the cryptographic community as a first step toward rigorous models and proofs of security of applications that employ them (e.g. Denial-of-Service (DoS) resistance). Unfortunately, the subtle interaction between the complex scenarios for which… 

Algorithm-Substitution Attacks on Cryptographic Puzzles

This work study and formalize security notions for algorithm substitution attacks (ASAs) on cryptographic puzzles and proposes defenses, several of which can be applied to existing cryptocurrency hardware with minimal changes.

A novel puzzle-based framework for mitigating distributed denial of service attacks against internet applications

This thesis provides a puzzle based DDoS defense framework that addresses several shortcomings of existing cryptographic puzzle techniques and introduces a novel queue management algorithm, called Stochastic Fair Drop Queue, to further strengthen the DDoS protection provided by the puzzle framework.

Designing Proof of Transaction Puzzles for Cryptocurrency

A novel Proof of Transaction (PoT) puzzle is constructed, and it is proved that PoT puzzle satisfies the basic construction conditions of scratch-off puzzle, and construction of PoTcoin is shown as application.

Moderately Hard Functions: Definition, Instantiations, and Applications

The goal of this work is to provide a (universal) definition that decouples the efforts of designing new moderately hard functions and of building protocols based on them, serving as an interface between the two.

Revisiting Client Puzzles for State Exhaustion Attacks Resilience

The results show that client puzzles are effective at boosting the tolerance of the TCP handshake channel to state exhaustion DDoS attacks by rate limiting malicious attackers while allocating resources for legitimate clients.

Provable Security for Cryptocurrencies

This thesis provides a formal specification and construction for each layer of an abstract cryptocurrency protocol, and proves that their constructions satisfy their specifications, and constructs secure puzzles that address important and well-known challenges facing Bitcoin today.

Analysis and Comparison of the Network Security Protocol with DoS/DDoS Attack Resistance Performance

  • Linzhi JiangChunxiang XuXiaofang WangYanghong Zhou
  • Computer Science
    2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems
  • 2015
ISO/IEC1170-3 key exchange protocol on Subset Sum Client Puzzle, which is non-parallelizable, easy construction and verification, has the good property against DoS/DDoS attack.

DNA-based client puzzle for WLAN association protocol against connection request flooding

By asking to solve an easy and cost-effective puzzle in OROD puzzle, legitimate users do not suffer from resource exhaustion during puzzle solving, even when under severe DoS attack (high puzzle difficulty).

A Novel WLAN Client Puzzle against DoS Attack Based on Pattern Matching

This paper addresses this common DoS attack and proposes a lightweight puzzle, based on pattern-matching, that adequately resists resource-depletion attacks in terms of both puzzle generation and solution verification.

Dynamic Cipher Puzzle for Efficient Broadcast Authentication in Wireless Sensor Networks

A Dynamic Cipher Puzzle (DCP), which uses a threshold function to limit the number of hash iterations, which decreases sender-side delay and increases the complexity for the attacker to implement probability and signature-based DoS attacks.



Revisiting Difficulty Notions for Client Puzzles and DoS Resilience

New security definitions for puzzle difficulty are distinguished and formalized and it is shown that the better characterization of hardness for puzzles and DoS resilience allows establishing formal bounds on the effectiveness of client puzzles which confirm previous empirical observations.

Security Notions and Generic Constructions for Client Puzzles

The interface that client puzzles should offer and two security notions for puzzles are clarified and given and breaking either of the two properties immediately leads to successful DoS attacks are filled.

Stronger Difficulty Notions for Client Puzzles and Denial-of-Service-Resistant Protocols

A security model for analyzing the DoS resistance of any protocol in the context of client puzzles is described and a generic technique for combining any protocol with a strong client puzzle to obtain a DoS-resistant protocol is given.

Non-Parallelizable and Non-Interactive Client Puzzles from Modular Square Roots

A novel scheme for client puzzles which relies on the computation of square roots modulo a prime and is able to mitigate DoS attacks on hosts in 1 or even 10 GBit networks is introduced.

Low-Cost Client Puzzles Based on Modular Exponentiation

This paper proposes cryptographic puzzles based on modular exponentiation that can be integrated in a number of protocols, including those used for the remote verification of computing performance of devices and for the protection against Denial of Service attacks.

Efficient trapdoor-based client puzzle system against DoS attacks

This thesis identifies the underlying weaknesses of existing client puzzles, and proposes a new model for puzzle distribution, called the Trapdoor-based Client Puzzle System (TCPS), which is formally defined along with strict security conditions.

Practical Client Puzzle from Repeated Squaring

This thesis presents a general client puzzle framework based on the time-lock secret release scheme created by Rivest et al.

Game Theoretic Resistance to Denial of Service Attacks Using Hidden Difficulty Puzzles

This paper proposes three concrete puzzles that satisfy the notion of hidden puzzle difficulty, where the attacker cannot determine the difficulty of the puzzle without expending a minimal amount of computational resource.

A Guided Tour Puzzle for Denial of Service Prevention

  • M. AblizT. Znati
  • Computer Science
    2009 Annual Computer Security Applications Conference
  • 2009
Guided tour puzzle is introduced, a novel puzzle scheme that achieves all previously defined desired properties of a cryptographic puzzle scheme, but it also satisfies more important requirements, such as puzzle fairness and minimum interference, that were identified.

Toward Non-parallelizable Client Puzzles

After showing that obvious ideas based on hash chains have significant problems, a new puzzle based on the subset sum problem is proposed, and this is the first example that satisfies all the desirable properties for a client puzzle.