The Case for Public Work

Whether it is port scans, spam, or distributed denial-of-service attacks from botnets, unwanted traffic is a fundamental problem in all networked systems. Although proof-of-work has been proposed as a mechanism for thwarting such attacks, few proof-of-work systems have been successfully deployed. One of the problems in the proof-of-work approach is that the systems that issue and verify puzzles are typically located at or near the server edge. Rather than eliminate the denial-of-service problem, such approaches merely shift the problem from the service itself to the proof-of-work systems protecting the service. As a result, adversaries can disable services by flooding the issuer, by flooding the verifier, or by flooding all of the network links that lead to the issuer and verifier. To address this problem, this paper proposes a new approach for building proof-of-work systems based on publicly verifiable client puzzles. The system works by issuing a single "public work function" that clients must solve for each of its subsequent requests. Because the work function is publicly verifiable, any network device at the client\´s edge can verify that subsequent traffic will be accepted by the service. The system mitigates floods to the issuer since only a single work function needs to be given per client, thus allowing duplicate requests and replies to be supressed. The system mitigates floods to the verifier and across links leading to the server edge by allowing the verifier to be placed arbitrarily close to the client adversary.