Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Regardless, you need a device that’s more powerful than whatever the attacker is using.

The article says they target 1 minute solve times under load. If that’s 1 minute on a 5GHz, 64 core machine with 512GB ram, an A100 and an FPGA, then it’s going to be at least 5-15 minutes on your phone.

Also, the server farm can parallelize work across an arbitrary number of challenges, but legitimate users cannot.



The attacker would need way more power actually, to send enough requests to flood the server. You only want to get one request in.

If the server can process 10k requests per minute, and you need to send 10 requests per minute, you only need 0.1% as much power.


My phone CPU normally draws well under a watt, but a server normally draws well over 100 watts.


I'm not sure about your point.


> you need a device that’s more powerful than whatever the attacker is using.

No, the point of the PoW is only to mitigate DDoS and it can do that.


Requiring regular users to compute PoW is a terrible idea. Actually it has the exact opposite effect. It will keep the attackers in, and the regular users out.

The problem is that we don't know how much is a cheap computation without first relying on a marketplace of computation and discovering the price. That marketplace of computation does exist, and it's called blockchain.


I think this just crowdsources the server’s load. Servers will certainly have to handle fewer requests thanks to PoW, at the expense of clients’s CPU time.

The upside is that the server does not go down, so at least some users will be able to access the website, compared to zero users


>The upside is that the server does not go down, so at least some users will be able to access the website, compared to zero users

Yes but the price is very important. Imagine you visit a country, and paid car rides, (i.e. taxis) cost one thousand dollars per hour. It might be the best ride you have ever taken, but it excludes 99.999% of the users due to price.

The problem is, it is impossible to figure out, how much computation is a cheap computation without first relying on a marketplace of computation and discover the price that way. The blockchain technology serves exactly that purpose. The producers of PoW, the miners, sell their PoW to consumers. Consumers bargain the price, by using it less when it's expensive, and more when it's cheap.

The blockchain logic states that: "Requiring users to give proof of burnt energy -> good idea" "Requiring users to burn energy themselves and then give proof of burnt energy -> terrible idea"




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: