tor: enable PoW defenses for automatically created hidden services #33414

pull vasild wants to merge 3 commits into bitcoin:master from vasild:tor_pow changing 5 files +45 −7
  1. vasild commented at 10:40 am on September 17, 2025: contributor

    Enable PoW defenses for hidden services that we create via Tor Control using the ADD_ONION command.

    The ability to do that has been added in tor-0.4.9.2-alpha. Previous versions return a syntax error to the ADD_ONION command with PoWDefensesEnabled=1, so the approach here is to try with PoW and if we get syntax error, then retry without PoW.

    Also update doc/tor.md with a hint on enabling PoW on manually configured Tor hidden services.

  2. tor: enable PoW defenses for automatically created hidden services 
    Enable PoW defenses [1] for hidden services that we create via
Tor Control using the `ADD_ONION` command [2].

The ability to do that has been added in tor-0.4.9.2-alpha [3]. Previous
versions return a syntax error to the `ADD_ONION` command with
`PoWDefensesEnabled=1`, so the approach here is to try with PoW and if
we get syntax error, then retry without PoW.

[1] https://tpo.pages.torproject.net/onion-services/ecosystem/technology/security/pow/
[2] https://spec.torproject.org/control-spec/commands.html#add_onion
[3] https://gitlab.torproject.org/tpo/core/tor/-/commit/02c18044464bfe45f168b55297a785244094cfd5
    5aefa08017
  3. doc: add a hint to enable PoW defenses to manual hidden services a61080aef8
  4. doc: add release notes for Tor PoW defenses 8a526d39d8
  5. DrahtBot added the label P2P on Sep 17, 2025
  6. DrahtBot commented at 10:40 am on September 17, 2025: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/33414.

    Reviews

    See the guideline for information on the review process. A summary of reviews will appear here.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #29641 (scripted-diff: Use LogInfo over LogPrintf [WIP, NOMERGE, DRAFT] by maflcko)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  7. dergoegge commented at 12:52 pm on September 17, 2025: member
    Should we then also add PoW to the connections that we make to other nodes running behind hidden services?
  8. willcl-ark commented at 2:27 pm on September 17, 2025: member

    Should we then also add PoW to the connections that we make to other nodes running behind hidden services?

    Reading the linked FAQ, the feature still supports “older clients” (which don’t have PoW defence capability), but they may take a lower priority when a service considers itself under DoS. So no PoW is required on the client side.

    When the client-side tor is new-enough, my understanding is that the puzzle-solving is automatically handled by Tor, and doesn’t need client-side changes to the connection code, as it happens during the introduction. But I am not 100% certain.

  9. fanquake commented at 1:03 pm on September 23, 2025: member
    @laanwj you might have some thoughts here?


vasild DrahtBot dergoegge willcl-ark fanquake

Labels
P2P

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-10-10 15:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me