DDoSCoin: Cryptocurrency with malicious proof of work

Despite this malicious use-case, it&#x27;s entirely possible that the underlying proof-of-work technique (using the target server&#x27;s TLS signatures for validation) can inspire some noble applications or smart contracts :)<p>As a somewhat contrived example, instead of blindly trusting that a certain monitoring system like &quot;Uptime Robot&quot; is checking your servers (or going through an expensive access_log based verification), you could verify their proof-of-connection.

I haven&#x27;t done a deep dive, but I think this same proof of work could be instrumented in a smart contract to create a DDOS market, without publishing a new blockchain.<p>Oraclize has already built TLS verification into their solidity contracts for instance. So you could outsource most of the work there, I think.<p>EDIT: Yes, this would definitely work, and be a lot less effort than the paper.

Quite related: <a href="https:&#x2F;&#x2F;tlsnotary.org&#x2F;" rel="nofollow">https:&#x2F;&#x2F;tlsnotary.org&#x2F;</a> <a href="https:&#x2F;&#x2F;github.com&#x2F;tlsnotary&#x2F;tlsnotary" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;tlsnotary&#x2F;tlsnotary</a> TLS notarization is a genius idea, but the UX is what is holding it back. However, I&#x27;m sure there&#x27;s room for innovation in this part, just like DDoSCoin shows.

Intriguing concept, but malicious is orthogonal to illegal, although they are often correlated.<p>Namely, in several jurisdictions, including the one that the paper is presented in, (D)DOS is illegal -- a different point to debate -- making this <i>particular</i> proof-of-work <i>both</i> malicious and illegal.<p>A more intriguing one would be one that&#x27;s merely (debatably) malicious but not <i>per se</i> illegal, like, say, password hash cracking, which is similar enough to existing PoW schemes to make feasible.

Can&#x27;t the website owner make quite easily as much TLS proofs as he wants?

I looked through the paper and couldn&#x27;t find it, so I&#x27;ll ask here: what is the motivation behind this? I don&#x27;t understand the purpose of this system. I understand that some people are paid to perform DDoS attacks against specific targets. I don&#x27;t understand how a special crypto currency changes this.<p><pre><code> &gt; Miners are incentivized to send and receive &gt; large amounts of network traffic to and from the &gt; target in order to produce a valid proof-of-work. </code></pre> No they are not. Just because you create a &quot;crypto currency&quot;, which rewards some activity, does not mean people will start performing this activity. Unless they mistakenly believe the tokens they earn somehow have value. A mined crypto currency needs to have value <i>before</i> miners are incentivized to do what it takes to mine coins.<p>It seems like any paper with the word &quot;Blockchain&quot; in it gets votes to the top regardless of whether or not the system actually provides any additional value. Designing useless systems is not hard.<p><pre><code> &gt; In order to allow victims to be (temporarily) selected for &gt; DoS, DDoSCoin allows “bounties” for targeting specific servers. To accomplish this, DDoSCoin &gt; introduces a new payment opcode, PAY_TO_DDOS, &gt; that can be used in transactions subject to &gt; certain constraints. </code></pre> So miners perform DDoS attacks to earn coins, and then send these coins in a transaction which incentivizes others to perform DDoS attacks? This makes no sense. A group of supposed DDoS attackers &quot;incentivizing&quot; each other to perform attacks to earn tokens they themselves have created.

Every day we seem to inch our way towads Accelerando...

A primary feature of OTR-style communication protocols is deniable authentication. If Alice and Bob communicate via OTR, Alice can&#x27;t can prove (cryptographically) to anyone else that the messages she received were actually from Bob.<p>Would an OTR-style protocol be immune any type of DOS proof-of-work? Are there disadvantages to having deniable authentication for the kinds of communication that TLS is used for today?<p>Edit: according to the paper, the attack only works on TLS 1.2+, and only works on the setup phase. Apparently, TLS allows you to forge the contents of the communication. Does OTR allow you to forge the setup phase as well?

I had an idea for a cryptocurrency whose PoW would incentivise stealing and erasing files from other computers. I even wrote some code for it, but it seems to have gone missing...

I don&#x27;t see how it is any different than hedging against any real commodity or stock in a traditional banking sense...

I would love to see Anonymous flock to an implementation of this. Hacktivism with a reward.

Crawlcoin instead? SE&#x27;s prove due diligence.

Finally we can have a fair market for DDoS! This is what will liberate the system from the evil overlords of DDoS corporations!!!