Thread - Nostr Hypermedia

We've tried rate-limiting Cashu mints with PoW but turns out if you want mobile phones with javascript to compete against DoS servers, the server always wins... I'm convinced now that the only practical use of PoW is Bitcoin and it's better to use sats to slow things down.

Replies (16)

Keychat 9 months ago

Ecash sat stamp

sandwich bread@sandwich.farm 9 months ago

1. Dont use JS for POW, use WASM and load several threads by detecting available cores. 2. Yes, servers/asics will always win when there is financial motive.

npub1vhr3...ay96 9 months ago

You tried this approach? How is it working for Tor?

Introducing Proof-of-Work Defense for Onion Services | Tor Project

Today, we are officially introducing a proof-of-work (PoW) defense for onion services designed to prioritize verified network traffic as a deterren...

fidel cashflow paco@nostrplebs.com 9 months ago

Wasn’t that the whole point of reusable PoW tokens?!

npub12pl2...6gv3 9 months ago

Agreed

Boniz23⚡️🇮🇹₿ 🏴‍☠️ Boniz23@nostrcheck.me 9 months ago

That’s an interesting realization. PoW is great for trustless, decentralized security, but when the competition is asymmetric (mobile vs. server farms), it breaks down. Using sats as a rate limiter makes sense it aligns incentives and adds an economic cost to spam without the computational arms race. Maybe a hybrid approach could work? A small PoW requirement to deter casual spam, plus sats to make large-scale abuse costly.

arkinox arkinox@team.fanfares.io 6 months ago

If you want something from the universe > PoW If you want something from an entity > sats

Jeroen Ubbink jeroen@blackbyte.nl 6 months ago

Yep you need some absolute cost to take it away that is the same for everybody.

Garbage nsec garbagensec@NostrAddress.com 6 months ago

How about if the person trying to access the mint doesn't have Sats?

1 replies ↓

Nathan Day nathan@btcmap.org 6 months ago

Sats are the PoW.

hoppe2 6 months ago

Why does a mint need a rate limit? To be more precise, I don't understand the context of a legitimate user 'competing' with a DDoS server. I can understand that there might be attackers who want to attack the mint for reasons other than financial gain, but why does the issue of competition with regular users come up? It's not like this is a system where you get a reward for completing a challenge.

Gigi dergigi.com 6 months ago

Sats are PoW. Difficulty-adjusted PoW.

npub1vadc...nuu7 6 months ago

I came to the same conclusion in the past, e.g. in this conversation:

Gist

SNICKER BIP draft

SNICKER BIP draft. GitHub Gist: instantly share code, notes, and snippets.

And agree with the reasoning... without the system having a massive asymmetry in favor of the defender, it's not viable, and *even then*, it may not work (hence I am dubious about Tor's recent efforts). Funnily enough even back then I saw a good solution being .. ecash :) (privacypass etc) but yeah LN sats could also be viable depending on the system.

1 replies ↓

calle calle@cashu.me 6 months ago

we ended up solving it with fees for ecash tx's 😉

Abstract Equilibrium abstractequilibrium@mjex.me 6 months ago

1 replies ↓

Garbage nsec garbagensec@NostrAddress.com 6 months ago

Trying to add a new mint to an app with a built in NIP-60 (still an API call) Trying to call the API to request a Lightning invoice to initially top up