The Tor client puzzle mechanism contains a fundamental architectural trade-off: the system is forced to choose between inflation resistance (preventing attackers from artificially raising puzzle difficulty) and congestion resistance (preventing the service from being overwhelmed), but cannot achieve both simultaneously — a root-cause vulnerability acknowledged by the Tor Project.

Strict anonymity requirements in Tor onion services render conventional DoS mitigation strategies inapplicable, forcing the Tor community to revive the client-puzzle approach as the only feasible admission-control mechanism compatible with unlinkability guarantees.

Abstract defense

OnionFlation attacks succeed by inflating puzzle difficulty without causing detectable congestion at the targeted service, meaning the attack leaves no noticeable traffic-volume signature at the victim — standard congestion-based anomaly detection cannot identify the attack in progress.

Abstract detection

The Tor client-puzzle mechanism has an inherent design trade-off: the system is forced to choose between inflation resistance (preventing adversarial difficulty inflation) and congestion resistance (absorbing legitimate traffic surges), but cannot achieve both simultaneously. This trade-off is identified as the root cause of OnionFlation.

Abstract evaluation

The OnionFlation attack family artificially inflates the required client-puzzle difficulty for all connecting clients without causing noticeable congestion at the targeted onion service, rendering any existing onion service largely unusable at an attack cost of a couple of dollars per hour.

Abstract evaluation

OnionFlation attacks can render any existing Tor onion service largely unusable at an attack cost of approximately a couple of dollars per hour, by artificially inflating the required client puzzle difficulty for all connecting clients without causing noticeable congestion at the targeted service.

Abstract evaluation

The paper offers practical guidance for Tor onion service operators aimed at balancing mitigation of OnionFlation attacks against maintaining service availability for legitimate clients, recognizing that no complete solution exists within the current puzzle architecture.

Abstract defense

Following real-world DoS attacks against onion services, the Tor community revived and shipped an official client puzzle mechanism, which has since been adopted by several major onion services as their primary DoS mitigation strategy.

Abstract deployment

Client-puzzle DoS mitigation has been adopted in an official Tor protocol update and is in active use by several major onion services. An ethical live-network evaluation of OnionFlation attacks confirmed the vulnerability on the production Tor network, and the Tor Project has acknowledged the findings.

Abstract deployment