pow_account
| Crates.io | pow_account |
| lib.rs | pow_account |
| version | 0.1.1 |
| source | src |
| created_at | 2024-10-13 20:39:21.365032 |
| updated_at | 2024-10-13 21:26:41.245953 |
| description | Generation of hashes with leading zeros for password-less authentication and DDoS protection |
| homepage | |
| repository | https://github.com/1prefix/pow-account |
| max_upload_size | |
| id | 1407664 |
| size | 16,435 |
Amir Boziev (amrbz)
documentation
README
POW Account
This library introduces a password-less authentication mechanism for open-source applications, utilizing a proof-of-work approach to enhance security and mitigate DDoS attacks. By requiring clients to generate cryptographic hashes with a specified number of leading zeros, this method not only eliminates the need for traditional authentication (e.g., usernames and passwords) but also provides a robust defense against malicious requests.
Key features
- Password-less authentication. Users do not need to create and use a password;
- No identity disclosing. Users authenticate without the need for credentials such as emails, or phone numbers;
- Protection from DDoS attack. The library implements a proof-of-work (PoW) model where clients must perform computationally intensive tasks (generating hashes) before sending a request. This makes it expensive for attackers to flood the server with requests, effectively mitigating Distributed Denial of Service (DDoS) attacks;
The algorithm of work
The sequence diagram below shows the high-level algorithm of client-server interaction.
sequenceDiagram
autonumber
participant c as Client
participant s as Server
c ->> c: Generate a hash with N leading zeros
c ->> s: Send a request to get an auth token
break Insufficient number of Leading Zeros
s ->> c: Return an error
end
s ->> s: Saves the timestamp of the request
break Too many requests
s ->> c: Return an error
end
s ->> c: Auth Token
Step 1. A Client generates a Hash that starts with a particular number of zeros. The required number of zeros is defined by the Server. This Hash represents a User ID. This operation is done once and the Hash can be reused for future requests.
Step 2. A Client sends the request to get an Auth Token (JWT).
Step 3. A Server checks if the sent hash starts with the proper number of leading zeros. If the number is wrong returns an error.
Step 3. A Server saves the timestamp of the last request for a particular Hash.
Step 5. A Server checks if the last request was made too soon.
Step 6. A Server returns the Auth Token.
Installation
To install the library from your app folder run:
cargo add pow_account
Or clone the repository to your app folder and add the following to your Cargo.toml:
[dependencies]
pow_account = { path = "pow_account" }
Usage
Here's a brief overview of how to use the library:
Importing the Library
use pow_account::HashFinder;
Generating a Hash with Default number of Leading Zeros
If you want to generate a hash with the default number of leading zeros (which is 20 bits or 5 leading zeros), you can do so like this:
let hash = HashFinder::default().find();
let hash_hex = hex::encode(hash);
println!("Generated hash: {}", hash_hex);
Generating a Hash with Custom number of Leading Zeros
You can create a new HashFinder instance with a specified number of leading zeros and generate a hash as follows:
let hash = HashFinder::new(4).find();
let hash_hex = hex::encode(hash);
println!("Generated hash: {}", hash_hex);
This will generate a hash that starts with 4 leading zeros.
Check that the Hash starts with a required number of Leading Zeros
You can check the number of leading zeros for a hash as following:
let hash = "000009a152773d97be21a10987653c1ac45dd774f0a7814584a0c13baf2fe678";
// Default number of leading zeros
if let Ok(mathc_result) = HashFinder::default().check(hash) {
...
}
// Custom number of leading zeros
if let Ok(mathc_result) = HashFinder::new(4).check(hash) {
...
}
This will generate a hash that starts with 4 leading zeros.
Example
Here’s a complete example demonstrating how to generate a hash with a specific pattern:
use pow_account::HashFinder;
fn main() {
let hash = HashFinder::new(4).find();
let hash_hex = hex::encode(hash);
assert!(hash_hex.starts_with("0000"));
println!("Generated hash with 4 leading zeros: {}", hash_hex);
if let Ok(mathc_result) = HashFinder::new(4).check(hash_hex) {
println!("Result of match: {}", mathc_result);
}
}
Running Tests
To run the tests included with this library, use the following command in the root directory of your library:
cargo test
Contributing
Contributions are welcome! Please feel free to submit a pull request or open an issue for any suggestions or improvements.
License
This library is licensed under the MIT License. See the LICENSE file for more details.