Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/bonedaddy/vcaptcha

proof of concept captcha-like system using VDF (verifiable delay functions). it enables flow control similar to that provided by other captcha systems in a "non-interactive" manner
https://github.com/bonedaddy/vcaptcha

captcha clearnet darknet go-chi golang hcaptcha i2p jwt recaptcha tor vdf verifiable-delay-functions

Last synced: 17 days ago
JSON representation

proof of concept captcha-like system using VDF (verifiable delay functions). it enables flow control similar to that provided by other captcha systems in a "non-interactive" manner

Awesome Lists containing this project

README

        

# vcaptcha

vcaptcha is a proof of concept alternative to existing captcha systems using verifiable delay functions (vdf) to provide a privacy first, centralized provider free captcha service. It is non-interactive so that the end-user doesn't need to manually solve a puzzle. It in theory should be effective at stopping ddos attacks or bots however this hasn't been tested. Unfortunately at the moment vcaptcha requires golang as there is yet no solver for it in python or javascript.

# overview

The VDF library used requires that each VDF be given a 32-byte seed along with specifying the difficulty. To get this 32-byte seed we leverage segmentio's KSUID format, which allows us to collect some metadata, such as the time captchas were generated without any personally identifiable information.

This KSUID is bundled into a "ticket" which is really a JSON object containing the KSUID, difficulty, and proof (when ticket is generated the proof doesnt yet exist). Information about the ticket is stored in memory on the server so we can keep track of tickets we have given to clients. We send this information to the client who will then solve the VDF.

After the VDF is solved the proof is then stored inside the ticket, and sent back to the server. The server then verifies that we did give out this seed + difficulty combination before. The proof is verified and if everything checks out we mark the captcha as solved, and generate a JWT which is then used to authenticate the user in the future.

# usage

To see a usage example implementing vcaptcha in a HTTP server see the `examples` directory.

# future improvements

* each captcha can be used by at most one session
* this prevents attacks in which a solved vdf is used across many users
* enable captcha solve, and current active captcha information persisting to storage or other
* at the moment it is simply stored in memory
* implement vdf solver in python and javascript

# license

all code in the `vdf` folder is from `from https://github.com/harmony-one/vdf` i have included it in-tree as the harmony-one repository isn't very go modules friendly. everything else is licensed under apache2.