[discussion] Mitigate DoS attacks on Sphinx relays

[gpestana]

When processing the packets, each hop derives the shared key and then verifies if the key has been used before. If that is the case, it will discard the packet since it may be from a replay/DoS attack. It is important to make sure that the packet processing will happen only after the relay makes sure the packet has not been processed yet. This way, the DoS attack vector is bound to the capacity of the attacker to generate many valid packets with different shared keys between himself and the relay being attacked. The packet construction works effectively as a crypto puzzle to mitigate DoS attacks against relayers.

Is there any other mechanism that could be used? Do we need to add a more expensive puzzle?