You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In a web service where a user interacts with the service with their registered account, the service can rate limit behaviors of the user by banning or suspending their account. In the setting of Semaphore, where users are anonymous, External Nullifiers are used to rate-limit the user.
An external nullifier can be treated as a topic and a user is only allowed to act to that topic at most once. Standardizing how we format external nullifier string can help developers quickly define an effective one for their use case and prevent shooting themselves in their feet.
The external nullifier "string" should be kept public so that each component in the string can be validated. Then the circuit will take the external nullifier "hash" as input, which is the hash generated by feeding the string to genExternalNullifier from libsemaphore.
Proposed format
version:service:subject_uri:verb_uri:epoch:nonce
Example format:
v1:hojicha:group/123:post:1586328000000:1
version: this ensures backward compatibility for future change in the standard.
service: prevents a signal to be replayed on other services.
subject_uri and verb_uri (high uncertainty here)
Frequency parameters:
epoch: define how frequent a user can perform actions. Use _ for pure nonce based rate limit strategy. Put the timestamp value of the epoch start here.
d=newDate()d.valueOf()-(d.valueOf()%(30*1000))
nonce: define how many times an action can be performed in an epoch. Use _ for pure epoch based rate limit strategy.
Should we specify epoch length on the string?
Use case example
Posting article
Rate limit article posting to every 30 secs.
v1:hojicha:group/123:post:1587281460000:_
Commenting on an article
Rate limit article commenting to 5 times every 30 secs.
In a web service where a user interacts with the service with their registered account, the service can rate limit behaviors of the user by banning or suspending their account. In the setting of Semaphore, where users are anonymous, External Nullifiers are used to rate-limit the user.
An external nullifier can be treated as a topic and a user is only allowed to act to that topic at most once. Standardizing how we format external nullifier string can help developers quickly define an effective one for their use case and prevent shooting themselves in their feet.
The external nullifier "string" should be kept public so that each component in the string can be validated. Then the circuit will take the external nullifier "hash" as input, which is the hash generated by feeding the string to
genExternalNullifierfrom libsemaphore.Proposed format
Example format:
version: this ensures backward compatibility for future change in the standard.service: prevents a signal to be replayed on other services.subject_uriandverb_uri(high uncertainty here)Frequency parameters:
epoch: define how frequent a user can perform actions. Use_for pure nonce based rate limit strategy. Put the timestamp value of the epoch start here.nonce: define how many times an action can be performed in an epoch. Use_for pure epoch based rate limit strategy.Use case example
Posting article
Rate limit article posting to every 30 secs.
Commenting on an article
Rate limit article commenting to 5 times every 30 secs.
Subscribe to a service
VPN service plan that allows 3000 logins a year
Remove a group
Defining both frequency parameters as
_is a YOLO external nullifier.Example:
User can signal their support to remove a group.
The text was updated successfully, but these errors were encountered: