Existing circumvention systems are vulnerable to enumeration and blocking by censors due to their static endpoints and lack of theoretically grounded strategies for dynamic replacement. This work addresses this limitation by modeling censorship resistance as a continuous-time game over a combinatorial address space, introducing a sustainability boundary theory centered on the ratio (β) between domain introduction and blocking rates. Leveraging an extended FlipIt model, continuous-time stochastic process analysis, and an open-source simulator, the study formalizes moving-target defense mechanisms, derives a closed-form availability law, and defines a critical sustainability threshold β*. Simulations across multiple national censorship regimes—including China’s GFW, Russia’s TSPU, and Iran—confirm a phase transition at β*, demonstrating that IP rotation alone cannot sustain high availability when β exceeds 1.

Internet censorship affects over four billion people, and deployed circumvention systems share a common weakness: their endpoints are fixed and discoverable, so a patient censor can enumerate and block them. Moving-target circumvention systems instead rotate endpoints across commercial cloud address space faster than censors can react, but the field lacks a theory of when rotation works, leaving rotation intervals and pool sizes to intuition. We give the first formal account of moving-target censorship resistance by modeling the censor-defender interaction as a continuous-time timing game over a combinatorial address-domain space, generalizing FlipIt to a collateral-bounded adversary. We prove a sustainability frontier separating configurations a censor can defeat from those it cannot, and show that under the Great Firewall's 2024 shift to blocking QUIC and TLS by domain, raw rotation speed is not the binding constraint. Instead, availability is governed by the domain burn rate, $β=λ_{\mathrm{disc}}/λ_{\mathrm{intro}}$, the ratio between how quickly the censor blocks defender domains and how quickly the defender introduces fresh ones. We derive a closed-form availability law, prove that address rotation alone cannot sustain high availability when $β>1$ regardless of endpoint rotation speed, and characterize the frontier $β^\star$. We validate the analysis with an open, model-level censor-defender simulator requiring no privileged access or cloud deployment. The simulator reproduces the predicted phase transition at $β^\star$ under adversary profiles representative of the GFW, Russia's TSPU, and Iran, and shows robustness to state-dependent discovery and bursty, provider-correlated burns. The result replaces the heuristic of ``rotate faster'' with a precise operating condition: keeping the domain economy ahead of the censor.