Skycoin Darknet Anonymous Network Plan
English version link: https://github.com/skycoin/whitepapers
Chinese translation link: https://github.com/zccoin/skycoinwhitepapers
Translator: Zhao Cai Coin Cold Moon Sina Weibo @Zhao Cai Coin Cold Moon
BTC donation address: 1HLnkctB8dN4AcorjsJK493pHL7rUSVfzm
ZCC donation address: ZVX7namJi8CinMQbFruzHA27eW53qTznXW
Darknet Plan
============
Skycoin Darknet is a high-performance routing protocol inspired by cjdns, with privacy protection. Users earn skycoin by contributing resources to the network and spend resources to use network resources.
This protocol is designed to run on the traditional internet, with nodes physically connected via wifi. The long-term goal is to create remote point-to-point wifi links that bypass existing internet service providers.
Skywire Meshnet White Paper
===========================
Implementation details
https://docs.google.com/document/d/1_rPNMTokwmBPFel1pZfLbTtTkooSWtGKrTLB3RbXIrI
User Case: Link Aggregation
===============================
Bob has a 2 Mb/s internet connection. It takes Bob a few minutes to load Youtube videos. Bob has five neighbors with 2 Mb/s links. They install Skycoin nodes. Bob’s Skycoin node links to his neighbors via wifi and aggregates bandwidth, giving Bob a 12 Mb/s connection.
Bob accepts Skycoin for passing traffic and spends Skycoin to use network resources.
Note:
– Bob’s IPv4 traffic enters the local server’s ordinary internet via the Darknet tunnel.
– Bob’s Skycoin link appears as a VPN link on his computer.
– Bob’s traffic may pass through multiple routers between his home and IPv4 gateway nodes.
– For a $150 device cost, Bob can connect to nodes up to five miles away at 40 Mb/s.
– For a $1500 device cost, Bob can connect to nodes up to fifteen miles away at 1.4 Gb/s.
User Case: Backhaul
======================
Alice lives in a big city, two miles from a T-level backbone fiber hosting center.
Alice’s internet speed is 2 Mb/s.
Alice had cheaper and faster internet before the FCC finalized public access rules. Now, after the merger of the two largest cable companies in the US, Alice has only one ISP.
After the merger, the CFO stated, “People don’t want faster internet,” raised prices, and set bandwidth caps. Alice pays $0.30 per GB over the 100 Gb bandwidth cap.
Since net neutrality was secretly established through an international agreement that even Congress members were not allowed to see or vote on before signing, Alice’s ISP is getting worse.
Alice’s Youtube and Netflix videos load slower than before. Alice’s ISP has started throttling Netflix, Youtube, and Bittorrent, and publicly resisting them.
Alice’s ISP has begun tracking every site she visits, recording her personal information, and selling it to the NSA and marketing companies. Alice’s ISP has started stealing profits from the websites she visits, replacing their ads with its own. Alice’s ISP has begun blacklisting websites it dislikes.
Alice heard about Skycoin and discovered another Skycoin user has an office located at the hosting center. Alice spent $1500 on her roof and installed a 1.4 Gb/s Ubiquity airFiber antenna to bridge the distance to the backbone fiber. Alice’s network serves as the backhaul for her neighbors’ local Skycoin mesh.
Alice canceled her internet service.
User Case: Internet Kills Switch
=================================
Hardware
========
In development, we use the following:
Platform:
– Debian
– Raspberry Pi/Beagle development board
Wifi devices:
– Edimax EW-7811Un (good Linux support)
– TP-LINK TL-WN722N (external antenna supports remote directional connections)
Directional antennas:
– TP-LINK TL-ANT2424B 24dBi 60 cm directional mesh parabolic antenna. Up to 10 miles range in unobstructed line of sight.
– See: http://fabfi.fabfolk.com/
Future:
– RONJA (see http://en.wikipedia.org/wiki/RONJA)
– HackRF http://kck.st/1eb5z2R
– Li-Fi http://en.wikipedia.org/wiki/Li-Fi
Technical Goals
====================
Implementation:
– Go language prototype
– Very simple
– Minimal dependencies
Design goals:
– Privacy protection
– Provide bandwidth, storage, and backhaul with virtual currency incentives
– Open access wifi mesh network
– Designed to bridge the last mile between backbone networks and homes
– “Zero configuration”. Plug and play, no configuration required
– Difficult to detect or restrict
Protocol v0.2
==============
The protocol should
– Be simple
– Be fast
– Be secure
Connection layer:
– Open a TCP socket to the remote host. Use ECDH with curve secp256k1 to establish a ChaCha20 symmetric session key.
– Now you have a bidirectional connection to send and receive data to the node for data transmission
Routing v0.1:
– At each node, establish a “path”. Each node in the routing registers the next node and assigns a four-byte integer. The prefix four bytes of the packet determine the node to which the data is passed.
– Each node decodes the packet, gets the prefix four bytes to determine the next node to propagate data. Simple lookup table. Routing decisions pushed to origin.
– Traffic is unidirectional
Routing v0.2:
– At each node, establish a “path”. Each node in the routing registers the next node and assigns an eight-byte integer determined by the origin. The origin receives an 8-byte salt. The salt is a hash or compression function (e.g., XOR).
– Each node reads the first eight bytes of the packet, hashes these eight bytes using the salt function, and gets Salt(S, H). The node looks up this value in the routing table and obtains the node to which the packet is passed.
– Assume P1 is the source node’s packet’s 8-byte prefix, S is the salt, P2 is the integer prefix of the packet propagated to the next node, then the next node is represented as Salt(P1,S). The return path is Salt(S,P2).
– Salt has transmission node selection to prevent collisions with other paths through nodes. To maintain constant lookup time, Salt can be selected from the router’s hash table to prevent collisions. The hash lookup table should have randomness to prevent information leakage.
– Assume D is the packet’s prefix, Salt(P2,D) is the forward routing, Salt(P1,D) is the backward routing. XOR or irreversible compression function can be used as salt.
– Assume XOR is used as the salt function, each node has a seed. If an irreversible compression function is adopted, forward and backward paths may require separate values. Symmetric key encryption for each node only requires one salt. Requires two irreversible functions.
– Bidirectional circulation. The goal is to enable reverse communication with the origin without knowing the salt value and return path. Routing information is determined by an 8-byte.
Traffic payment:
– Nodes keep track of how much routing traffic is reserved in each direction
– The originating router uses a 120-byte off-chain Skycoin transaction to initiate a guaranteed “confidence payment”.
– The originating node settles costs with nodes every few minutes
Note:
– Routing is determined by the traffic origin
– The target can communicate in reverse with the origin but cannot identify the originating node
– Each payment consumes 120 bytes
– The overhead for each hop is 4 bytes (exercise for the reader: make it a constant)
– Public keys in the protocol are never exposed in plaintext
– No node public key cannot communicate with the node
– 32-bit routing path prefix information should be obscured by the key shared by the node
– For secure applications, packets should be of fixed length or a power of 2 to resist traffic analysis
– A sending node’s public key can be discarded. The target public key hash serves as the routing network address. The target public key is only decoded, never signed. The successful decryption of the session key serves as proof and identification of possessing the private key.
Todo:
– This is a transport layer protocol. Using fountain coding, the protocol layer above this layer sends traffic to the target through multiple paths.
– Since the starting point determines the path, the starting point can optimize for latency, throughput, and other factors
– To prevent being blocked by ISPs, traffic and handshake should be disguised as SSL protocol.
Privacy
=======
A user running a Skycoin Wifi access point allows any user within range to connect through the access point. Because it is encrypted, the access point operator cannot determine the form of traffic through the access point. The recipient of the traffic cannot determine the path the traffic takes through the access point.
This effectively removes the legal liability for operating public access points. Operators never possess any information about the relayed traffic, and traffic recipients cannot identify the operator of the network access point.
Moreover, by adding mandatory hops (a “defense node”), ISPs cannot easily identify Skycoin Darknet traffic from a specific public access point relayed through a particular cable modem.
Summary:
– Skycoin Darknet Wifi access points are public by default
– Access point operators cannot see the content of traffic through the access point
– Access point operators cannot see the destination of traffic routed through the access point
– Traffic recipients cannot determine the origin or the path the data takes through the network
– Using “defense nodes”, ISPs cannot identify traffic from a specific public access point relayed through a particular terminal connection (cable modem).
Trade-offs:
=========
The Skycoin Darknet protocol is low-latency, high-throughput, and offers a higher degree of privacy than previously provided systems. However, to achieve these goals, several trade-offs are necessary.
1. Routing decisions are returned to the originating node rather than the network
2. Due to encryption overhead, Raspberry Pi can only forward 150 Mb/s. FPGA hardware can accelerate this to GB/s.
3. For large delay-sensitive transmissions, the network performs better with lower overhead. Torrents can run very well on the network.
4. Real-time applications that need to send many small packets can work on the network, but introduce greater overhead than TCP/IP networks. The theoretical latency and “jitter” of latency are lower than TCP/IP, but have higher bandwidth requirements for real-time applications like VOIP.
5. Microtransactions for bandwidth pollute the blockchain. Therefore, we rely on trusted third parties to complete off-chain micropayments for low-overhead bandwidth guarantees.
6. Since routing decisions are pushed back to the originating client, the client must maintain routing tables or rely on routing information from third-party servers.
7. Storage and sending operations increase the network’s throughput and reliability but reduce the service quality for real-time applications. Storage and sending operations bring additional requirements for node memory and storage, which may affect the capacity of traditional routers.
8. Nodes at the interface between Skycoin Darknet and traditional internet may face the same issues as Tor exit nodes. Most Tor exit nodes are blacklisted due to spam issues when editing Wikipedia and registering website accounts. To maintain high-quality service, exit nodes may require trust relationships, payments, or user registration to prevent abuse.
