On 03/09/17 18:31, Matthew John Toseland wrote:
> Thoughts? I'm not a dev any more, but thinking about Bitcoin and other
> stuff maybe there are some ways forward that we've missed...
> 
> Dispute resolution, spam and distributed data structures
> --------------------------------------------------------
> 
> A key is disputable if:
> 1) It is an SSK or similar signature-based type where multiple valid
> values are possible, and
> 2) It is popular enough for ULPRs et kick in, i.e. most nodes have
> copies of and ULPR subscriptions to this key.
> 
> For any disputable key, any darknet node can vote at most once. Votes
> are relayed in a fixed path across the darknet, so that only one vote
> passes a given directed edge for a given key. Ideally, votes are blind
> while they are being routed; the previous iteration of the key publishes
> a public key and then later broadcasts the private key.
> 
> It follows that votes are pseudonymous (i.e. can be correlated), and
> heterogeneous node degree may reduce some people's voting power. However
> overall this should be Good Enough (tm).
> 
> Disputable keys are used for the root of big distributed datastructures,
> such as the set of all valid posters on WoT, a keyword search index, a
> PKI indexed by any suitable identifier etc. (A block chain is of course
> another way to do this)
> 
> We can enforce any set of invariants on such data structures via the
> voting system, as well as incorporating explicit user input. For example:
> 
> The agreed root is the root of a hash tree. But we don't need to
> traverse the tree:
> - The index is divided by hash length into blocks of a large enough size
> that the individual blocks won't fall out.
> - The root includes the minimum and maximum USK offsets for all blocks
> in the index. It includes the base hashes for this version and the last
> few versions of the root.
> - As long as this range is small, we can fetch a block directly by its
> hash. The block will contain proof that it is included in the hash tree.
> This proof includes the actual CHK nodes as blobs, which will be
> randomly inserted/healed.
> - Each node also includes version range information.
> - All updates to the tree must maintain the invariant that the gap
> between the minimum and maximum value is reasonable. We can enforce this
> using the voting system above. In the absence of detectable attacks,
> hashing should tend to ensure this anyway.
> 
> Ideally there would be only one such tree, so that we could use classic
> timestamping service tricks such as publishing the current hash etc.
> 
> Thoughts on network architecture
> --------------------------------
> 
> We can provide strong anonymity, and reasonable robustness guarantees on
> a darknet. We can't achieve this on an opennet. We still need some sort
> of guest mode, and we need strong incentives to move to the proper
> darknet. So what should Freenet look like?
> 
> Core darknet
> - High uptime, reasonable bandwidth.
> - Many F2F links.
> - Eligible to participate in dispute resolution as above.
> - Stores data permanently, i.e. has a store not just a cache.
> - Some tunneling system similar to PISCES for privacy.
> - Single coherent network.
> 
> Non-core darknet
> - Similar to darknet, but lower performance.
> - May be penalised by load management.
> - May have less access to dispute resolution because of having very few
> links.
> - May still use tunneling.
> - In extreme cases (e.g. 1 link), lower security / need to trust peers more.
> 
> Gateway nodes
> - Hybrid, connect to both opennet and darknet nodes.
> - Eligible to become a seednode; responds to announcements.
> - May also qualify as core darknet nodes.
> - Must be able to prove connectivity to the Core Darknet.
> - Requests entering guests are treated as lower priority than
> intra-darknet traffic, and reset HTL when they become true darknet traffic.
> - Requests are never routed from darknet to opennet.
> 
> Guest/opennet nodes
> - Cache only. No store.
> - User requests a set of gateways from a seed service.
> - If true transient, entirely reliant on gateway. Requests are sent
> directly to the gateway, possibly using tunneling. Tunneling requires
> trusting the gateway, although if there are multiple gateways we can
> compare them, especially we keep a versioned network map using the
> dispute resolution mechanism.

Another detail: A network map is not used at all in darknet tunnel
setup. It's not updated every time a link goes down. It may not even be
updated when a node is added to the core darknet. It's just a trick to
make it easier to detect when your gateway nodes are on different
networks i.e. one of them is dishonest.

> - If semi-permanent, can announce to gateways and get a bunch of opennet
> nodes to talk to. Requests will be routed through local opennet for some
> limited HTL, and then sent to gateway.
> - Limited to no access to dispute resolution.
> 
> Seeds:
> - Any gateway may be a seed, and gateways' identities are assumed to be
> public.
> - Seed service maintains a list of gateways, demands some trivial proof
> of work (e.g. CAPTCHA, unique gmail address a la Tor), and returns a
> list of gateways and access tokens.
> - Seed service requires gateways to prove their connectivity to core
> darknet, and may implement its own scarcity, robustness and connectivity
> policies.
> 

Reply via email to