Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple peer IDs, ephemeral IDs, and permanent/private IDs. #37

Open
Stebalien opened this issue Jun 9, 2018 · 2 comments
Open

Multiple peer IDs, ephemeral IDs, and permanent/private IDs. #37

Stebalien opened this issue Jun 9, 2018 · 2 comments

Comments

@Stebalien
Copy link
Member

Stebalien commented Jun 9, 2018
edited
Loading

Currently, one's peer ID is a permanent identity on the network. This is really unfortunate for privacy. We'd like to be able to expose a single ephemeral device ID to the network and then have multiple permanent IDs behind this ephemeral ID.

Assuming we have private, encrypted PeerInfo records (see ipfs/notes#291 (comment)), we can implement this as follows:

  1. Every node will have a single ephemeral ID (regenerated daily or, possibly, at boot). All connections go through this peer.
  2. Nodes may have zero or more permanent IDs.

To connect to a permanent ID, one:

  1. Looks up the permanent ID in the DHT (assuming encrypted peer info records). The peer info record will point to an ephemeral ID.
  2. Looks up the ephemeral ID in the DHT to get the location-based multiaddr of the peer. Note, we may short-circuit and include the ephemeral addresses in the permanent peer info record.
  3. Connects to the ephemeral peer.
  4. Opens a stream to the identity service.
  5. Runs a protocol with the identity service first proving the identity it wishes to use and then asking the identity service to prove the identity to which it wants to connect. For efficiency, these identities may be assigned short, stable numbers (could be tricky, may not be worth it).
  6. The first node can now open new streams to the permanent identity on the second node by:
  7. Connecting to the identity service.
  8. Specifying the identity from which it wants to connect (already proven) and the identity to which it wants to connect).
  9. Finally, it can negotiate the appropriate service over this connection.
@Stebalien Stebalien mentioned this issue Jun 9, 2018
Open
@Stebalien Stebalien mentioned this issue Nov 27, 2018
Closed
@jhiesey
Copy link

jhiesey commented Dec 12, 2018
edited
Loading

Here's what I discussed with @Stebalien:

Let's call the permanent ID <private id> and the ephemeral ID <public id>.

We want the DHT to store the <private id> -> <public id> mapping, while also making it difficult for an adversary to follow a given <private id> around the network.

  • Option 1: Using <public id> as our node ID, call Put(Hash(<private id>), <public id>)

This makes it easy to find a <public id>, and hence public PeerInfo, given a <private id>. As an extension, we could also sign <public id> with itself, allowing DHT nodes to easily verify these records are valid, which would be nice. The main downside of this design is that any attacker running a DHT node that sees Hash(<private id>) on the wire, in a Put or Get RPC, can later issue Get(Hash(<private id>)) to find that peer's <public id> as it changes.

To avoid this, we have:

  • Option 2: Using <public id> as our node ID, call Put(Hash(<private id>), Encrypt(DeriveSymmetricKey(<private id>), <public id>)))

This has the advantage that seeing messages that contain Hash(<private id>) don't let us follow that <private id> around the network, since we don't know the actual <private id> to decrypt the <public id>. The main downside relative to option 1 is that it is no longer possible for nodes that don't know the actual <private id> to validate these records.

Finally, both of these approaches still have the issue that a Sybil DHT node that receives the Put message could just look at the physical address (e.g. ip and port) that sent that Put, revealing where the <private id> is located. Only a relay network like TOR or something equivalent can fix this issue.

@Zolmeister
Copy link

Ref. libp2p/specs#139
Tor rend spec v3 allows anonymous service discovery by encrypting <private id> before publishing to the DHT

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Stebalien @jhiesey @Zolmeister