On Mon, Apr 01, 2019 at 07:21:28PM +0000, furrier wrote:
Jeff,
Bad: I2P uses old cryptography, specially 2048 bit ElGamal using non standard primes. The use of ElGamal is so pervasive throughout the I2P protocol stack that it exists at every level of it. Removing it is a massive task that is taking a long LONG time.
I am not a crypto expert but really how bad is ElGamal 2048bit that you cannot wait for it to change? It's still the default in gpg fwiw. What did you choose instead and what did Loki gain out of it in terms of performance?
It's really really slow especially when you have to do it for every packet you send or every hop in a tunnel you build, it adds up fast.
Ugly: I2P cannot currently mitigate most sybil attacks with their current network architecture. Recently I2P has added some blocklist solutions signed by release signers but this probably won't scale in the event of a "big" attack.
What about a mix of staking and DDoSing existing Service Nodes out of the network? At a large scale such an attack would be far more effective than trying to out-stake the network.
In theory it'd be "really really expensive because of the coin aspect", in practice, no idea how hard it would be. I am also not convinced the coin aspect will work the way it is being advertised but I am open to being surprised. Loki is funding the development so they get the features they want.
In addition I2P isn't staffed for such attacks either.
Is Loki staffed for such attacks?
I hope so, no way to know until we get there.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Monday, April 1, 2019 2:53 PM, jeff <jeff@i2p.rocks> wrote:
On Mon, Apr 01, 2019 at 04:48:43PM +1100, Zenaan Harkness wrote:
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Sunday, March 31, 2019 7:14 PM, grarpamp grarpamp@gmail.com wrote:
https://loki.network/ https://github.com/majestrate/torrent.ano http://anodex.oniichanylo2tsi4.onion/ https://i2pd.website/ https://github.com/loki-project/loki-network/blob/master/docs/high-level.txt https://www.reddit.com/r/i2p/
On Sun, Mar 31, 2019 at 06:42:54PM +0000, furrier wrote:
Monero fork with premine, governance tax, and 50% funds lockup for "market-based sybil resistance". Good luck, I'll pass. Also, it wasn't clear from a quick look, do they utilize I2P at the networking layer or did they roll out they own custom solution like Kovri?
Loki network appears to be a ground up rewrite of I2P, with an eye to the lower latency and clear-net accessibility of Tor, with newer (presumably better) crypto than I2P.
This is correct.
Appears to ignore the fundamental currently-missing feature in all mix-/ anon-/ dark-/ onion-/ etc- nets in existence today - i.e. chaff fill, which implies some sort of badwidth/ time reservation/ promise between nodes, which is (re)negotiated from time to time between nodes. This chaff fill feature is the single currently-missing feature which is required to begin to handle the problem of global (in a network sense) passive adversaries, aka GPAs - i.e. the NSA, the CIA, the FSB, etc, i.e. those well-funded entities paid for and run by nation-state actors who generally oppress the fundamental rights of the rest of us, such as the rights to live, trade, and move about within our communities.
I am personally convinced that a flat traffic shape will only dare attackers to cut links between parts of the network, effectively making an even larger traffic shape to corrilate with. I am not convinced low latency systems can be immune to traffic shape corrilation and hence that being said, I think state actors are out of scope of the current threat model of llarp. This may or may not change.