hide-eid update

Nick Thomas nick at lupine.me.uk
Fri Aug 9 12:03:06 PDT 2013 

On Sun, 2013-08-04 at 11:20 +0100, Nick Thomas wrote:

> It may be misguided, but avoiding I^2 / M:N sessions was a goal. As
> numbers go, it's big enough to be uncomfortable (there's ~40K ASNs).

Quick update - the code is now in a state where it can tunnel arbitrary
IPv4 datagrams, and does path MTU discovery / fragmentation as suggested
by RFC6830. Traceroute doesn't work yet, though. IPv6 is TODO; it should
be trivial to add support for IPv6 EIDs. IPv6 RLOCs are a tiny bit
harder.

Crypto is - very slowly -  starting to look sane:

 - 160-bit EC private keys per RLOC
 - public keys -> registry (for now)
 - ECDH for shared secret generation for any RLOC pair
 - SHA256 the secret, use as secret key for symmetric cipher
 - Fragment packet into packets, if needed
 - Each packet gets 128-bit pseudo-random IV ( RAND_pseudo_bytes() )
 - aes256gcm block cipher on first 512 bytes of each packet 
 - On the wire:
   [ IP header, proto 99 ] [ len(iv+ciphertext+tag) ]
   [ iv ] [ ciphertext ] [ tag ] [ plaintext ]

Obviously, the current code doesn't scale at all well, but this is
in-principle parallelisable, and amenable to hardware cypto use as well.
Unloaded, it adds <1ms to rtt. I'm hoping to be able to get it running
at ~100Mbit/sec sometime in the next week or two. If I can get it to
gigabit rates, I can start talking to small ISPs about running it,
opt-in, with a straight face. 

If you fancy experimenting with a hide-eid node, just poke me with a
public key and a range + RLOC IP (or set up your own pair, of course).
I'd quite like to see it spanning large sections of the real Internet
successfully. I'd also love to know if you can get it to break any IP
protocols; I've only really been playing with TCP and ICMP so far. 

More broadly, I've still not been dissuaded against the notion that it
plugs a gap in the current range of tools against widespread,
generalised internet surveillance. The value of being a member of even a
small anonymity set can't be understated, especially when getting into
the set is more-or-less zero effort and zero cost. If anyone can
convince me otherwise, well, at least I'd get my evenings (and mornings)
back :)

/Nick

More information about the cypherpunks mailing list