Loki.network, Crypto Network HW Links, Anti Vampire and Sybil Nets, Actors Everywhere

[jeff]

On Mon, Apr 01, 2019 at 10:45:59PM -0400, grarpamp wrote:
> > I am personally convinced that a flat traffic shape will only dare
> > attackers to cut links between parts of the network, effectively
> > making an even larger traffic shape to corrilate with.
> 
> Today if play the cut links game, eventually a toggled link
> will expose the traffic you seek, because there's no
> fill between nodes that automatically takes its place.
> Your global monitor sees a respective signal slump
> among the nodes making up the subject path, each
> node distinguishable by time deltas. Such signal the
> adversary was probably clocking into it themselves
> for easier recognition anyway... fetch 1MB, fetch 1MB,
> fetch 1MB, fetch 1MB... oh noes.
> 
> Tor's hidden services are total sitting ducks
> because of this. Same for likely all current
> overlay networks in production regardless of
> whatever service they provide... from traffic,
> messaging, storage, cryptocurrency, and so on.
> 
> There are surely better links from the bib space,
> yet here are some concepts on generated buckets,
> retiming, how they can contain full time "empty" fill
> that yields to wheat demand on the line, traffic
> contracts, etc therein...
> 
> https://en.wikipedia.org/wiki/Generic_cell_rate_algorithm
> 
> If all the nodes are independantly maintaining
> independant traffic contracts between their
> physical and/or logical peers, cut links won't
> do hardly as much impact if anything at all...
> 
> A \
> B + -----> M -----> { U V W X Y Z }
> C +
> D /
> 
> If nodes ABCD on the left are trafficing through
> M cloud fanning out to the right mesh towards UVWXYZ,
> then adversary cutout of D is not visible beyond M
> if M makes up for D's packet slack on its left contract
> by continuing to emit the same amount as fill to fulfill
> its right contract.
> 
> M could variously blackball A for non contractual
> suspect misbehaviour... weird rates, timing anomalies,
> uptimes, etc.
> 
> M could signal BC that they can now renegotiate
> upwards with M since M now has more rate free on
> its left.
> 
> If M is cut out, the left renegotiates with some
> L or N nodes via new northern or southern arc routes.
> 
> The "shape" or "bitrate" of the contracts could be
> negotiated as need be, "flat" might not be necessary,
> so long as the contract is upheld and policed by
> all participants to it.
> 
> Contracts could be one to one, one to many, many to many,
> physical next IP hop to hop, logical overlay address to
> address, multiplex, simplex, tunneled, shared, etc.
> And pertain to bitrates, timing, uptime, any sort
> of constraints, metadata, etc.
> 
> 
> This also makes Sybil's life more difficult...
> it must now own the full path or it will lose
> sight due to contracts with non Sybil nodes
> in the path who are also meshed and contracted
> out to other non Sybils around ot. Sybil must
> also uphold all its own contracts or get
> dropped by other nodes.
> 
> 
> > I am not convinced low latency systems can be immune to traffic shape
> > corrilation and hence that being said
> 
> Copper, Fiber, Radio, etc.. so long as it's quality line
> rate hardware that can keep up with its advertised rate,
> their time to transfer data is dependant only on distance,
> not on how full the line is. Such network hardware is
> agnostic... fill, wheat... it all gets there in the same time.
> 
> When people say "X latency network overlay", they're
> really referring to the cost of software processing
> their overlay design on their crappy stack of PC / Phone
> CPU hardware. And in their transport protocols running
> on the same... TCP, UDP, etc... all the way down
> the stack until it hits the real network hardware,
> which will either happily accept and ship the packet,
> or drop it.
> 
> When people cry about "bandwidth", all they need to do
> in a fill model is allocate whatever bitrate to it they like
> and forget it. They're not going to get more bitrate from
> their ISP than they paid for, and they'll probably contract
> to the overlay under that so they can do other things with
> their line. And they're not going to get more wheat bytes
> across the overlay than a 100% wheat ratio (fill yields
> to wheat demand) within their contract to the overlay,
> even if they do disconnect from their byte transfer
> based ISP / Phone afterwards.
> 
> Research would need done into routing models
> needed to transit traffic across the overlay.
> ie: TCP can readily jam more yet slower circuits
> through a full pipe, UDP mix gets dropped routed or
> reserved for. Raw IP becomes interesting.
> 
> 
> 
> As a network HW project for defense in depth...
> 
> If hardware makers would add line rate encryption and
> fill silicon to every physical port on every switch, router,
> and NIC... mandatory on by default per physical link...
> that would kill off a lot of vampires.
> 
> An open IETF RFC spec for that would cost under $1
> per port to integrate into existing silicon port fab
> worldwide, plus electricity to drive the port which
> would be estimated as part of the RFC process.
> Modular agility would not cost much more at scale.
> 
> Assuming line rate hardware, there's no latency
> impact here either.
> 
> 
> 
> > I think state actors are out
> > of scope of the current threat model of llarp.
> 
> If any network application involves free speech,
> politics, money aka cryptocurrency, business,
> journalism, industry, messaging, personal affairs,
> data storage and transfer, basically anything at all...
> you can be absolutely certain that many State and Other Actors
> have a serious continuum of interest in it.
> 
> Is it the responsibility of each application to
> develop their own solutions to the threat?

If the state is out to get you I'd just assume that everything arround you is rooted
and a wire tap and act accordingly.

> 
> No... probably not when many such apps ride on,
> aggregate muddily over, and depend on networks.
> All apps can contribute to the development
> of a diversity sound number of strongly resistant
> networks that they can then utilize and endorse
> as they would their own.
> 
> Be they overlays on top of the internet,
> enhancements to the internet,
> or new guerrilla physical plant...
> 
> That process of people contributing to
> original and ongoing development of new
> strong networks that are not susceptible to such
> Basic Bitch Adversaries as Global Vampires,
> is something more should consider.

Indeed, we'll get there eventually. 
I am just a guy that made a thing because I thought it was cool.

> 
> Same for likely figuring out how to get
> the deployment Social aspects right so
> you can circle the network wagons against Sybil.
> 
> 
> > This may or may not change.
> 
> Pity the fool who changes even one satoshi
> based on the worthless drivel herein :)

Let the record show that I am not the one making the sybil resistance claims
it's the coin team that is. I doubt them as well but I am open to being 
surprised. I orignally had another model in mind for mitigating bad actors
on the network that I still plan on implementing (eventually)
Effectively it's a f2f mesh connectivity layer to help hide traffic shape.

I am not arrogant enough to claim to be able to repell state actors from sqaure one.