F2F UDP mesh net prototype proof of concept "Covfefe Net"

Zenaan Harkness zen at freedbms.net
Sun Oct 20 02:58:37 PDT 2019 

On Sat, Oct 19, 2019 at 03:52:30PM +1100, Zenaan Harkness wrote:
> On Fri, Oct 18, 2019 at 09:06:09PM +0100, Steven Schear wrote:
> > Isn't that why networks like i2p exist?
> 
> There is at least 1 attempt to rewrite I2P, and he is not even
> interested in the core improvement - chaff fill.
> 
> Tor is fundamentally compromised, as Juan correctly points out:
> 
>  - TCP, not UDP, as base protocol
> 
>  - no chaff fill
> 
>  - independent "core router" operators, e.g. Jacob Applebaum, have
>    been purged from Tor core group - in a rather brutal public
>    lynching manner (classic CIA psy op)
> 
> 
> I2P is not government funded, and so "new user/ high speed internet/
> low latency" experience, is not enticing to said new users.

This ought be fixable with a suitably compelling design.


> A fundamental difference from Tor's "core high performance routing
> nodes" and TCP (connection base mode) compromises (along with chaff
> fill), are:
> 
>  - mesh network
>  - UDP connectionless base network
>  - chaff fill
> 
> For any network, your entry nodes are a fundamental privacy problem/
> issue.
> 
> Tor settled on "choose 1, stick with it for a few months or more,
> since the more you hop, the greater the chance you hit a compromised
> entry node anyway".
> 
> A fundamental difference for an alternative needs to be F2F - friend
> to friend connections. You -must- find meat space humans who join in
> your freedom/liberty network, if you want the possibility of not
> being immediately GPA statistically sniffed.
> 
> I'll have a look see...


OK, most of the bits I am comfortable with, although it will take
some weeks to code up a Java GPL3 Linux based proof of concept.

This shall be an attempt to establish what we need to know, so will
almost certainly be rewritten at least once, as we figure out what we
didn't know, and need to do, to make something approaching a "proper"
design and implementation.

See https://github.com/zenaan/covfefe if you wish to follow along
with this exploration.


Some basics:

  - UDP base protocol
    - at least initially
    - (lower/ higher/ HTTP tunnel bridges etc later)

  - 100% P2P, no central auth needed

  - trust metrics for "friends" (the F in F2F)
    - configure default provision/ reservation of available bw for
      friends/ various "trusted peer" levels of trust
    - the rest can make do with the rest of the available bw

  - TUN/TAP based, Linux is comfy here (OpenVPN has Windows drivers),
    this allows ready userspace development iteration

  - back of envelope calc for 24/7 connection at 8 Kibit/s (1 KiB/s):
    https://en.wikipedia.org/wiki/Data-rate_units

    seconds / day = 60*60*24 = 86400
    bytes / day   = 86400 * 1 * 1024 = 88,473,600
    MiB / day = (bytes/day)/1024^2 = 84.375
    GiB / month = ~2.5

  - end user node originated routing (similar to Tor)
    - implies a node needs to know about other nodes
    - peer nodes provide info about their immediate peers
      - possibly also about peers they've been informed of

  - peerInfo contains asserted trust metrics
    - third hand trust is below first hand trust

  - meat space trust assertions are primary trust source

  - with Tor Browser and no local node, user is with high certainty
    exposed to deep pocketed GPAs running majority of entry nodes
    - you NEED at least 2, possibly more (need thought on this)
      "trusted" peers to have sane net entry

  - Sybil attacks:
    We are out-competed in any trustLESS network (well funded GPAs);
    - so we have no option but to establish at LEAST 2, possibly at
      LEAST more than 2 (idk yet), meat space "trusted" humans, at
      least for certain or most network entry
    - in a very real way, in this way CovfefeNet will mirror real
      relationships in our day to day life
    - yes, you may choose to trust someone you've never met, but have
      built a long term communication relationship with online for
      example - you must decide who and for what purposes, you trust
      any individual

  - initial F2F connection is a control socket (UDP) and one or more
    uni- or bi-directional data sockets (UDP)

  - If you have NO one you can trust in meat space, you're Shit Outta
    Luck, sorry... your #1 job is to engage with real live humans and
    establish actual relationships - you might have to go through a
    few dozen - or a few 100 - to find the gem you can trust. There
    is no other way. Sorry about that, but reality is our tutor by
    default.

  - serialization (of e.g. control messages), some combo of:
    - YAML, or a YAML subset
    - protobufs

  - DJB's nacl crypto
    - possibly Linux LUKS volumes for local store
    - LUKS supports also Veracrypt for Windows compat

  - STUN etc NAT router port busting libs and protocols

  - if you want something approaching "secure", don't even consider
    MS Windows or MacOS

  - available node bandwidth us known/configured, and/ or established
    over time
    - available node bw may drop off a cliff, e.g. when shaped by ISP
    - available node bw may suddenly rise, e.g. when unshaped by ISP

  - strict bw control qdisc (Azureus Vuze seems to do rather well)
    - strict priority queueing for control sockets
    - possible "realtime" data socket qdisc (QoS) for e.g. phone
      calls
    - preference for Friend peers
    - reserve headroom X KiB/s for friend peers
    - hand out remaining [CONFIGURED KiB/s] to incoming requests

  - connect to known contacts/ peers/ "friends"
    - peer provides set of 1r (once removed) peers, they provide 2r
      (twice removed) peers etc
    - additional connections may be made to additionally known peers
    - maintain peers (metrics) db over time

  - "friendly" control / intention notifications, optional
    - "I intend to stay online until T time"
    - "I seek 2.5 hours at 10KiB/s rt QoS" (e.g. phone call)
    - "I am about to go offline, in D duration"
    - possible friend response request "Please give me +10 minutes"
    - possible responses ACK, NAK, or no response


Has anyone here coded, or knows someone who's coded network stream
queueing and shaping code for bittorrent or similar?

I'm not clear on how best to individually shape (i.e. strictly
control) a few thousand UDP connections - think data structures.
  - Not reading from a peer's incoming port will presumably cause the
    sender's queue to block up, but we're doing a "request BPS bw for
    T time period" model, so we can do much better than relying on OS
    queueing, namely we can stay below "known bandwidth" of our
    respective (local) physical links

Short of direct answers as to functional ADTs (maps, rings, cascading
priorities, etc), I shall investigate torrent clients and bone up on
qdiscs.

Keep in mind, at least primary routing decisions are all made by the
origin peer - although the possibility of mid-hop multi path stream
setup of some sort might be useful (but imagine your GPA killing your
lone origin connection to establish that yes, it's you
sending/receiving that particular stream in the middle):
  
  Multipath TCP: an overview [2013]
  https://lwn.net/Articles/544399/

  Upstreaming multipath TCP [2019]
  https://lwn.net/Articles/800501/

More information about the cypherpunks mailing list