Foundations

Onion Routing

Onion routing protocol enables Tingl clients to obfuscate their addresses by creating a 3 hop randomized circuit in the Service Nodes network. Onion routing is simple protocol which successfully encrypts each request for each of 3 hops. This ensures:

The first hop knows client’s address but doesn’t know request destination,
The middle hop only knows the previous and next hop in the circuit,
The last hop knows recipient address, but doesn’t know the source of the request.

Each client establishes onion circuit on startup and once established, uses it for communication inside the network. To establish this circuit, a client chooses three Service Nodes from their Service Node list at random. A client creates an onion, with each layer being encrypted using X25519 identity key of its respective node. This onion is sent to the first Service node in the circuit. This Service Node then decrypts its layer of onion, thus getting the address of the next hop and passes the request forward. The middle Service Node does the same passing the request to the last hop. The last Service Node decrypts the final layer of onion, gets recipient address and passes the request to it. When the request reaches the final node in the path, this node generates a message to the source node and sends it back via previously established path indicating succesfully established circuit.

After receiving the request, recipient decrypts it and generates response. The response is being encrypted using ephemeral X25519 key of the source client and sent back via the same path. Ephemeral key is attached to the request by the source client.

Kademlia DHT

Kademlia Distributed Hash Table (DHT) serves two important purposes: DHT is used as a node discovery tool and as a content routing. Essentially DHT enables Service Node network to store user data distributed in the network and provide a way for clients to request stored content. Also DHT enables Service Nodes to discover and announce new nodes in the network.

DHT is a network of nodes, where each node is identified by unique node ID. The node ID serves not only as way to identificate a node, but also to locate values in the network. In fact the node ID provides a direct map to the information stored on that node. When searching for some value, the client needs to know the assotiated key and explores the network in several steps. Each step finds a node closer to the key until the contacted node returns a value or no more closer nodes could be found. Estimated number of steps required to get the response is only $O(log(n))$ out of n total nodes in the network, which is quite efficient.

Tingl uses libp2p DHT(https://github.com/libp2p/specs/tree/master/kad-dht) implementation to build a storage layer and peer routing component.

Publish/Subscribe is a system where peers congregate around topics they are interested in. Peers interested in a topic are said to be subscribed to that topic. Peers can send messages to topics. Each message gets delivered to all peers subscribed to the topic. Tingl uses Pub/Sub system to distribute peer discovery and other network metadata between Service Nodes.

Tingl uses libp2p gossipsub (https://docs.libp2p.io/concepts/publish-subscribe/) implemenation to build Publish/Subscribe system in the network.

PreviousThreat Model NextBuilding on Foundations

Last updated 1 year ago