Verifiably unpredictable ids (revised) #8
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thanks @rendaw! I'll take a look when I get a chance. |
|
Been a long while, but I finally had a chance to look at these suggestions. I think at this point the library is flexible enough that many of these could be implemented at the storage level (via a custom storage class, which the lib supports). In the aggregate, I think that functionality could exist as a separate library that uses this one to add unpredictable ids. Please feel free to reopen if you still see a need and want to discuss. Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
To continue our conversation from the previous ticket,
I'd be interested in seeing what some other projects are doing. In my project, I sign the values and include a hash of the signing key's fingerprint in the key.
However, without changes at the protocol level it's still possible for malicious entities to intercept traffic. If an application signs and validates values then a hostile node can't forge data, but it can deny the existence of data which is enough to censor the network.
This patch changes node ID generation and adding to the routing table.
Each node creates a secret value (the seed). From that, it creates a private signing key and a public verification key. The node's ID is (hash of the verification key, the verification key).
When the local node encounters a new remote node, it sends a challenge message (random) to the new node. The new node signs the challenge and sends the signature. The local node validates the signature before adding the node to its routing table.
This serves two functions. As with the previous patch, because the ID value used for routing is a hash, a malicious entity cannot choose it freely, say, to match the key of a known value. Secondly, completing the challenge to new nodes requires knowledge of the secret key, so a malicious entity couldn't craft a node to impersonate another known node.
This is a significant departure from the original paper so I'd understand if it's not the sort of thing you want to include here. I think censorship is a concern for many use cases though, so it may be of practical interest.
And, as with the previous patch, I'm not a security expert so please take this with a grain of salt.