Bitcoin Forum
September 25, 2016, 12:16:23 PM *
News: Latest stable version of Bitcoin Core: 0.13.0 (New!) [Torrent]. Make sure you verify it.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: end-to-end encrypted, fully distributed Internet protocol  (Read 1698 times)
awwright
Newbie
*
Offline Offline

Activity: 25


View Profile
November 22, 2010, 07:09:19 AM
 #1

Bitcoin and this idea seem to have similar goals, so I want to ask for input or for similar ideas out in the wild:

There has been a lot of talk about the IPv4 address space running out very shortly. However this is funny, because there are no such things as shortages in a free market. So what is going on here? Currently IP addresses are assigned by a central authority (or at least delegated by one). In fact, the ARIN goes as far to say that you do not own your IP address. Yikes! This means Apple or Ford cannot sell off their IP addresses that are unused but assigned to them in a /8 block (something like sixteen million addresses!). If a market were allowed to form, this would allow IP addresses to be allocated to their most urgently demanded use, as well as spur growth towards less costly forms of communication, like IPv6 or this idea:

What if you could simply generate an IP address to use? Specifically, what if you could use a public/private key pair to communicate? You simply encrypt a message for particular key, and pass it to a router, and the router figures out how to get it to its destination. IP addresses would be the hash of the public key each side is using, and you could generate these almost limitlessly. A Man-in-the-middle attack would be completely impossible, since the IP address is based on the private key that can read the message -- you would have to knowingly (but maybe mistakenly) send the message directly to an attacker.

How would these messages be routed? Each router would be physically connected to a dozen or so other routers, as it is now. Using a probabilistic algorithm, the router passes the message to another router it believes is closer to the recipient, if everyone is connected to a dozen other people, most messages could be passed in six hops. If the algorithm is a simple bloom filter, you could store routing tables with a 99.9% success rate for a trillion individual IP addresses in 2 TB (the necessary size of a bloom filter increases proportionally to the number of items it stores, which could pose a problem... I'm not sure if this is any worse than the current situation though).

Perhaps someone can suggest something better?
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1474805783
Hero Member
*
Offline Offline

Posts: 1474805783

View Profile Personal Message (Offline)

Ignore
1474805783
Reply with quote  #2

1474805783
Report to moderator
1474805783
Hero Member
*
Offline Offline

Posts: 1474805783

View Profile Personal Message (Offline)

Ignore
1474805783
Reply with quote  #2

1474805783
Report to moderator
1474805783
Hero Member
*
Offline Offline

Posts: 1474805783

View Profile Personal Message (Offline)

Ignore
1474805783
Reply with quote  #2

1474805783
Report to moderator
grondilu
Legendary
*
Offline Offline

Activity: 1134


View Profile
November 22, 2010, 07:14:57 AM
 #2

How would these messages be routed? Each router would be physically connected to a dozen or so other routers, as it is now. Using a probabilistic algorithm, the router passes the message to another router it believes is closer to the recipient, if everyone is connected to a dozen other people, most messages could be passed in six hops. If the algorithm is a simple bloom filter, you could store routing tables with a 99.9% success rate for a trillion individual IP addresses in 2 TB (the necessary size of a bloom filter increases proportionally to the number of items it stores, which could pose a problem... I'm not sure if this is any worse than the current situation though).

I think mesh networks, such as Netsukuku or Batman, work more or less like this.  But these are not internet networks anymore.  They are alternative, quite experimental, networking protocols.
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
November 22, 2010, 09:48:53 AM
 #3

The idea of decentralizing IP attribution is really interesting.
But you would force routers to perform non-constant operations (index searches) to find the correct route, wouldn't you?
Today, I think (really not sure), routers can figure out the route in constant time, just by looking at the IP.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
November 22, 2010, 10:02:19 AM
 #4

Maybe it could make routing easier if instead of generating independent keys, you use signed certificates. This way the certificates could follow some sort of hierarchy. Your cert is signed by your ISP cert which is signed by the backbones certs your ISP uses and so on...
Then routers would only have to index the certificates of the backbones... the index could get quite smaller. But anyway, routing would become a much heavier process than it is in IP.

Interesting idea. I had never heard it before.
There's practically no chance that it would ever happen though.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
awwright
Newbie
*
Offline Offline

Activity: 25


View Profile
November 22, 2010, 10:33:39 AM
 #5

I think mesh networks, such as Netsukuku or Batman, work more or less like this.  But these are not internet networks anymore.  They are alternative, quite experimental, networking protocols.
What I'm looking for is something that scales massively, to trillions of IP addresses at least.

The idea of decentralizing IP attribution is really interesting.
But you would force routers to perform non-constant operations (index searches) to find the correct route, wouldn't you?
Today, I think (really not sure), routers can figure out the route in constant time, just by looking at the IP.
A lookup on a bloom filter would be a constant time (relative to what?) lookup too, you hash the IP address and get a few indexes from it (10 seems to be the most efficient), and lookup the number stored in each memory location. If any of the numbers is zero, you know the IP is not accessible from that direction. Else, you just choose the one with the lowest numbers. For a new IP that would be ten seek()s on a hard drive, else it is cached in memory..

Maybe it could make routing easier if instead of generating independent keys, you use signed certificates. This way the certificates could follow some sort of hierarchy. Your cert is signed by your ISP cert which is signed by the backbones certs your ISP uses and so on...
Then routers would only have to index the certificates of the backbones... the index could get quite smaller. But anyway, routing would become a much heavier process than it is in IP.
That would work and make things more efficient as long as there is a single way into the network. However, you have to validate the signatures, start worrying about overhead. I mean, a SHA1 hash is 320 bits. That could also lead the way to filtering routers dropping packets based on ISP, or similar (not that there would be anything wrong with that).

Other considerations are economizing traffic and handling malicious routers... I imagine you would implement some sort of algorithm that would disconnect bad routers that are infecting routing tables as well as pass packets along their lowest latency path (not congesting one router if there's a less loaded one available). Malicious routers seem to be a problem even today, if an ISP create an "Internet black hole" with bad routing settings!
bober182
Full Member
***
Offline Offline

Activity: 196

127.0.0.1


View Profile
November 22, 2010, 09:30:56 PM
 #6

Or we can add another block so IPs are now XXX.XXX.XXX.XXX.XXX making it have 255 times more exponents.

13NuAQaChtoTgvX8J68Zjy4AUR6hhugpXM Donations for anything and everything.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If society abolishes adventure the only adventure left is to abolish society.
awwright
Newbie
*
Offline Offline

Activity: 25


View Profile
December 02, 2010, 02:32:50 AM
 #7

Idea: Would it be possible to IP over Tor, and implement Tor over plain Ethernet (instead of IP)?
So then we just use public keys (.onion addresses) as IP addresses?

The idea is this: Something that can deliver a packet to the holder of the private key that packet is encrypted with (with the same reliability and all of IP).
The Madhatter
Hero Member
*****
Offline Offline

Activity: 490


My avatar pic says it all


View Profile
December 02, 2010, 02:34:47 AM
 #8

Look at Onioncat.
BioMike
Legendary
*
Offline Offline

Activity: 1218


View Profile
December 02, 2010, 08:04:55 PM
 #9

IPv6 is hardly coming from the ground (you can do point to point encryption with that), good luck to get this implemented world wide scale. Also, your idea seems to generate a huge amount of overhead, which makes things slow. Nice idea, though.
awwright
Newbie
*
Offline Offline

Activity: 25


View Profile
December 02, 2010, 08:44:53 PM
 #10

IPv6 is hardly coming from the ground (you can do point to point encryption with that), good luck to get this implemented world wide scale. Also, your idea seems to generate a huge amount of overhead, which makes things slow. Nice idea, though.
I can do end to end encryption with IPv6? How do I verify the person at the other end?

The overhead isn't as great as I thought it was, IPv6 addresses are 128 bits, an MD5 hash is the same size, and a SHA1 hash is 160 bits. Routers do not need to know anything about the encryption, they are only looking at the packet header, the same things that they look at in the IPv4 and 6 packet.
jgarzik
Legendary
*
Offline Offline

Activity: 1470


View Profile
December 02, 2010, 09:06:03 PM
 #11

I can do end to end encryption with IPv6? How do I verify the person at the other end?

Google for IPsec.

Jeff Garzik, bitcoin core dev team and BitPay engineer; opinions are my own, not my employer.
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
mizerydearia
Hero Member
*****
Offline Offline

Activity: 574



View Profile
December 02, 2010, 09:09:41 PM
 #12

I suggest some of our technical experts/developers that are interested to join dns-p2p community to help establish their project, because in a sense both projects are related and can use similar underlying techniques in implementation and possibly compliment each other.

efnet #dns-p2p
http://dot-p2p.org
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!