Mixnet integration #1345
Comments
github-actions
bot
added
the
I10-unconfirmed
See #1345, <paritytech/substrate#14207>. This adds all the necessary mixnet components, and puts them together in the "kitchen-sink" node/runtime. The components added are: - A pallet (`frame/mixnet`). This is responsible for determining the current mixnet session and phase, and the mixnodes to use in each session. It provides a function that validators can call to register a mixnode for the next session. The logic of this pallet is very similar to that of the `im-online` pallet. - A service (`client/mixnet`). This implements the core mixnet logic, building on the `mixnet` crate. The service communicates with other nodes using notifications sent over the "mixnet" protocol. - An RPC interface. This currently only supports sending transactions over the mixnet. --------- Co-authored-by: David Emett <dave@sp4m.net> Co-authored-by: Javier Viola <javier@parity.io>
|
I've seen that the PR is about sending transactions, which are simply gossiped out. The reason why I'm asking is that in the context of a light client, when the user wants to see for example their account balance, the light client requests a Merkle proof of the storage value of this balance from the networking. Because of this, it can probably be quite easy for the full node that receives this request to figure out who controls the light client. Another example is: before gossiping a transaction, a light client requests a call proof of Making these requests go through the mixnet would avoid this privacy problem. |
|
The mixnet supports responses via SURBs (see the spec for a short explanation, or the Sphinx paper for a longer one). Even in the transaction case a response is sent, although currently it just confirms that the transaction was imported into the recipient's transaction pool. In the future we could send enough SURBs with a transaction to allow additional responses to be sent on block inclusion and finalisation. Re using the mixnet for these light client queries, this sounds reasonable to me. Do note however that the mixnet is quite slow; with the current defaults a request+reply takes about 10 seconds on average. This could probably be improved (eg the number of hops could probably be reduced; the current default is quite conservative), but there's always going to be a significant delay that will need to be accounted for on the UX side of things. |
|
I see, thanks Are the 10 seconds caused by the fact that nodes have to connect to each other (and thus could be improved) or is it because of random delays and covert traffic? |
|
Packets are artificially delayed at each hop by a random amount (sampled from an exponential distribution); this is what provides the mixing. The two main factors controlling the time a request+reply will take are:
The 10 seconds just comes from the current fairly conservative defaults of 5 hops each way and 1 second average delay per hop. We might decide to change these parameters when the mixnet is actually deployed. |
|
Note that the seed for the random delay at each hop is determined from the shared secret for the hop, so the sender can calculate the total delay for a packet before sending it. It is possible for the sender to keep "rerolling" until it gets a low total delay. I don't know what the security implications of doing this are though, and rerolling is quite expensive as it involves a bunch of elliptic curve operations. |
|
Thanks for the details. When it comes to preserving anonymity when accessing the chain, given the constraints I feel like it's easier to instead request additional useless/covert keys (for example if you want to read your account balance, you ask for your balance plus 9 other random account balances) and frequently rotate peer, rather than use the mixnet. The only place where we can't do that is validating a transaction before submitting it (we're not going to ask the user to sign fake transactions). |
See paritytech#1345, <paritytech/substrate#14207>. This adds all the necessary mixnet components, and puts them together in the "kitchen-sink" node/runtime. The components added are: - A pallet (`frame/mixnet`). This is responsible for determining the current mixnet session and phase, and the mixnodes to use in each session. It provides a function that validators can call to register a mixnode for the next session. The logic of this pallet is very similar to that of the `im-online` pallet. - A service (`client/mixnet`). This implements the core mixnet logic, building on the `mixnet` crate. The service communicates with other nodes using notifications sent over the "mixnet" protocol. - An RPC interface. This currently only supports sending transactions over the mixnet. --------- Co-authored-by: David Emett <dave@sp4m.net> Co-authored-by: Javier Viola <javier@parity.io>
Integrate the mixnet crate to provide support for submitting transactions anonymously.
The text was updated successfully, but these errors were encountered: