Open Stebalien opened 6 years ago
Related to but not a duplicate of https://github.com/ipfs/notes/issues/162
While at it, let's make sure to consider how to make it private.
While at it, let's make sure to consider how to make it private.
@diasdavid, @jbenet and I discussed this yesterday and he had several really nice ideas.
The core idea is that, instead of calling Put(key, value)
, we can call Put(Hash(key), Encrypt(DeriveSymmetricKey(key), value))
. This obviously doesn't work for records with one value like IPNS records but works really well for both provider records and PeerInfo records. This obviously assumes that key
has sufficient randomness.
He also proposed an extension where the record author can put an additional "challenge" key that the record author can prove knowledge of to fetch the record. However, that may not be that useful given that DHTs are supposed to allow neighbors to fetch keys from each other on join.
I also proposed an additional privacy enhancing extension where one can use Hash(key || date)
so that provider records get moved around. Juan extended this with Hash(key || date || counter)
allowing users to post multiple records in different areas of the DHT (helps both with privacy and, possibly, reliability).
This should make the network significantly harder to enumerate.
We can also use these features to get basic capabilities.
//cc @mafintosh here who has been thinking a lot on how to make DHTs private and is currently building one (or something to add this functionality).
Additional notes:
Because these records are encrypted, it will be impossible for DHT nodes to filter out "bad" peer routing records (or content routing records).
Solution: Allow peers to explicitly expose the unhashed key so that DHTs can perform additional validation.
More generally, we've found that we'd like a DELETE function for the DHT.
/inbox/peerA
. When peer A comes back online, it would download and then clear all messages on the DHT (not currently possible).One issue that has been plaguing us in the DHT is adding new datatypes. Our plan is to fix this with IPRS and arbitrary WASM functions however, at the moment, this has some pretty significant drawbacks:
When thinking about https://github.com/libp2p/go-libp2p-kad-dht/issues/189#issuecomment-414490287, I realized that there's a way to significantly improve the current situation without necessarily adding full IPRS: We can use one protocol per record type.
That is, we can have a "separate" DHT for each key type. At the end of the day, this won't really cost us anything, we're just creating multiple overlay networks. To add a new key type, we'd:
/p2p/dht/MyTypeName/1.0.0
).This would allow users to:
This should add almost no overhead as the nodes will keep the same IDs in all the DHTs (so the routing tables will be almost identical).
Note: This'll also allow applications to register external DHTs using the HTTP API (kind of like the ipfs p2p
feature).
The difficult issue here will be finding these "sub" DHTs. That is, finding peers participating in them. This is basically the rendezvous/discovery issue but the tricky part is that these "sub" DHTs may be massive (the size of the DHT) to tiny (a few nodes).
@Stebalien for the messaging system quasar might is of interest for the DHT. It's very effective in the terms of routing, give it a quick read if you have the time. The only problem I see right now with quasar is the filter propagation which take a few minutes with the current mechanism (but I guess we can come up with sometime more effective).
Sounds pretty slick @Stebalien
@florianlenz that looks like a pubsub system. We actually have a separate pubsub implementation and even have a "value store" adapter for pubsub (which we use for IPNS over pubsub).
The difference here is that a DHT stores values (temporarily) so members can join and leave and still get published values.
So I finally got around to writing up a proposal for a refactor followed by a new protocol: https://github.com/libp2p/research-dht/pull/8
Thoughts @Stebalien @daviddias @anacrolix
Ton of DHT notes at https://github.com/gpestana/notes/issues/8 by @gpestana
Looks like the TOR project had put a lot of thought into this: https://github.com/torproject/torspec/blob/master/rend-spec-v3.txt
So, we've accumulated quite a few "if only"s in the DHT. We should start thinking about what we'd like in a DHT 2.0.