In this topic I’ll try to get my head around all the different
encryption layers used for the SAFEnet. I looked into the systemdocs but I’m not a C++ programmer so I can’t get in on that level. If I’m wrong, please correct me. I love to learn about how this stuff really works on a deeper level.
I start my maidsafeclient and my ip-adres is 126.96.36.199.66.
In the client software some IP-addresses and public keys are available for me to connect to a bootstrap-node run by Maidsafe. This is to make sure I always have a safe way to connect to the network, even without peers if I just downloaded the software. Because I encrypt the data to this node, there’s no possibility for a men-in-the-middle attack. This is because the first data I sent out to this node is already encrypted. The Maidsafe node receives my message and of course I provided my own public key so we can communicate fully encrypted with each other. This is the first layer of encryption. So not your internet provider nor the NSA can look from outside the network to your communications. they have to be part of the network if they wanna know anything at all.
The next step is to request my personal file with my data-atlas and XOR-routing table. This is a file that’s stored on the network and only I can decrypt it. I decrpyt it using my username:pin:password (actually the username and pin provide the name of this file and the password decrypts it.) In here (if it’s not the first time I’m online) there’s the info to find other peers in the network. I connect to some close nodes based on XOR and they know my IP:port:public key. Remember, my data-atlas and file with personal info was encrypted using self-encryption. This is why it’s the second layer.
This is how David puts it on his blog:
Both node types join the network in fundamentally the same way. They read from either a locally cached list of previously known nodes, or they fall back to hard coded nodes in the source code. The nodes they list have IP:PORT and Public keys. The node will encrypt a message to one of these nodes requesting login (or connect). The bootstrap node gathers this info and returns it to the joining node (encrypted).
So, my close nodes have my IP:port:public key etc. So now they’re gonna watch the chunks come in and out and try to understand what I’m doing you think? Maybe they have lists of files and their chunks and try to catch me downloading an blockbuster movie from Hollywood? Well, time to add another layer of encryption. Yes, you are in group of close nodes and some of them will know your IP because they need to get data from and to your computer. So in a group of 32 close nodes (based on XOR) maybe 4 or 5 will know you IP. But now the magic starts, remember; you don’t ask for data on the network, your close nodes will. So while this group of close nodes is randomly chosen, you will connect to another group of nodes which are your (data)managers. The connection to that group will be the third layer of encryption, and maybe already a forth one! Because for something like “browsing” the Safenet you will use an identity to request data. But let’s go back a little. So, your close group connects you to the manager-group who are “somewhere” in XOR-space. This connection will be encrypted so your close nodes cannot understand the data between you and the managers. Your managers on the other hand, will understand your requests but they have no clue about who you are. To them your just another XOR-adddress that’s close to them in XOR-space. This way the close nodes will work like a proxy to protect your identity. This part is added in routing V2. And probably will be active in Testnet 3.
So, let’s look a little closer to it:
- Some of your close nodes know your IP:port etc. But they have no idea which data you Put or Get on the network.
They only see some gibberish data going between you and you manager group which they route for you.
- Your manager group can see the chunks come by (ofcourse you need a place to ask to Put or Get data) but they have no clue what your IP is. They don’t even know the IP:port of your close nodes. All they see is a XOR-address asking for data through a group of other XOR-addresses.
The fifth layer
Really, is there even more?? Yes there is. All your close nodes in XOR can change. Maybe, after months of using the system you changed a lot of the close nodes because you find nodes that are closer to you. But of course you need something to prove that you are the ID that you are. If you became like a member of some sort of youtube-like site 2 months ago, you still want to be member today don’t you? Even while all your close nodes and your XOR “friends” are gone. That’s why there are different identities in Safenet. You can even create a new one for browsing every day. Or maybe every request! But some of your ID’s will be there in your data-atlas so you can always prove that you are you. So if you connect to a friend using Safenet, and you start a chat, your ID will use a PKI-system to make sure that the connection over all the hops is encrypted. Your chat is encrypted on your own computer and will be decrypted by his computer the moment it comes in. Because the Safeclient will use a number ID’s the list of encryption-layers could go on forever.