[messaging] replay protection in asynchronous mixnets with high throughput

str4d str4d at i2pmail.org
Fri Oct 9 14:10:13 PDT 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Jeff Burdges wrote:
> p.s.  After writing this, I noticed that bizarrely I2P actually
> does roughly this : 
> https://geti2p.net/en/docs/tunnels/implementation It seems odd to
> do so since they've circuits, but maybe messages can get out of
> order in their tunnels or something.  Or maybe they're being 
> unclear.

Quoting that documentation page:

"Even though the tunnels within I2P bear a resemblance to a circuit
switched network, everything within I2P is strictly message based -
tunnels are merely accounting tricks to help organize the delivery of
messages. No assumptions are made regarding reliability or ordering of
messages, and retransmissions are left to higher levels (e.g. I2P's
client layer streaming library). This allows I2P to take advantage of
throttling techniques available to both packet switched and circuit
switched networks."

In I2P's case, replay protection is a) good for the routers, and b)
necessary to prevent certain classes of attacks. It does put upper
limits on the bandwidth that routers can share with the network, so to
balance the Bloom filter memory requirements we adjust the parameters
depending on what the router is configured to share. Our absolute
maximum was 4MBps for a long time, but after requests from users that
were filling that easily, our current maximum shared bandwidth is 16MBps
.

See [0] for our Bloom filter impl, and an analysis of false positive
rates. See [1] for how we select the size of the Bloom filter based on
the shared bandwidth and configured memory. See [2] for the decaying
hash set that we use in several other places instead of a Bloom filter.

str4d

[0]
https://github.com/i2p/i2p.i2p/blob/master/router/java/src/net/i2p/route
r/util/DecayingBloomFilter.java
[1]
https://github.com/i2p/i2p.i2p/blob/master/router/java/src/net/i2p/route
r/tunnel/BloomFilterIVValidator.java
[2]
https://github.com/i2p/i2p.i2p/blob/master/router/java/src/net/i2p/route
r/util/DecayingHashSet.java
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWGC0jAAoJEBO17ljAn7PgxdsP/1GXchrFPawRLozoiXw1R4e2
grJf4tk7izFk+ioh81XdWmNmWHZ+vHnzauFMgrYgfsmwgTZqdIPdlFy92sVbeFG9
RFyoYk6P2eVsTS4+jirgk8yvw9Rytxc+/GlpSzIJFO9WpXxQpDW2x3ImJztRF8Q1
xQy5hmT0TZaM5XtZRSk/e6/PIH5OCnDdMe+SWNdU0Is0A0MpVY7CIDyEmZR7GRD+
zeoiQUDvJb3cTWrn7fqMNlf2tfD53GcfhpW7qY5Gb7av2yT5YdEyyOP6d4+ApN+U
97Gm5sb2FAnQMFHj8ADscBzinFUSDF78qxFB+QlbUOJ/eqhMRpQ/UsYmS9fnKCD+
Q4F/aVJx/UmnITHc6IHHBz+PJmYKuvXHVW7VjT6YZd+I0Y0ryKMqiuvwHcksplV1
o4R0aM1pU9Z5AQmqz0szJV/zwslGQBeLchraPaV+uxFr6OFEPaaeIGfNO3+/H5Kh
Fi7n+7kI0bu5iazXQ1pDxAcqyB8Arz0H3y72LixozZGJkUtI9lhxoE/OTmB1EWQI
kkOQ+1yhhGVIy1lwh8XZkr8Yw/LtD9jdGpxS5phNOvyYBqk9Nc/aVi5/c9HUrg/4
tcf6LZq6bJXMqa0LAkoJQ87fQjuQUeLA4bzNV8nsk0mxTIcNnzdHHRIJwSR4W6sO
KsuvUhE9iHdzoh/7ygcn
=hM/E
-----END PGP SIGNATURE-----


More information about the Messaging mailing list