We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

The Nym Mixnet

00:00

Formal Metadata

Title
The Nym Mixnet
Subtitle
Intro to a new anonymous communication network
Title of Series
Number of Parts
542
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
This talk will be about Nym, a new anonymous overlay network for the internet based on mixnet. Unlike other privacy-enhanced technologies like OpenVPN and Tor, Nym defends against global passive adversaries that have a "God's eye" view of the entire network, like the NSA. Nym does this by mixing internet packets at nodes so they do not exit the mixnet in FIFO, as well as adding fake traffic. Like Tor, any application and use SOCKS proxies to bind to Nym. As Nym is built in Rust, it also allows WebSockets and other direct integration. We can demonstrate how the Nym mix network hides network-level metadata from everything from Bitcoin to Telegram. Nym has been supported by both H2020 PANORAMX and Next Generation Internet projects on the EU level. Although the original project was started by a Neuchatel-based startup, the project takes contributions from volunteers. Mix nodes are ran in a decentralized manner and keep track of their reputation using the NYM token. Currently, there are approximately 500 mix nodes, but new nodes and applications are welcome. Nym works well for asynchronous, message-based traffic like instant messaging and e-mail, while Tor works better for synchronous, circuit-based traffic like Web browsing. Both projects should be able to work together to provide full-privacy for users.
Presentation of a groupNim-SpielDiagramComputer animation
Computational scienceCore dumpSource codeReal numberPresentation of a groupMereologyPerspective (visual)1 (number)Projective planeBitMehrplatzsystemSoftware developerLoop (music)Client (computing)Computing platformStreaming mediaDifferent (Kate Ryan album)Greatest elementComputer networkQuicksortHoaxTelecommunicationType theoryRandomizationView (database)Video gameCovering spaceNim-SpielInformation privacyDependent and independent variablesScaling (geometry)Multiplication signUniverse (mathematics)Server (computing)Data transmissionSlide ruleWordOverlay-NetzFront and back endsGodEncryptionComputer animation
Data transmissionCross-correlationQuicksortKey (cryptography)Digital electronicsFerry Corsten
Band matrixComputer networkDirectory serviceRandomizationIdentity managementComputer networkBand matrixChannel capacityGateway (telecommunications)Level (video gaming)BitQuicksortTrailMixed realitySet (mathematics)Nim-SpielRight angleLink (knot theory)WordValidity (statistics)Identity managementFerry CorstenDirectory serviceService (economics)Term (mathematics)MultiplicationIdentical particlesInformation privacyComputer animation
Ferry CorstenCategory of beingEndliche ModelltheorieRandomizationQuicksortMachine visionMereologyCASE <Informatik>TrailInformation privacyMixed realityPhysical systemSoftware frameworkComputing platformProof theoryFront and back endsComputer networkDifferent (Kate Ryan album)Type theoryCartesian coordinate systemClient (computing)Vector potentialGateway (telecommunications)Service (economics)Internet service providerOcean currentMetadataSpacetimeBitDatabase transactionComputer animation
Program flowchart
Transcript: English(auto-generated)
So the next presentation is a NIM MixNet from Jun Hockblad. So welcome, Jun. Yeah, thank you very much. Right, it's great to be here.
Presentation all seems to be working. Right, so I'll talk about NIM. Title is Intro to a New Anonymous Communication Network. There's quite a lot of overlap to the previous presentation about the concepts involved. And who am I?
My name is Jun Hockblad, or sometimes I go by just John for simplicity. From Sweden, developer. I spend my days writing Rust, back-end type things. I used to do C++ and scientific computing in a previous life. Yeah, live in Stockholm. Yeah, that's me.
Right, so the NIM MixNet was the NIM MixNet. So the basics, I mean, this is obviously free software. The source code is available on GitHub over there. It's Apache licensed. It's mostly written in Rust. All the back-end stuff is written in Rust. Some of the front-end things is TypeScript.
This was in the past. This has been funded by some EU projects. And currently, there is a Switzerland-based startup who does the majority of the development. But yeah, it's an open project. And of course, we welcome public contributions. And yeah, it's quite deeply rooted in universities as well
and university research. We have some work-loss researchers associated with the projects. So the concepts aren't things that we came up ourselves. This is state-of-the-art research. Right, so what is the problem that we're trying to solve?
We have the usual suspects, the government surveillance and surveillance capitalism. And if these four, which of these two is a problem, very much depends on where in the world you are. In some parts of the world, these things aren't that big of a concern.
For other people, this is serious matter. This is of grave concern to some people, depending on who you are and where you live. And what is the aspect that we try to tackle here? Because there's a lot of privacy platforms that tries to attack this challenge
from different perspectives. The NIMxNet is a network layer, or it's a transport layer thing. And the main challenge to be focused on is that it has become clear in the last 10 years that there's now so much surveillance going on, and there are some entities that collect so much data on a global scale that they almost
get some sort of like a God's eye view of the network. They can monitor the network on a planet scale. And they can correlate using leaked metadata, your transmission patterns, your packet sizes, timings. They can do end-to-end correlations, even though your data is sent entirely encrypted the whole way
or obfuscated. But still, if you can sort of monitor all endpoints, you can sort of still draw conclusions. You can identify who talks to who. And as we know, who talks to who is sometimes more important than what they say from a sort of surveillance perspective.
So that's sort of the angle, the challenge that we try to tackle with this. And so now I'm sort of taking a step back here. So what I'm referring to is the NIMxNet platform. So which is, then I'll use this quote here, a decentralized, incentivized NIMxNet plus private credentials. And so, yeah, my talk here will
be to try to unpack what all of this means. And we're going to start with what I think is sort of the core part is the NIMxNet, the word in the middle there. I think if you use something like Tor as a starting point, that's sort of a very good first step to understand what it is.
And just like Tor and just like the previous talk, it's an overlay network in the same way as I2P uses onion routing, where all packets are wrapped in layers of encryption to hide the fact, to hide the end destination of each packet.
It's based on the loop picks design. If you know a little bit of NIMxNet, you probably have heard about loop picks. I've put in a few citations here at the bottom if you want to read a bit more about these things. It uses Sphinx packets so that the idea is that all packets are wrapped into these identically looking
and identically behaving packets to sort of hide its subsizes and timings. And also, each packet as it moves through, because NIMxNet is, I mean, OK, so something I forgot to mention. NIMxNet is very much what it sounds.
It's data. You send through data, multiple hops. You mix data as much as you can through a cloud of nodes. At each node, I'm going to have some pictures on the next slide to illustrate it better. But yeah, on each hop in the network, you add things like random timings, which effectively reorders traffic.
You add cover traffic, which cover traffic can appear in many ways, either between the nodes. But also, for example, if you use a client connected to network to transmit data, you emit Sphinx packets at a steady average rate. So it's not a steady rate, but it's
like this is probabilistic how you send the packets. But you send a steady stream of packets, either fake or real ones. So when you have real data to send, you just fill up the packet stream, the packets that you send out fill up with real data. So from the outside, you can't tell when you're actually sending, when you're bursting data.
You attach SERBs, or single-use reply blocks, in your packets so that if you make a request across the network to get something back, you attach these headers, these metadata, so that the response can be sort of layer-encrypted and sent back so that on the other side,
the server doesn't know where the end destination is. So you hide your identity, but you still allow the other side to reply back to you. This picture, the first one there, ordinary VPN. And a VPN doesn't give you any anonymity.
It just moves trust. So the guy in the middle there, you can still see where data is coming from, where data is going. The second one, you have things like Tor, where you have these nodes in the middle, where you open up a circuit through the swarm of nodes, and you pump data through. And here, you have MixNet set up,
where each packet is mixed individually, so you don't open up a circuit like Tor, for example. Each packet is sent as an individual pass-through. And the idea here, the crucial thing, is that on the other side, you see these packets there. They're colored white now instead of red, and they're the same size. And you shouldn't be able to tell.
You can't tell. You can't correlate who's the data on the other side compared to on the sender side, which you can in many other systems, because you can't correlate transmission patterns, timing, sizes. So even if you can monitor all the data, all the exit
data from this MixNet cloud, you still can't correlate who talks to who. That's sort of the key thing here. And yeah, so if we go back then to this quote, so decentralized, incentivized MixNet plus price
credentials, what do we mean by incentivized? By incentivized, we mean that the network directory, which keeps track of all the mix nodes and the gateways. Gateways are a bit like exit nodes in Tor. They are constantly being monitored. So the network directory is effectively
a set of validators running a consensus protocol, and they keep track of all the mix nodes, how well they mix traffic, how well they contribute capacity to network, giving them NIMs for it, which in turn can be turned around and used to acquire bandwidth credentials, coconut credentials is the academic term.
And the idea is that we also, because this is always a problem when you have something like this. With volunteers, you only get so far. Anonymity of privacy loves company. You want to disappear in the crowd. So you want to encourage people to provide capacity to the network at the same time as they're using it. That's the idea.
Because otherwise, it becomes difficult to scale up above a sort of very sort of base level. But if you want to make this available for the broader public, you need more capacity. And this is a way that we hope we can achieve this. And these private credentials, the idea
is that you break the linkability between your identity and your right to use the service. And it's a very deep topic on its own. Here's the citation. There are some cryptographic buzzwords here. As well as listed them, re-randomizable means that if you use the same bandwidth
credential multiple times, it's indistinguishable from multiple people using different credentials from the person redeeming this. But yeah, the idea is you want to sort of, you want to break the link between your identity and your right to use something.
And yeah, okay, so the first word there, decentralized. It's not too much to add there. I mean, we have a running network. It's 500 mixed nodes currently. And yeah, the vision is that this becomes sort of self-running. It should be like have a, you shouldn't have an,
but we won't have any like, what's the term? Anti-fragile funding model. We don't want it to be reliant on a specific company or some funding body or donations or anything. We want this to have robustly running on its own, run by the community entirely long-term.
That's sort of the vision here. Even though currently we have a startup that sort of does the most of the development, we should in turn, like long-term, we should be able to hand this off as sort of the ID. There's a picture.
So this is all running currently. This thing that is currently sort of in deployment or sort of being rolled out are these credentials. Currently it's free to use the main network. We have all these clients. There's stock supply clients. There's AWS clients. There's a native running client exposing a WebSocket.
The mix nodes up there. When you use a user, you connect to the gateway, which is like entry and exit nodes for a tour. You mix the traffic. You exit on the gateway too and you can have service providers. There's the set of validators, keeping track of all the nodes in the system.
Yeah, there's a lot to take in here. Probably a lot of details there. I'm not sure it's all visible towards the end, but yeah, that's pretty much it. Thanks for your time.
Yeah, thank you a lot for a nice talk. Yeah, thank you for listening. And I think that have some time, so theoretically they could spend it, asking a question at least for two minutes here and then after it we can discuss it outside.
Two minutes. Hi, can you imagine the NIMP framework also to be integrated into another proof of stake based cryptocurrency as a backend in the future maybe? What did he say first there? Can you imagine that the main part of the NIMP framework,
like the mix nodes and everything around it can also be attached to an existing proof of stake based other cryptocurrency that is not currently part of your ecosystem? Well, so I mean, a big use case of this is that this is sort of on the network layer.
So that means it's a big use case is you have all these other privacy systems where in this crypto space where they have this privacy preserving services, but they still leak metadata at the bottom layer. You still leak metadata when you broadcast transactions and things like this. So I think if this were like to integrate this in other systems in this space,
then it will be in that layer, sort of the transport layer. So yeah, so there's a lot of potential for integrating with other privacy platforms, I think. And in general with these, I mean, there are a lot of privacy platforms and I think what we need is a sort of robust ecosystem. There is no single solution that solves all our problems.
We need a robust ecosystem for different solutions, for different types of problems or different categories of problems. So, I mean, I don't see this as a competitor to other systems, it's more they complement each other. For example, like when you add this, you add random delays, for example, that of course, you know, you have means,
you sort of compromise, you give up a bit of latency, which is, you know, it works very well for asynchronous communication, but might not work so well for other categories of applications. So I think something like this, there's also the complement store, it doesn't replace the store, it sort of complements it.
Yeah. Okay. Thank you again, Yun. If there's any more questions, just grab me afterwards. Just go there and ask questions. Thanks.