mirror of
https://github.com/cwinfo/yggdrasil-network.github.io.git
synced 2024-11-08 18:50:26 +00:00
Update about.md
Add more links.
This commit is contained in:
parent
397cc5f5b3
commit
e51337ee8f
14
about.md
14
about.md
@ -1,6 +1,6 @@
|
||||
# About
|
||||
|
||||
Yggdrasil is an encrypted IPv6 network running in the `fd00::/8` address range.
|
||||
Yggdrasil is an encrypted IPv6 network running in the [`fd00::/8` address range](https://en.wikipedia.org/wiki/Unique_local_address).
|
||||
It is an experimental/toy network, so failure is acceptable, as long as it's instructive to see how it breaks if/when everything falls apart.
|
||||
|
||||
IP addresses are derived from cryptographic keys, to reduce the need for public key infrastructure.
|
||||
@ -26,18 +26,18 @@ An address is assigned from the `fd00::/8` prefix, according to the following:
|
||||
The first bit of the second byte is used to flag if an address is for a router (`fd00::/9`), or part of an advertised prefix (`fd80::/9`), where each router owns a `/64` prefix with the 9th bit of the address set to 1.
|
||||
This allows the prefix to be advertised to the router's LAN, so unsupported devices can still connect to the network (e.g. network printers).
|
||||
|
||||
The NodeID is a sha512sum of a node's public encryption key.
|
||||
The NodeID is a [sha512sum](https://en.wikipedia.org/wiki/SHA-512) of a node's public encryption key.
|
||||
Addresses are checked that they match NodeID, to prevent address spoofing.
|
||||
As such, while a 128 bit IPv6 address is likely too short to be considered secure by cryptographer standards, there is a significant cost in attempting to cause an address collision.
|
||||
Addresses can be made more secure by brute force generating a large number of leading `1` bits in the NodeID.
|
||||
|
||||
### Cryptography
|
||||
|
||||
Public key encryption is done using the `golang.org/x/crypto/nacl/box`, which uses Curve25519, XSalsa20, and Poly1305 for key exchange, encryption, and authentication.
|
||||
Public key encryption is done using the `golang.org/x/crypto/nacl/box`, which uses [Curve25519](https://en.wikipedia.org/wiki/Curve25519), [XSalsa20](https://en.wikipedia.org/wiki/Salsa20), and [Poly1305](https://en.wikipedia.org/wiki/Poly1305) for key exchange, encryption, and authentication (interoperable with [NaCl](https://en.wikipedia.org/wiki/NaCl_(software))).
|
||||
Permanent keys are used only for protocol traffic, with random nonces generated on a per-packet basis using `crypto/rand` from Go's standard library.
|
||||
Ephemeral session keys are generated for encapsulated IPv6 traffic, using the same set of primitives, with random initial nonces that are subsequently incremented.
|
||||
Ephemeral session keys (for [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy)) are generated for encapsulated IPv6 traffic, using the same set of primitives, with random initial nonces that are subsequently incremented.
|
||||
A list of recently received session nonces is kept (as a bitmask) and checked to reject duplicated packets, in an effort to block duplicate packets and replay attacks.
|
||||
A separate set of keys are generated and used for signing with Ed25519, which is used by the routing layer to secure construction of a spanning tree.
|
||||
A separate set of keys are generated and used for signing with [Ed25519](https://en.wikipedia.org/wiki/Ed25519), which is used by the routing layer to secure construction of a spanning tree.
|
||||
|
||||
## Locators and Routing
|
||||
|
||||
@ -50,7 +50,7 @@ In particular, nodes try to maximize: `<bandwidth to next hop> / <expected lengt
|
||||
|
||||
### Spanning Tree
|
||||
|
||||
A spanning tree is constructed with the tree rooted at the highest TreeID, where TreeID is equal to a sha512sum of a node's public ed25519 key (used for signing).
|
||||
A [spanning tree](https://en.wikipedia.org/wiki/Spanning_tree) is constructed with the tree rooted at the highest TreeID, where TreeID is equal to a sha512sum of a node's public [Ed25519](https://en.wikipedia.org/wiki/Ed25519) key (used for signing).
|
||||
A node sends periodic advertisement messages to each neighbor.
|
||||
The advertisement contains the coords that match the path from the root through the node, plus one additional hop from the node to the neighbor being advertised to.
|
||||
Each hop in this advertisement includes a matching ed25519 signature.
|
||||
@ -86,7 +86,7 @@ That happens through 3 steps:
|
||||
|
||||
1. The address is unpacked into the known bits of a NodeID and a bitmask to signal which bits of the NodeID are known (the unknown bits are ignored).
|
||||
2. A DHT search is performed, which normally results in a response from the node closest in the DHT keyspace to the target NodeID. The response contains the node's curve25519 key, which is checked to match the NodeID (and therefore the address), as well as the node's coordinates. Incorrect responses are ignored.
|
||||
3. Using the keys and coords from the above step, an ephemeral key exchange occurs between the source and destination nodes. These ephemeral session keys are used to encrypt any ordinary IPv6 traffic that may be encapsulated and sent between the nodes ([forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy)).
|
||||
3. Using the keys and coords from the above step, an ephemeral key exchange occurs between the source and destination nodes. These ephemeral session keys are used to encrypt any ordinary IPv6 traffic that may be encapsulated and sent between the nodes.
|
||||
|
||||
## Project Status and Plans
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user