Scalability through Prefix Filtering
Contents
Introduction
This page describes a proposal for a way to make Bitmessage scalable.
NOTE: This proposal is not yet complete, as some aspects of proposed system are not yet resolved. Suggestions and contributions are welcome.
Summary of the proposal
- Each Bitmessage address has a 'prefix' and a 'prefix length'. These values determine the balance between anonymity and efficiency that the owner of the address will have when retrieving messages from the network.
- Each node in the Bitmessage network has a 'prefix' and a 'prefix length'. These values determine what part and what proportion of the total network traffic the node will handle.
- Groups of nodes form overlapping 'streams' based on their prefix values.
- As the network grows or shrinks, nodes move to a higher or lower stream in order to handle a greater or smaller proportion of the network object traffic.
- As the network grows or shrinks, addresses move to a higher or lower stream in order to maintain the balance between anonymity and efficiency desired by the address's owner.
- Nodes maintain long-lived connections to nodes in their own stream and 'nearby' streams that are 'nearby' in the stream hierarchy, but also temporarily connect directly to nodes in any stream when necessary.
- Each Bitmessage object has a prefix nonce. This value determines the object's destination stream.
- Objects propagate in their destination stream and lower streams of the same branch.
- Nodes process objects in their own stream and lower streams of the same branch.
Reasoning behind the proposal
There are three basic possible approaches to making Bitmessage scalable (credit to Dokument for this summary):
Nothing (or everyone gets everything)
- Everyone user gets every message.
- Massive bandwidth and disk space and processing usage, eventually becomes completely unsustainable.
- Most private.
Streams
- Take the above and split it into pieces.
- Still potential for lots of bandwidth/disk space/processing usage.
- There are problems with binding addresses to one stream, and there are problems with not binding addresses to streams. Both sets affect privacy.
Scaling without streams
- The same as the first method except only some messages are saved (once the network grows beyond a certain point).
- Requires two part messages.
- Requires a lot of thought and processes to effectively hide receiving a message.
This proposal outlines a method for implementing streams that avoids or reduces many of the difficulties with previous stream proposals.
Proposed changes
Object
Under this proposal, Bitmessage objects would be composed as follows. This can be compared to the current specification found at https://bitmessage.org/wiki/Protocol_specification#object.
Field Size | Description | Data type | Comments |
---|---|---|---|
8 | nonce | uint64_t |
Random nonce used for the Proof Of Work |
8 | expiresTime | uint64_t |
The "end of life" time of this object (be aware, in version 2 of the protocol this was the generation time). Objects shall be shared with peers until its end-of-life time has been reached. The node should store the inventory vector of that object for some extra period of time to avoid reloading it from another node with a small time delay. The time may be no further than 28 days + 3 hours in the future. |
4 | objectType | uint32_t |
Four values are currently defined: 0-"getpubkey", 1-"pubkey", 2-"msg", 3-"broadcast". All other values are reserved. Nodes should relay objects even if they use an undefined object type. |
1+ | version | var_int | The object's version. Note that msg objects won't contain a version until Sun, 16 Nov 2014 22:00:00 GMT. |
4 | prefixNonce | uint32_t | The object's prefix nonce. This determines which streams the object will propagate in. |
? | objectPayload | uchar[] |
This field varies depending on the object type; see below. |
Pubkey
Under this proposal, the encrypted part of a pubkey would be composed as follows. This can be compared to the current specification found at https://bitmessage.org/wiki/Protocol_specification#pubkey.
Field Size | Description | Data type | Comments |
---|---|---|---|
4 | behavior bitfield | uint32_t | A bitfield of optional behaviors and features that can be expected from the node receiving the message. |
1 | prefix_length | uint8_t | The number of bits from the address's prefix value that should be used. Must be in the range 0-64. |
64 | public signing key | uchar[] | The ECC public key used for signing (uncompressed format; normally prepended with \x04 ) |
64 | public encryption key | uchar[] | The ECC public key used for encryption (uncompressed format; normally prepended with \x04 ) |
1+ | nonce_trials_per_byte | var_int | Used to calculate the difficulty target of messages accepted by this node. The higher this value, the more difficult the Proof of Work must be before this individual will accept the message. This number is the average number of nonce trials a node will have to perform to meet the Proof of Work requirement. 1000 is the network minimum so any lower values will be automatically raised to 1000. |
1+ | extra_bytes | var_int | Used to calculate the difficulty target of messages accepted by this node. The higher this value, the more difficult the Proof of Work must be before this individual will accept the message. This number is added to the data length to make sending small messages more difficult. 1000 is the network minimum so any lower values will be automatically raised to 1000. |
1+ | sig_length | var_int | Length of the signature |
sig_length | signature | uchar[] | The ECDSA signature which covers everything from the object header starting with the time, then appended with the decrypted data down to the extra_bytes. This was changed in protocol v3. |
XXX
Proposed Stream Structure
XXX
Node Connections
How do objects travel through the network / How do nodes connect to each other?
Node addresses are shared very widely (e.g. up to 100 node addresses per segment). It should be possible to detect and prevent the spread of fake node addresses through relatively simple testing methods.
If a node needs to send data to another segment, it needs to connect to a few nodes in that segment or an encompassing segment
Nodes should maintain many constant connections to nodes in their own segment and nearby segments (both higher and lower). Nodes of higher capacity should generally maintain more constant connections.
Examples
Creating a Bitmessage address and pubkey
- Client with address creates the pubkey object
- Client sets the first n bits of pubkey prefix nonce to match the prefix value of the address's stream
- Client sets the remaining bits of the pubkey prefix nonce randomly
- Client sends the pubkey to nodes in the address's stream or a lower stream of the same branch
- The pubkey propagates through its address's stream and all lower streams
Retrieving an address's pubkey
- Getpubkeys should be sent to the destination addres's stream
- The retrieving node should then repeatedly query nodes in that stream for the pubkey in question
Sending a message
When a client sends a message to an address, it does the following:
- Sets the first n bits of msg prefix nonce to match the identifying prefix bits from the destination address's pubkey
- Sets the remaining bits of the msg prefix nonce randomly
- Sends the msg to nodes which handle the stream matching the desination addres's identifying prefix bits OR a higher steam
Retrieving messages from the network
XXX
Notes
XXX
XXX
XXX
XXX
XXX
XXX
Unresolved Questions
Rules for nodes moving between streams
As the overall size of the network changes, nodes will need to adjust the proportion of the network traffic that they handle. This will require moving between streams. How should this be done?
Rules for addresses moving between streams
As the overall size of the network changes, addresses will need to move between streams in order to preserve the balance between anonymity and efficiency that their owner has selected. How should this be done?