Practical DDR
From Pfyshnet
The first problem with DDR is how new nodes associate with routing groups. If a new node were able to simply pick what groups it wanted to belong to, then an attacker could simply start joining all the groups until it amassed a collection of all the group keys. Then any DDR onion would be transparent to the attacker. Therefore, Pfyshnet needs a mechanism to keep attackers from being able to join groups at will. First we require that each node generate a completely unique key pair (encryption and DSA - El Gamal, P and G must also be new) with a minimum size and strength. Other nodes will not accept the new node if its public keys do not meet the size and strength requirements. The largest most difficult prime of the public key (P) is hashed to form the node's ID. Other nodes will not accept a new node if the ID is already in use by a different node. The ID is used to determine what groups the node belongs to. This mechanism means that extensive resources would be needed to attempt to direct a node's group membership.
The first most significant 2 bits of the ID indicate the primary routing level group that the new node will participate in. The first 4 most significant bits indicate the 2nd level routing group. The first 6 most significant bits indicate the 3rd level routing group. This continues until all possible routing levels for the node are identified. The node's public keys (Encryption and DSA) and connection information (IP, Port) are combined and signed to form a Hello Packet. The Hello Packet is sent to other nodes. If a node accepts the packet then it adds the data to its database. Hello Packets are also used when a node's connection information has changed (due to DHCP). Other nodes will accept the updated connection information if the signature of the packet verifies with the DSA public key already in its database. Each Hello Packet is identified by a unique number, if a node has already seen a given Hello Packet it does not forward it on to other nodes.
Nodes can connect to a node and ask for information about other nodes. Hello Packets for a number of nodes picked randomly are sent to the querying node, but first the querying node must send its Hello Packet. This means that any node being queried will also get information about the node doing the querying. Nodes will only accept so many queries from a given node over a period of time. As a node learns about more nodes, it will randomly query those nodes based on the depth of routing group they have in common. For example, if a node learns about another node that it shares the same 3rd level group with, it is more likely to query that node than it is to query a node that it only shares the 1st level routing group with. This means that the deeper routing groups are more likely to know all of the nodes in the network that are in the same group, while still allowing nodes to know about other nodes outside their groups.
Once a node has learned of a number of other nodes in the same routing group it will start to generate new key pairs for those groups. Once the new key pair has been generated it combines it with its ID and signs it to form a Group Key Packet (GKP). It transmits its new GKP encrypted to other nodes in the group it was generated for. If a node was off during GKP propagation it can query other nodes in its groups for new keys when it turns on. A node will only accept a query for GKP's from a node it knew of before the GKP's propagated. This keeps new nodes from learning all old group keys for security purposes.
When a node receives a GKP it checks the Routing Level group the key was generated for and makes sure it and the source node have the group in common. Then it makes sure it has not already accepted a GKP from this node for this group. If it has not, it accepts the GKP and forwards it to many other nodes within the same group. When a node has been offered a GKP multiple times (indicating wide distribution), it starts to use its group key for creating Route Specifications.
Here are the latest simulation results that shows the performance of practical DDR:
