One thing the GNUnet DHT does right - Typed records

After spending days archicturing and building my own decentralized public key infrastructure. I find myself consistantly thinking about how attackers can DoS my system or how the trust model is flawed. Then I come up with a solution and realize GNUnet already has something like it built in. Typed DHT records.

One thing I didn't understand when I started using GNUnet was why the hell are there so many different types of records? I get that you might want to prioritize storing some records over others. But there's already a priority system. Furthermore, every record is validated before sending it to the DHT. It's so annoyning that I've to always specify the TEST record type when I'm testing my library.

Turns out this can be helpful defending Denial of Service. One type of attack is to flood the DHT with bogus records, under the target key. Say you wish to put your public key and other misc info in the DHT. The strightforward way is to publish it under HASH(public_key). But this opens the attacker to retrieve your public key and publish garbage under the same DHT key. One solution is to encrypt you public key with it's own hash. Then publish the encrypted public key under a double hashing scheme HASH(HASH(public_key)), then share HASH(public_key) with your friends. This way, only you and your friends can decrypt the public key. But a sophisticated attacker can still intercept HASH(HASH(public_key)) and publish garbage under the same key. Your friends will then have to filter though potentially thousands of bogus records to find the real one.

With typed records. Nodes validate if a record is valid given it's type. If not it refuses to cache, propergate nor return said record. In such scheme. You publish your public key as public_key .. SIGN(public_key, private_key) under HASH(public_key). Since most nodes are well behaved and the attackers don't have your private key. They can't publish such record due to unable to forge the signature and the hash. If they modify their node to do so, their peers will refuse to propergate. Rendering the attack worthless, makes their present noticible and keep attacks localized.

The same "validate record agaisnt itself and the key" approach can also be used to create self-authenticating messages. Instead of signing the message with your private key. Just publish the message, in it's entirety, under HMAC(message, nonce), where nonce is a part of the message. Nodes can compute the MAC and verify the message. This way attackers cannot just dump garbage and pollute the DHT nor extension attacks works against this scheme.

As of writing of this pose, GNUnet message types are very specific to a propuse. Like DHT hello. I'll likely to propose generic self-authenticating message type. I've my work cut out for me.