Endpoint to endpoint encryption

MicroCash sources as I received them had no encryption in the node to node communication. In any peer to peer application peers will send many messages to each other to update each other on what is happening on the network. I decided that much like bit-torrent applications it will be wise to encrypt all communications on the MicroCash network.

Since the main reason encryption is used on peer to peer networks is for packet obfuscation it doesn’t necessarily need to be high end encryption. The bit-torrent protocol went with RC4 for these reasons. After all we don’t really care if the NSA can decrypt our peer to peer contents as those contents aren’t sensitive. What we want to stop is casual snooping and ISPs which may block or throttle our MicroCash peers on the internet.

Another reason we can’t really go with high end encryption is the fact that our network needs to operate in “Real time”. If we have thousands of transactions per second wizzing around the world we don’t want them to be slowed down too much. We also don’t want our nodes to be overburdened when it comes to CPU usage.

With MicroCash I went with a slightly custom TEA (tiny encryption algorithm) using CBC. When a node tries to first connect to another node it sends it some random garbish that will look literally like some garbage packet. However hidden within that random garbage is a key that will be used to decode future messages. We don’t just send the 16 bytes needed to say “this is our decryption key”, that would be too easy. Instead I require that some “Work” be done to interpret that random garbage and only after that work is done can the correct key be pulled from the random garbage. This extra work may be more paranoid than is actually needed, but I thought it was neat.

After that first garbage packet is sent from a node we send it our garbage packet (our decryption key) and await the “HELLO” encrypted message which we can decrypt using the key we retrieved. All packets hence forth will contain extra bytes padded to the real packet. These extra bytes require more work to interpret an “initialization vector” for the decryption.

All in all this means that every byte that is sent from your node to another node will literally look like random garbage to your ISP, web host or a nosy network admin. They will have not much idea what you are doing and will have extreme difficulty in shutting down the MicroCash nodes.

%d bloggers like this: