Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Chapter 3: P2P Routing and The Immunological DHT

While the cryptography described in Chapter 2 establishes the rules of the Kinetic Protocol, the network layer is the physical battleground where those rules are enforced. Kinetic operates without a central server, blockchain, or master database. Instead, it utilizes a Distributed Hash Table (DHT) to route and store data across a fluid, constantly shifting swarm of peer-to-peer nodes.

This chapter details how Kinetic adapts the standard Kademlia routing algorithm into a hostile, mathematically rigorous “Immunological DHT” capable of defending itself against spam, Eclipse attacks, and Sybil swarms.

1. The Basics of Kademlia Routing

Kinetic’s networking stack is built on libp2p, specifically utilizing the Kademlia DHT protocol.

In a traditional client-server model, locating data is trivial: you ask the central server. In a completely decentralized network consisting of thousands of anonymous laptops and servers globally, finding the specific node that holds the IP address for apple.kin is a complex computer science problem.

Kademlia solves this by treating both nodes and data as points in a massive, mathematically uniform space (typically a 256-bit keyspace).

The XOR Distance Metric

When you start a Kinetic Daemon, it generates a unique cryptographic identity (a PeerId). When you register a name like apple.kin, that name is hashed into a 256-bit key (\(K = H(\text{“apple.kin”}) \)).

Kademlia routes data by calculating the “distance” between two keys using the exclusive OR (XOR) bitwise operation:

\[ \text{Distance}(A, B) = A \oplus B \]

This XOR metric is brilliant because it is perfectly symmetric (\(A \oplus B = B \oplus A\)), unidirectional, and satisfies the triangle inequality.

When your node wants to find the payload for apple.kin, it asks its closest known peers, “Do you know who is closer to \(K\)?” Those peers respond with nodes they know that are mathematically closer to \(K\). This process repeats iteratively. Because of the XOR topology, the search space halves with every hop. It guarantees that any node or piece of data in the network can be found in exactly \(O(\log N)\) network hops, regardless of how massive the network scales.

2. Why Standard Kademlia Fails for Naming Systems

Kademlia is a routing marvel, but it was designed as a “blind” bulletin board.

In standard Kademlia, if Node A sends a PUT request containing 2 kilobytes of arbitrary data to Node B, Node B simply stores it. Kademlia assumes a relatively friendly network.

If we deployed the Kinetic Protocol on standard Kademlia, it would instantly collapse. A single malicious attacker could open thousands of connections and spam millions of fake Reveal payloads filled with garbage data. The DHT nodes would blindly accept the data, instantly exhausting their hard drives and bandwidth, resulting in a catastrophic Denial of Service (DoS).

To survive in an adversarial environment, Kinetic implements an Immunological DHT.

3. The Immunological DHT: Competitive Gossip

Kinetic fundamentally alters Kademlia by decoupling data availability from state validation, moving consensus to the routing layer itself.

Inside kinetic-network, the standard libp2p Kademlia implementation is augmented with a highly customized KineticRecordStore. This store acts as a cryptographic firewall.

Active Mathematical Filtering

When a Kinetic node receives a PUT request for a domain, it does not blindly store it. Instead, before a single byte touches the disk or is propagated to other peers, the node executes the following deterministic validation loop:

  1. Format Validation: Does the payload correctly deserialize into a Reveal or Heartbeat struct?
  2. Signature Verification: Is the Ed25519 signature valid against the embedded public key?
  3. VDF Mathematical Proof: Does the Chia VDF proof cleanly verify the commitment hash and the required number of iterations?

If the payload fails any of these checks, the node instantly rejects the record.

This mechanism is called Competitive Gossip. The network acts as an active immune system. Cryptographically invalid data is destroyed upon contact. An attacker cannot flood the network with fake domain claims because honest nodes refuse to store them and refuse to gossip them to their neighbors. Only mathematically pristine data consumes storage space.

Lightweight Hashcash Proof-of-Connection

What if an attacker tries to execute a CPU exhaustion attack by sending millions of mathematically invalid VDFs to a single honest node, forcing the node to constantly verify (and reject) them?

While VDF verification is extremely fast (\(O(\log T)\)), it still requires CPU cycles. To mitigate this, Kinetic nodes implement a lightweight Hashcash PoW at the connection layer.

When a peer connects, they are required to solve a trivial, 50-millisecond Hashcash puzzle before they are allowed to submit DHT requests. If a peer submits a mathematically invalid VDF, their “reputation” drops. If they submit multiple invalid VDFs, the honest node drops the TCP connection entirely and bans their IP address. To reconnect and resume the attack, the attacker must pay the Hashcash PoW again.

This makes sustained CPU exhaustion attacks economically irrational, as the attacker burns vastly more compute power generating the connections than the honest node burns verifying the VDFs.

4. Redundant Deterministic Storage (Mitigating Eclipse Attacks)

The final, most critical vulnerability in any DHT is the Eclipse Attack.

In standard Kademlia, data is stored at a single specific key \(K = H(\text{“apple.kin”})\). If an adversary wants to censor apple.kin, they can generate thousands of Sybil nodes with PeerIds mathematically adjacent to \(K\). Eventually, the attacker’s malicious nodes become the authoritative storage peers for \(K\).

When an honest user queries apple.kin, their request routes directly to the attacker’s nodes. The attacker simply replies “Record Not Found” or serves an outdated payload. The honest payload is effectively “eclipsed” from the network.

Because Kinetic client-side validation can only verify data it receives, the client has no way to know the true payload was censored.

Multi-Key Scattering

To definitively neutralize Eclipse attacks without resorting to centralized servers, Kinetic utilizes Redundant Deterministic Storage.

Instead of storing the payload at a single key \(K\), the registrant’s daemon mathematically scatters the exact same signed payload across \(M\) independent, uncorrelated locations in the DHT.

The keys are derived using a domain-separated cryptographic hash: \[ K_i = H(\text{“apple.kin”} \parallel i \parallel \text{“kinetic-dht”}), \quad \text{for } i \in {0, 1, \dots, M-1} \]

Because the hash function acts as a random oracle, \(K_0\), \(K_1\), and \(K_2\) are located in completely different, uniformly random sectors of the global Kademlia keyspace.

When an honest user wants to resolve apple.kin, their client fires off \(M\) parallel Kademlia GET queries to all locations simultaneously. It then takes the union of all returned payloads, validates their VDFs, and selects the genuine record.

The Probabilistic Impossibility of Eclipsing

Why is this so powerful?

Let’s assume a highly capable attacker controls an astounding 20% (\(f = 0.2\)) of all nodes in the global Kinetic network. The probability of the attacker successfully clustering enough Sybil nodes to eclipse a single key is roughly equal to \(f\).

If Kinetic uses \(M = 5\) redundant keys, the keys are mathematically independent. The probability that the attacker successfully eclipses all 5 keys simultaneously is:

\[ P(\text{total eclipse}) = f^M = (0.2)^5 = 0.00032 \text{ (or 0.03%)} \]

If the client increases \(M\) to 10:

\[ P(\text{total eclipse}) = (0.2)^{10} = 0.0000001024 \text{ (or 0.00001%)} \]

By simply duplicating a 2-kilobyte payload across a few independent keys, the probability of an Eclipse attack drops from a distinct threat to a statistical impossibility. The marginal bandwidth overhead for the user is practically zero, but the censorship resistance is multiplied exponentially.

Through Competitive Gossip, Hashcash PoW, and Redundant Deterministic Storage, Kinetic transforms the naive Kademlia DHT into an impenetrable fortress of data availability.