Cryptographic formation of an IPv6 address in Yggdrasil

Hornbeam

3 min

View Original

Subscriber IP - the logical address of the user in the network. In small networks, static addresses are usually used, manually assigned, and in more massive ones, automatic assignment via DHCP. Each segment of a LAN or WAN is the responsibility of a person or organization whose responsibilities include managing routing and controlling IP addresses.

In most cases, an arbitrary change of the address issued by the administrator does not bring any practical benefit to the subscriber, since can cut it off from the network. A more experienced user knows about address collisions and can abuse it: assign an already occupied address to his device, thereby depriving the original owner of the IP address of the ability to use the network. In ordinary networks, the administrator watches over such hooliganism, but what happens in scalable networks with automatic routing, where user control is completely absent? Let's look at the solution to this problem in the Yggdrasil Network, a scalable mesh network with end-to-end encryption and IPv6 routing in the 200::/7 network.

No fraud

Since the network is end-to-end encrypted from subscriber to subscriber, the presence of keys is obvious. Yggdrasil uses elliptic curve encryption - x25519, which implies a bunch of public and private keys. The public key is distributed freely, while the private key is securely stored and used for decryption.

The first byte “02” of the IPv6-Yggdrasil address is a constant, and then it’s more interesting: the SHA512 hash is taken from the x25519 public key, the number of leading units of which, i.e. bits set to non-zero form the second byte.

Education address Yggdrasil

The zero bit following the array of ones, as well as the first zero bit in the absence of leading ones, is truncated. The 14 bytes that follow it form the remainder of the address.

Thus, a conflict-free network is obtained, where when scaling a small network segment, for example, when connecting a local segment to a global segment through a public peer, there is no danger of an address collision. This is due to the nearly limitless set of possible x25519 keys randomly generated when Yggdrasil is first launched.

ground for thought

The SHA512 hash is 64 bytes, while the IPv6 address, even with the constant "02", is only 16 bytes, and the initial x25519 key is 32 bytes.

Some users doubt the practical benefits of such a solution and believe that it is quite possible to find keys with an address collision, because the key data array is doubled, and then only a small part (about 1/5) is taken from it, which forms IPv6. With all the desire, the model of the threat of finding different keys with the same address has not been practically confirmed, which indicates a difficultly countable number of address variations, even with such an unusual approach to their formation at first glance.

The developers of Yggdrasil tried to complicate the selection of addresses. The first continuous 1 bits create an additional address uniqueness factor. The probability of picking up a sequence from the last 14 bytes of IPv6 seems very realistic, but the overall success is less likely, because. directly depends on the number of leading units in the hash - the 2nd byte. This is where the notion of a "high address" comes from - an address with a large value in the second byte and therefore more extensive use of the 64-byte array from SHA512. Based on this, it makes sense to mine "high addresses" for serious projects.

The desire to find a collision, especially with a speculative probability of success, prompted not a single dozen people to ruthlessly mine addresses.

Просмотры: