P2P-Zone - View Single Post - How would you manage identities in decentralized p2p?

TankGirl · 05-09-02, 05:06 PM

We have lately seen the death of several centralized p2p networks: Napster, AudioGalaxy and Aimster being the showcase victims of content industry harassment. True decentralization is clearly the way to go to have safe p2p networks. If any willing user can easily initiate the formation (or re-formation) of the network from anywhere in the world, it becomes virtually impossible to kill. Gnutella is a living proof-of-concept for this principle.

Decentralization means that there will be no outside authority – VeriSign, MicroSoft or Napster - to keep books of who is who in the network. No trusted third party will be there to guarantee that peers really are really whom they claim to be. We have to know it and remember it ourselves. To do that we need unique, permanent and verifiable peer identities. Nicks (even with random additions such as we have seen in WinMX's WPN) are unsuitable for this as peers can pick and change their nicks freely, and there will be no outside authority to prevent nick collisions.

What would you use as a unique, permanent and verifiable peer identifier in these circumstances?

My own candidate would be the public encryption key from an asymmetric crypto key pair. It would be relatively easy to make unique. Even moderate key lengths (say 160 bits for elliptic curve cryptography) combined to some quality randomness in the key picking process would make the probability of an identity collision astronomically small. Strong public keys would also be very persistent, as it would take months of processor time from dedicated server farms to break them. And they would also be nicely verifiable as only the real owner of the private key would be able to prove his/her identity when so asked.

Your thoughts?

- tg

05-09-02, 05:06 PM	#1
TankGirl Madame Comrade Join Date: May 2000 Location: Area 25 Posts: 5,587	How would you manage identities in decentralized p2p? We have lately seen the death of several centralized p2p networks: Napster, AudioGalaxy and Aimster being the showcase victims of content industry harassment. True decentralization is clearly the way to go to have safe p2p networks. If any willing user can easily initiate the formation (or re-formation) of the network from anywhere in the world, it becomes virtually impossible to kill. Gnutella is a living proof-of-concept for this principle. Decentralization means that there will be no outside authority – VeriSign, MicroSoft or Napster - to keep books of who is who in the network. No trusted third party will be there to guarantee that peers really are really whom they claim to be. We have to know it and remember it ourselves. To do that we need unique, permanent and verifiable peer identities. Nicks (even with random additions such as we have seen in WinMX's WPN) are unsuitable for this as peers can pick and change their nicks freely, and there will be no outside authority to prevent nick collisions. What would you use as a unique, permanent and verifiable peer identifier in these circumstances? My own candidate would be the public encryption key from an asymmetric crypto key pair. It would be relatively easy to make unique. Even moderate key lengths (say 160 bits for elliptic curve cryptography) combined to some quality randomness in the key picking process would make the probability of an identity collision astronomically small. Strong public keys would also be very persistent, as it would take months of processor time from dedicated server farms to break them. And they would also be nicely verifiable as only the real owner of the private key would be able to prove his/her identity when so asked. Your thoughts? - tg