Theoretically Provable Anonymous Network

About project

Important

The project is being actively developed, the implementation of some details may change over time. More information about the changes can be obtained from the CHANGELOG.md file.

The Hidden Lake is an anonymous network built on a micro-service architecture. At the heart of HL is the core - HLK (service), which generates anonymizing (queue based) traffic and combines many other services (HLS=filesharer, HLS=messenger, HLS=remoter and etc). Thus, Hidden Lake is not a whole and monolithic solution, but a composition of several combined services. The HL is a friend-to-friend (F2F) network, which means building trusted communications. Due to this approach, members of the HL network can avoid spam in their direction, as well as possible attacks if vulnerabilities are found in the code.

Coverage map

Releases

All cmd programs are compiled for {amd64, arm64} ARCH and {windows, linux, darwin} OS as pattern = appname_arch_os. In total, one application is compiled into six versions. The entire list of releases can be found here: github.com/number571/hidden-lake/releases.

Dependencies

1. Go library github.com/number571/go-peer (used by cmd/hlk)
2. Go library golang.org/x/net (used by cmd/hls/hls-messenger)
3. CSS/JS library getbootstrap.com (used by cmd/hls/hls-messenger,cmd/hls/hls-filesharer)

Makefile

There are a number of dependencies that represent separate applications for providing additional information about the quality of the code. These applications are not entered into the project, but are loaded via the make install-deps command. The list of applications is as follows:

1. golangci-lint github.com/golangci/[email protected]
2. go-cover-treemap github.com/nikolaydubina/[email protected]

How it works

The Hidden Lake assigns the task of anonymity to the QB-problem (queue based).

Actions within the QB-problem

Figure QB-network with three nodes

Each message m is encrypted with the recipient's key k: c = Ek(m) Message c is sent during period = T to all network participants The period T of one participant is independent of the periods T1, T2, ..., Tn of other participants If there is no message for the period T, then a false message v is sent to the network without a recipient (with a random key r): c = Er(v) Each participant tries to decrypt the message they received from the network: m = Dk(c)

---------------------------------------------------------------- ----------------------------------------------------------------

More information about Hidden Lake and QB-problem in research paper: hidden_lake_anonymous_network.pdf

List of applications

1. Basic:
   • HLK - anonymizes traffic using the QB-problem
   • HLC - runs many HL applications as one application
2. Adapters:
   • HLA=tcp - adapts HL traffic over TCP protocol
   • HLA=http - adapts HL traffic over HTTP ptotocol
3. Services:
   • HLS=messenger - messenger with a web interface
   • HLS=filesharer - file sharing with a web interface
   • HLS=remoter - executes remote access commands
   • HLS=pinger - ping the node to check the online status

Build and run

Important

As an additional level of security, it is recommended to run the Hidden Lake anonymous network in a virtual machine. This will make it possible to secure the main execution environment if vulnerabilities are found in HL, and it will also hide the operation/interaction of HL services from the main execution environment.

Launching an anonymous network is primarily the launch of an anonymizing HLK and HLA=tcp services. Simultaneous launch of these services can be performed using the HLC application. You can edit the list of running services using the hlc.yml file. There are two ways to run HLC: through source code, and through the release version.

1. Running from source code

$ go install github.com/number571/hidden-lake/cmd/hlc@latest
$ hlc

2. Running from release version

$ wget https://github.com/number571/hidden-lake/releases/latest/download/hlc_amd64_linux
$ chmod +x hlc_amd64_linux
$ ./hlc_amd64_linux

Production

The HLK node is easily connected to the production environment throw HLA=tcp. To do this, you just need to specify the network at startup. You can find them in the networks.yml file.

$ hlc --network oi4r9NW9Le7fKF9d

You can also create your own networks by copying the contents of the networks.yml file to the execution directory with the renamed name hl_networks.yml. Further, the contents of this file can be overwritten or supplemented.

Communication

To communicate with other network nodes, you must first obtain your public key, which was generated for the first time when launching HLK. To do this, you need to access the HLK API at the internal address provided in hlk.yml (by default localhost:9572).

$ curl -X GET 'http://localhost:9572/api/kernel/pubkey'

After receiving the public key, it must be transferred to the future interlocutor, as well as receive his own public key from him. Thus, an F2F handshake will occur, where each party will explicitly establish the public key of the interlocutor. To install the key of the interlocutor, you can also use the HLK API.

$ curl -X POST 'http://localhost:9572/api/config/friends' --data '{"alias_name": "friend", "public_key":"PubKey{...}"}'

Success. Now you can start communicating using the default HLS=messenger application (open internal address in the browser from hls-messenger.yml, by default localhost:9591) or, if necessary, connect additional applications such as HLS=filesharer (file sharing), HLS=remoter (remote access).

Star History

License

Licensed under the MIT License. See LICENSE for the full license text.

⬆ back to top