Happy birthday, Bitcoin. Hello world, Nym Mixnet

On the 11th anniversary of the mining of the first block of Bitcoin, we’re announcing the launch of the Nym alpha Mixnet testnet.

The testnet was released at the recent 36th Chaos Communication Congress, the world’s largest gathering of hackers and privacy activists. Link to video here.

The Nym Mixnet is the privacy-preserving network layer we believe could be the next big step after Bitcoin for ensuring human freedom online in an era of mass surveillance. Surveillance occurs on many layers of the internet, with the hardest to defend being the network protocol itself. As a packet is sent, it reveals the sender, receiver, and much more. It’s precisely this ability to determine who is sending a packet to whom, and when, that generates metadata. As the internet was emerging in the 1990s, it was already apparent that the next war would be fought over metadata.

“Traffic analysis, not cryptanalysis, is the backbone of communications intelligence.” — Landau and Diffie, et al, Privacy on the Line (1998)

Metadata is a sitting duck for traffic analysis. It is highly exposed by network protocols like TCP/IP and UDP as it is low-volume, machine-readable, and lacks the subtleties of natural language. Even in peer-to-peer networks like the Bitcoin network, metadata is easy to collect and process by any intermediaries lurking along the length of an internet connection. Unlike the content of an actual message (such as an email or Telegram message), its collection and analysis generally does not require a warrant. Edward Snowden’s major contribution was providing evidence of the scale of NSA metadata collection and analysis.

“One major irony here is that law, which always lags behind technological innovation by at least a generation, gives substantially more protections to a communication’s content than to its metadata — and yet intelligence agencies are far more interested in the metadata — the activity records that allow them both the “big picture” ability to analyze data at scale, and the ‘little picture’ ability to make perfect maps, chronologies, and associative synopses of an individual person’s life, from which they presume to extrapolate predictions of behavior.” — Edward Snowden, Permanent Record (2019)

If the NSA can collect network metadata over the entire internet, it is likely that private companies like Chainalysis can do the same traffic analysis on the Bitcoin network. These kinds of attacks will simply become easier as the cost of machine-learning and storage go steadily down over the next decade.

Mixnets to end mass surveillance

There are already technological solutions that can defend against network-level surveillance: mixnets. Invented by David Chaum in his paper “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms” (1981) mixnets like Mixminion were implemented in anonymous “cypherpunk” email remailers in the 1990s but were overtaken in popularity by the faster, if less anonymous onion-routing system Tor.

For asynchronous, message-based systems (like those used in e-voting and cryptocurrencies), mixnets can preserve the privacy of packets even when an adversary can observe the entire network, which Tor cannot. Like Tor, the Nym mixnet is a generic solution that can help make any internet connection privacy-preserving by anonymizing the packets themselves.

Nym has been working on a new kind of fast, probabilistic mixnet based on the Loopix design by Ania Piotrowska (Nym) and Nym co-founder George Danezis (Libra). David Chaum has also been working on a new deterministic mixnet design called Elixxir. Other designs, such as DC-Nets (also invented by Chaum) suffer from known scalability issues. How Nym compares in detail to Tor and decentralized VPNs such as Brave’s VPN0 design and Orchid will be analyzed in a later article.

Comparing the Nym Mixnet to VPNs and Tor

The internet’s network infrastructure is by default not private, leaving users with few protections. This applies to both TCP/IP as well as the UDP packets used in many streaming and peer-to-peer networks. A simple ranking is given, along with a diagram to illustrate the intuitive differences between the state-of-the-art defending network metadata against surveillance.

Default: A user’s access to services is exposed to any observer and linkable to their identity through most browsers and apps. The content of the messages is easily readable as the packets are delivered in plaintext. Many peer-to-peer networks still use unencrypted packet formats (!) Security: 0/10

Transport Layer Security: TLS encrypts a user’s access to services so that only the service meant to receive the packets can decrypt the user’s content. Though message content is obfuscated from adversaries, the service a user accesses can easily identify and link users via the leaking of IP addresses or other information. The using of a particular service (the metadata) is not obfuscated from external adversaries using traffic analysis. Security: 1/10

Virtual Private Network: Centralized VPNs act as a trusted third party that simply re-transmits sent packets. All user activity is observable and linkable to the VPN provider, and anyone who can observe both the VPN’s input and output can link the user to the service. Only a weak adversary observing the VPN’s input or output — but not both! — is defended. Security: 2/10

End-to-end Encryption: Used in applications like WhatsApp or Signal and unlike TLS, EE2E only protects the content of the messages from the server itself, but exposes all the metadata of who messages who and when to anyone observing the centralized server (or set of decentralized servers for applications like Matrix). That social graph is all you need to do traffic analysis and extract profiles and other information needed to identify and link users. Security: 4/10

Tor: Protects against certain kinds of metadata being revealed, primarily the IP address that can be used to identify a user. Tor is susceptible to end-to-end correlation of packets and even website fingerprinting since it does not alter traffic flows — an intermediary who can observe both input of packets into a Tor entry node and their output from an exit node can link packets by correlating their number and timing. Security: 6/10

How Nym solves the privacy problem

Traffic analysis is significantly harder to prevent than standard content analysis techniques like deep packet inspection. To defeat it poses a few key challenges:

To hide timing and prevent end-to-end correlation that links the source and destination of packets, you must reorder packets and obfuscate their timing

To hide quantity (and timing of on/off usage), you must generate cover traffic

To hide destination, you must use proxies and timing obfuscation

The Nym Mixnet, based on the Loopix anonymity protocol, comprehensively addresses these vulnerabilities. It routes packets individually and adds delays to reorder them, which destroys the observer’s ability to correlate input and output traffic based on timing, order, or traffic-flow characteristics.

Timing Obfuscation: Latency is added at each hop to prevent correlation of messages based on timing.

Cover Traffic: Decoys are added to hide activity and evade traffic analysis (less cover is needed as more real traffic enters the network.

Multiple Hops: Traffic is routed through multiple nodes to unlink origin and destination and not rely on a single point of failure.

Nym is:

End-to-end encrypted to ensure no node leaks data. Packets are encrypted in layers so that intermediaries see different, unlinkable versions of messages

More anonymous at scale as new nodes add capacity to match the traffic

Able to guarantee anonymity with just one honest mix-node in a message route

Security: 10/10

Next steps for the Nym Mixnet

We are adding new mix-nodes every day and preparing to send anonymized packets over the Nym mixnet, which we’ll move to beta stage in Q2 2020, making it fully operational and decentralized for cryptocurrencies with the use of Nym credentials. To get involved, join our mailing list or Telegram chat.

A censorship-resistant and decentralized anonymous overlay network is the natural complement to cryptocurrency. Eleven years ago, Satoshi Nakamoto minted the genesis block of Bitcoin, leaving the message “The Times 03/Jan/2009 Chancellor on brink of second bailout for banks.” Just as Bitcoin paved the path for financial freedom, the Nym network can give us the freedom to communicate freely even against global pervasive surveillance.

One small step for cypherpunks, the next giant leap for freedom.