Sybil disobedience: How Session protects your anonymity using blockchain and crypto tech
February 26, 2020 / Technical
‘Blockchain’: The buzziest buzzword of the last decade. You’ve probably heard claims about how blockchain is going to ‘revolutionise’ every industry, and how it’s the ‘future’ of security, privacy, data storage, and more. But blockchain has struggled to find meaningful real-world applications, and for most people, the word feels like vaporware — or worse, a shameless cash-grab by companies trying to scam their customers.
‘Cryptocurrency’ hasn’t fared much better, either as a buzzword or as a product. Very few cryptos have delivered on their grand promises, and the ones that have are facing ever-stricter government regulation. Just like wider blockchain tech, crypto hasn’t gotten mainstream adoption, and real-world use cases are still pretty limited.
Even more worryingly, the last five years have seen plenty of fraudulent blockchain and cryptocurrency projects rise to prominence, and dishonest (or simply incompetent) ‘altcoin’ or ‘shitcoin’ projects seemingly outnumbering legitimate projects that can actually deliver.
Session bucks this trend of empty promises — we’ve built a real product that leverages a cryptocurrency blockchain to provide a useful, and even vital, service: secure, highly anonymous encrypted communications.
But why does Session even need a cryptocurrency, or the blockchain?
Session and the blockchain: Back to basics
You might’ve heard us talk about the Service Node network — the community-operated decentralised network that runs Session. Decentralisation is Session’s ace in the hole (for more on why decentralisation is so crucial, check out our article on centralisation vs. decentralisation). But what does that have to do with blockchain?
At its core, a blockchain is a ledger of transactions, and each block in the chain is made up of a set of transactions, a cryptographic hash of the previous block in the chain, and a hash of itself. (Blocks also include the solution to a complex mathematical puzzle — but that’s beyond the scope of this article. For more on how blockchains work, check out the primer on the Oxen blog.) New blocks of transactions are validated by ‘full nodes’ or ‘masternodes’ — user-operated computers on the blockchain network. These nodes work together to decide which transactions are valid, and the order they’re entered into the blockchain ledger. And in a properly decentralised blockchain, participation is permissionless — that means there’s no central authority that gets to decide who can (or can’t) run a node.
Oxen Service Nodes: Servers at your service
The Oxen blockchain doesn’t just have full nodes or masternodes — it has Service Nodes. What’s the difference? In a nutshell, Oxen Service Nodes do all the typical full node tasks, like validating new blocks, and storing the blockchain. But Service Nodes also provide services to the network above and beyond those basics — including securely routing Session messages from person to person. Session’s onion routing technology limits the information any one Service Node has about messages being sent — they only know the IP address of the previous and following nodes in the message routing chain. This means it’s not possible for any one Service Node to figure out who’s talking to whom.
The Service Node network is the backbone of Session’s secure messaging system. But here, we run into a problem. If anyone can run a Service Node, couldn’t one attacker start up a bunch of malicious Service Nodes and swarm the network with them? And if suddenly every node in a message routing chain was controlled by the same attacker, couldn’t this compromise Session’s anonymity?
This kind of attack is called a Sybil attack, and it’s a real danger for most decentralised networks — with no barrier to entry, a malicious actor can simply start up an overwhelming amount of nodes and gain control of (or simply spy on) the network.
Luckily, Session has a solution.
Sybil war: Session’s market-based Sybil resistance
‘Sybil resistance’ is why the cryptocurrency element is important. There’s a financial barrier (in the form of a $OXEN cryptocurrency staking requirement) to starting up a Oxen Service Node, making it prohibitively expensive for an attacker to start up enough nodes to execute a Sybil attack on Session’s network.
The long version:
On many decentralised networks, starting up a new node is as simple as turning on your PC (or renting a VPS), installing the network’s node hosting software, and turning it loose onto the network. This makes it relatively simple for a third party to start up dozens or even hundreds of nodes and conduct a Sybil attack.
Attacking the Oxen network isn’t quite so simple. To run a Oxen Service Node, a prospective node operator has to ‘stake’ — temporarily lock up — a certain amount of the Oxen cryptocurrency. In return for providing services to the network, Service Node operators are periodically rewarded with a portion of the Oxen block reward. This incentive helps to keep the network healthy, and drives network growth to further strengthen the network.
Only nodes that have met the staking requirement (15000 $OXEN) are allowed to participate in the network — if a node hasn’t met the staking requirement, it cannot participate in building the blockchain, routing Session messages, or providing any of the other services in the Oxen privacy suite.
Most of the time, getting enough Oxen to run a node will require purchasing from the market. At any one time, there is a finite amount of Oxen available to purchase, and basic supply and demand principles mean that as the amount of available Oxen dwindles, the price increases accordingly.
This supply-demand effect is further reinforced by something called lock-up. If Oxen is staked to a Service Node, it can’t be moved or traded — meaning that the purchasable supply reduces as the number of Service Nodes increases. If a prospective attacker attempted to buy up a massive amount of Oxen (in order to stake a large number of nodes), the cost would ramp up as they purchased, making it extremely expensive to actually conduct a successful Sybil attack.
The staking requirement, enabled by the Oxen cryptocurrency, gives the Oxen Service Node network — and, by proxy, Session — what we refer to as ‘market-based Sybil resistance’.
Running a Service Node lets you give back to the Session and Oxen communities, while also receiving cryptocurrency rewards. Interested? Check out Oxen’s Service Node (a.k.a. masternode) rewards calculation guide, or look at our docs for information on how to set up an Oxen Service Node.
Okay, but why not [Bitcoin/Lightning/Monero/my favourite crypto]?
We’ve seen lots of people wondering why we didn’t simply use an established crypto as the basis for the project, and it’s a reasonable question: so here’s our reasoning.
The first reason: Incentivisation.
Or, why not Bitcoin/Lightning?
The fundamental reason that we couldn’t use an existing crypto, such as Bitcoin, is that we need to incentivise Service Nodes by rewarding them with crypto in return for their services. We couldn’t do this in another coin’s economy, since we wouldn’t be able to modify their blockchain algorithm to create new crypto with which to reward Service Nodes. The only other alternative, which we would have to adopt if we built Session on something like the Lightning Network, would be to charge per message sent in Session — but this would be a significant barrier to Session’s adoption.
The second reason: Foundational changes.
Or, why not Monero?
If anonymity is the issue, why fork Monero, and not just use Monero itself?
Essentially, we needed to make some foundational changes to the Monero blockchain to support the Service Node architecture we’d envisioned, and integrating those changes into Monero would have been difficult, if not impossible, because Monero’s main values do not include developing ancillary privacy tools based on their network. Instead, we forked the Monero codebase — leaving it open-source, of course — and began making the changes and additions necessary to support the additional privacy services we wanted to provide, such as instant messaging. In keeping with the open-source ethos of collaboration and community spirit, we’ve contributed back to Monero in several ways, including adding IPv6 support and helping to fund Monero’s research lab.
Session is a rare beast in the blockchain world: a tangible, functional product with a robust feature set, supported by extensive documentation, and backed by a certified non-profit foundation. The Oxen blockchain gives Session its network of Service Nodes, and the Oxen crypto gives the network its market-based Sybil resistance properties — solving a crucial problem that many other decentralised networks continue to struggle with. Session, the Oxen blockchain network, and the Oxen cryptocurrency are three crucial pieces of the online privacy puzzle, and they create a network that’s much more than the sum of its parts.
Over and above all of that, though, Session marks another sort of milestone for blockchain-based tech: Session provides security and anonymity using the blockchain — without making the experience all about blockchain.
If blockchain-based tech is to go truly mainstream, the blockchain itself needs to fade into the background. Think of it like this: you don’t need to know about the protocols behind your email provider; you just need to know that it sends emails. Session’s users leverage the power of the blockchain every time they send a message — without ever having to know about it. That’s what makes Session a truly different breed of blockchain project.
How to strip metadata from your files
January 07, 2022
Disposing of Big Tech: Building better algorithms (Part Two)
January 05, 2022
2021 retrospective: Messaging, calling, and communicating
December 29, 2021
Disposing of Big Tech: Free speech is not disposable (Part One)
December 22, 2021
Calls on Session: How to opt-in
December 20, 2021
No caller ID: Calls on Session
December 07, 2021