Session

Session encrypted messenger protect anonymity with crypto and blockchain tech — people walking connected by green lines representing Session service node network

Sybil disobedience: How Session protects your anonymity using blockchain and crypto tech

‘Blockchain’: The buzziest buzzword of the last decade. You’ve probably heard claims about how blockchain is going to ‘revolutionise’ every industry, and how it’s the ‘future’ of security, privacy, data storage, and more. But blockchain has struggled to find meaningful real-world applications, and for most people, the word feels like vaporware — or worse, a shameless cash-grab by companies trying to scam their customers.

‘Cryptocurrency’ hasn’t fared much better, either as a buzzword or as a product. Very few cryptos have delivered on their grand promises, and the ones that have are facing ever-stricter government regulation. Just like wider blockchain tech, crypto hasn’t gotten mainstream adoption, and real-world use cases are still pretty limited.

Even more worryingly, the last five years have seen plenty of fraudulent blockchain and cryptocurrency projects rise to prominence, and dishonest (or simply incompetent) ‘altcoin’ or ‘shitcoin’ projects seemingly outnumbering legitimate projects that can actually deliver.

Session bucks this trend of empty promises — we’ve built a real product that leverages a cryptocurrency blockchain to provide a useful, and even vital, service: secure, highly anonymous encrypted communications.

But why does Session even need a cryptocurrency, or the blockchain?

Session and the blockchain: Back to basics

You might’ve heard us talk about the Service Node network — the community-operated decentralised network that runs Session. Decentralisation is Session’s ace in the hole (for more on why decentralisation is so crucial, check out our article on centralisation vs. decentralisation). But what does that have to do with blockchain?

At its core, a blockchain is a ledger of transactions, and each block in the chain is made up of a set of transactions, a cryptographic hash of the previous block in the chain, and a hash of itself. (Blocks also include the solution to a complex mathematical puzzle — but that’s beyond the scope of this article. For more on how blockchains work, check out the primer on the Loki blog.) New blocks of transactions are validated by ‘full nodes’ or ‘masternodes’ — user-operated computers on the blockchain network. These nodes work together to decide which transactions are valid, and the order they’re entered into the blockchain ledger. And in a properly decentralised blockchain, participation is permissionless — that means there’s no central authority that gets to decide who can (or can’t) run a node. 

Loki Service Nodes: Servers at your service

The Loki blockchain doesn’t just have full nodes or masternodes — it has Service Nodes. What’s the difference? In a nutshell, Loki Service Nodes do all the typical full node tasks, like validating new blocks, and storing the blockchain. But Service Nodes also provide services to the network above and beyond those basics — including securely routing Session messages from person to person. Session’s onion routing technology limits the information any one Service Node has about messages being sent — they only know the IP address of the previous and following nodes in the message routing chain. This means it’s not possible for any one Service Node to figure out who’s talking to whom.

The Service Node network is the backbone of Session’s secure messaging system. But here, we run into a problem. If anyone can run a Service Node, couldn’t one attacker start up a bunch of malicious Service Nodes and swarm the network with them? And if suddenly every node in a message routing chain was controlled by the same attacker, couldn’t this compromise Session’s anonymity?

This kind of attack is called a Sybil attack, and it’s a real danger for most decentralised networks — with no barrier to entry, a malicious actor can simply start up an overwhelming amount of nodes and gain control of (or simply spy on) the network.

Luckily, Session has a solution.

Sybil war: Session’s market-based Sybil resistance

TL;DR:

‘Sybil resistance’ is why the cryptocurrency element is important. There’s a financial barrier (in the form of a $LOKI cryptocurrency staking requirement) to starting up a Loki Service Node, making it prohibitively expensive for an attacker to start up enough nodes to execute a Sybil attack on Session’s network.

The long version:

On many decentralised networks, starting up a new node is as simple as turning on your PC (or renting a VPS), installing the network’s node hosting software, and turning it loose onto the network. This makes it relatively simple for a third party to start up dozens or even hundreds of nodes and conduct a Sybil attack.

Attacking the Loki network isn’t quite so simple. To run a Loki Service Node, a prospective node operator has to ‘stake’ — temporarily lock up — a certain amount of the Loki cryptocurrency. In return for providing services to the network, Service Node operators are periodically rewarded with a portion of the Loki block reward. This incentive helps to keep the network healthy, and drives network growth to further strengthen the network.

Only nodes that have met the staking requirement (18,352, at the time of writing) are allowed to participate in the network — if a node hasn’t met the staking requirement, it cannot participate in building the blockchain, routing Session messages, or providing any of the other services in the Loki privacy suite.

Most of the time, getting enough Loki to run a node will require purchasing from the market. At any one time, there is a finite amount of Loki available to purchase, and basic supply and demand principles mean that as the amount of available Loki dwindles, the price increases accordingly.

This supply-demand effect is further reinforced by something called lock-up. If Loki is staked to a Service Node, it can’t be moved or traded — meaning that the purchasable supply reduces as the number of Service Nodes increases. If a prospective attacker attempted to buy up a massive amount of Loki (in order to stake a large number of nodes), the cost would ramp up as they purchased, making it extremely expensive to actually conduct a successful Sybil attack.

The staking requirement, enabled by the Loki cryptocurrency, gives the Loki Service Node network — and, by proxy, Session — what we refer to as ‘market-based Sybil resistance’.

The nitty-gritty:

The Loki staking requirement (LSR) is continuously adjusted by an algorithm to maintain the economic stability of the Loki cryptocurrency. To view the current LSR, along with other stats and info about the $LOKI blockchain, check out the Loki Dashboard. You can read more about the rationale behind the Loki staking requirement in the Loki Whitepaper, the Loki Economic Proposal, and the initial Loki Cryptoeconomics Paper (warning: Highly technical!)

Running a Service Node lets you give back to the Session and Loki communities, while also receiving cryptocurrency rewards. Interested? Check out Loki’s Service Node (a.k.a. masternode) rewards calculation guide, which includes all the info you’ll need to set up your very own Service Node.

Okay, but why not [Bitcoin/Lightning/Monero/my favorite crypto]?

We’ve seen lots of people wondering why we didn’t simply use an established crypto as the basis for the project, and it’s a reasonable question: so here’s our reasoning.

The first reason: Incentivisation. 

Or, why not Bitcoin/Lightning?

The fundamental reason that we couldn’t use an existing crypto, such as Bitcoin, is that we need to incentivise Service Nodes by rewarding them with crypto in return for their services. We couldn’t do this in another coin’s economy, since we wouldn’t be able to modify their blockchain algorithm to create new crypto with which to reward Service Nodes. The only other alternative, which we would have to adopt if we built Session on something like the Lightning Network, would be to charge per message sent in Session — but this would be a significant barrier to Session’s adoption.

The second reason: Foundational changes.

Or, why not Monero?

If anonymity is the issue, why fork Monero, and not just use Monero itself?

Essentially, we needed to make some foundational changes to the Monero blockchain to support the Service Node architecture we’d envisioned, and integrating those changes into Monero would have been difficult, if not impossible, because Monero’s main values do not include developing ancillary privacy tools based on their network. Instead, we forked the Monero codebase — leaving it open-source, of course — and began making the changes and additions necessary to support the additional privacy services we wanted to provide, such as instant messaging. In keeping with the open-source ethos of collaboration and community spirit, we’ve contributed back to Monero in several ways, including adding IPv6 support and helping to fund Monero’s research lab. 

Conclusion

Session is a rare beast in the blockchain world: a tangible, functional product with a robust feature set, supported by extensive documentation, and backed by a certified non-profit foundation. The Loki blockchain gives Session its network of Service Nodes, and the Loki crypto gives the network its market-based Sybil resistance properties — solving a crucial problem that many other decentralised networks continue to struggle with. Session, the Loki blockchain network, and the Loki cryptocurrency are three crucial pieces of the online privacy puzzle, and they create a network that’s much more than the sum of its parts.

Over and above all of that, though, Session marks another sort of milestone for blockchain-based tech: Session provides security and anonymity using the blockchain — without making the experience all about blockchain.

If blockchain-based tech is to go truly mainstream, the blockchain itself needs to fade into the background. Think of it like this: you don’t need to know about the protocols behind your email provider; you just need to know that it sends emails. Session’s users leverage the power of the blockchain every time they send a message — without ever having to know about it. That’s what makes Session a truly different breed of blockchain project.

Leave a Comment

Your email address will not be published. Required fields are marked *