framework release , designed to build secure decentralized P2P networks. Networks created using GNUnet do not have a single point of failure and are able to guarantee the inviolability of users' private information, including eliminating possible abuse by intelligence agencies and administrators who have access to network nodes. The release is marked as containing significant protocol changes that break backward compatibility with versions 0.11.x.
GNUnet supports the creation of P2P networks over TCP, UDP, HTTP/HTTPS, Bluetooth and WLAN, and can work in F2F (Friend-to-friend) mode. NAT traversal is supported, including using UPnP and ICMP. A distributed hash table (DHT) can be used to address data placement. Tools are provided for deploying mesh networks. To selectively grant and revoke access rights, a decentralized exchange of identification attributes service is used , GNS (GNU Name System) and attribute-based encryption ().
The system features low resource consumption and uses a multi-process architecture to provide isolation between components. Provides flexible tools for logging and accumulation of statistics. To develop end applications, GNUnet provides an API for the C language and bindings for other programming languages. To simplify development, it is proposed to use event loops and processes instead of threads. It includes a test library for automatically deploying experimental networks covering tens of thousands of peers.
Main new features of GNUnet 0.12:
- In the decentralized GNS domain name system (GNU Name System), changes have been made to the key generation protocols (to comply with the evolving future standard). Domain names and tags in UTF-8, without using IDNA punycode notation. An NSS plugin has been proposed for processing non-standard IDNA names. Also added a plugin to block requests from root (GNUnet should never be run as root).
- In GNS and (Network Size Estimation) the proof of work algorithm used when revoking a domain zone has been changed. The changes are associated with the increasing complexity of calculations on specialized ASICs.
- The plugin with the implementation of transport over UDP has been transferred to the experimental category due to stability problems;
- and the binary format for RSA public keys is documented;
- unnecessary hashing in EdDSA digital signatures;
- Added the ability to install the gnunet-logread script to audit logs;
- ECDH implementation translated into code ;
- Many problems in the assembly system have been resolved. Removed from dependencies
(GNU Linear Programming Kit). Added correct package description for distributions based on the package manager .
Several ready-made applications are being developed based on GNUnet technologies:
- An anonymous file sharing service that does not allow information to be analyzed by transmitting data only in encrypted form and does not allow tracking who posted, searched and downloaded files using the GAP protocol.
- VPN system for creating hidden services in the ".gnu" domain and forwarding IPv4 and IPv6 tunnels over a P2P network. Additionally, IPv4-to-IPv6 and IPv6-to-IPv4 translation schemes are supported, as well as IPv4-over-IPv6 and IPv6-over-IPv4 tunneling.
- The GNS (GNU Name System) domain name system serves as a completely decentralized and censorship-proof replacement for the DNS. GNS can be used side by side with DNS and used in traditional applications such as web browsers. The integrity and immutability of records is ensured through the use of cryptographic means. Unlike DNS, GNS uses a directed graph instead of a tree-like hierarchy of servers. Name resolution is similar to DNS, but requests and responses are carried out while maintaining confidentiality - the node processing the request does not know to whom the response is being sent, and transit nodes and third-party observers cannot decipher requests and responses;
- GNUnet Conversation service for making voice calls over GNUnet. GNS is used to identify users, the content of voice traffic is transmitted in encrypted form. Anonymity is not yet provided - other peers can track the connection between two users and determine their IP addresses.
- Platform for building decentralized social networks using the protocol and supporting the distribution of notifications in multicast mode using end-to-end encryption so that only authorized users can access messages, files, chats and discussions (those to whom messages are not addressed, including site administrators, will not be able to read them);
- System for organizing encrypted e-mail , which uses GNUnet to protect metadata and supports various for key verification;
- Payment system , which provides anonymity for buyers, but tracks seller transactions for transparency and tax reporting. Work with various existing currencies and electronic money is supported, including dollars, euros and bitcoins.
Source: opennet.ru