The release of the GNUnet 0.17 framework, designed for building secure decentralized P2P networks, has been introduced. Networks created using GNUnet do not have a single point of failure and are able to guarantee the inviolability of users' private information, including eliminating possible abuse by intelligence agencies and administrators who have access to network nodes.
GNUnet supports the creation of P2P networks over TCP, UDP, HTTP/HTTPS, Bluetooth and WLAN, and can work in F2F (Friend-to-friend) mode. NAT traversal is supported, including using UPnP and ICMP. A distributed hash table (DHT) can be used to address data placement. Tools are provided for deploying mesh networks. To selectively grant and revoke access rights, the reclaimID decentralized identity attribute exchange service uses GNS (GNU Name System) and attribute-based encryption (Attribute-Based Encryption).
The system features low resource consumption and uses a multi-process architecture to provide isolation between components. Provides flexible tools for logging and accumulation of statistics. To develop end applications, GNUnet provides an API for the C language and bindings for other programming languages. To simplify development, it is proposed to use event loops and processes instead of threads. It includes a test library for automatically deploying experimental networks covering tens of thousands of peers.
Several ready-made applications are being developed based on GNUnet technologies:
- The GNS (GNU Name System) domain name system serves as a completely decentralized and censorship-proof replacement for the DNS. GNS can be used side by side with DNS and used in traditional applications such as web browsers. Unlike DNS, GNS uses a directed graph instead of a tree-like hierarchy of servers. Name resolution is similar to DNS, but requests and responses are made in a confidential mannerβthe node processing the request does not know to whom the response is being sent, and transit nodes and third-party observers cannot decrypt requests and responses. The integrity and immutability of records is ensured through the use of cryptographic mechanisms. The DNS zone in GNS is determined using a bunch of public and private ECDSA keys based on Curve25519 elliptic curves.
- An anonymous file sharing service that does not allow information to be analyzed by transmitting data only in encrypted form and does not allow tracking who posted, searched and downloaded files using the GAP protocol.
- VPN system for creating hidden services in the ".gnu" domain and forwarding IPv4 and IPv6 tunnels over a P2P network. Additionally, IPv4-to-IPv6 and IPv6-to-IPv4 translation schemes are supported, as well as IPv4-over-IPv6 and IPv6-over-IPv4 tunneling.
- GNUnet Conversation service for making voice calls over GNUnet. GNS is used to identify users, the content of voice traffic is transmitted in encrypted form. Anonymity is not yet provided - other peers can track the connection between two users and determine their IP addresses.
- Platform for building decentralized social networks Secushare, using the PSYC protocol and supporting the distribution of notifications in multicast mode using end-to-end encryption so that only authorized users (those to whom messages are not addressed) can access messages, files, chats and discussions , including node administrators, will not be able to read them);
- A pretty Easy privacy encrypted email system that uses GNUnet to protect metadata and supports various cryptographic protocols for key verification;
- The GNU Taler payment system provides anonymity for buyers, but tracks seller transactions for transparency and tax reporting. It supports working with various existing currencies and electronic money, including dollars, euros and bitcoins.
The new version of GNUnet contains changes that break protocol compatibility and lead to possible problems when nodes based on GNUnet 0.17 and older releases interact. In particular, compatibility at the distributed hash table (DHT) level has been broken - the DHT implementation has been updated to a new version of the specification, and the block type definitions have been moved to GANA (GNUnet Assigned Numbers Authority). Added support for aligned and regrouped message formats. Backwards incompatible changes regarding the decentralized GNS domain name system (GNU Name System) are also carried over from the new version of the specification. For records added to GNS, it is possible to configure the record lifetime.
Source: opennet.ru