DHT (distributed hash table) is a class of distributed systems that provides access to a shared dictionary of key➛value pairs from any node of the network, and in which this data is distributed among the participants. DHT are used in particular for peer to peer file sharing.
I am very excited about an initiative that we are spearheading at Savoir-faire Linux which takes aim at the secure communication market. The major issue at large is that you cannot have privacy when there is a centralized server or service which can monitor and measure your communication with others – Big Brother is always watching. The solutions on the market today require that you connect via their service so that they can define a revenue model such as selling advertising or charging usage fees.
Being true to our roots of supporting and developing free software, SFL is developing a communication platform that requires no centralized server to communicate and this leave the power of privacy in the hands of the user.
By adopting the same technology that is used by popular Torrent networks – Distributed Hash Tables (DHT) – the platform creates its own secure network over the Internet by which it can distribute directory functions, authentication and encryption across all systems connected to it – we call it Ring.
So maybe you are asking yourself now:
Okay, it sounds cool but what does that mean for me?
Let’s take a look at some of the advantages:
There is no centralised server so no one can track you and the service can never go down
You control whom you give your ID key to – without knowing your key there is no way to reach you
Its free – as in no charge and also as in GPL
It doesn’t require any configuration setup and no password
It is all encrypted – communication is point to point encrypted for chat, video conference and voice calling up to AES128
It is available on multiple platforms – Linux, Mac, Windows, IOS, Android, and potentially more
More about Ring:
Say Hello to Ring ― Ultimate Privacy and Control for your Voice, Video and Chat Communications
Imagine a free software for multimedia communication so instantly easy to use that it requires no special configuration, no online account, and no password. Imagine that it is built with the latest peer-to-peer (P2P) technologies, secured with the best encryption standards, and that you can use it for free, without licence fee, to exchange voice and video communications with one or more callers. Well, this software is born. It is called Ring and is still in its early alpha stage.
I have asked Guillaume Roguez, a senior Free Software Consultant at Savoir-faire Linux and Director of the Ring project, to share some technical details:
Tell us how Ring is born and what are its basic characteristics?
Ring is the evolution of a former project — SFLphone — which has matured over the last ten years and was based on the old concept of centralized data. The change in technology and the world in general has been the guiding framework of the new software. We have completely rewritten the deeper layers and decided to incorporate so new and revolutionary features in it that we had to change the name.
The essential concept is decentralization. Ring implements the DHT — a technology to identify and retrieve IP addresses of any client connected to a distributed network system. So, it is no longer necessary to go through a centralized server as SIP or AIX2 to locate and call someone.
With Ring, each account is identified on the network by a personal digital footprint commonly called “hash” ― a unique code of 40 letters and numbers linked to an identification certificate and a pair of asymmetric keys for encryped communications. It registers itself by distributing its identity not to one but multiple equivalent “servers” ― each machine acting in fact as an identity server for others. These machines can appear, disappear and be replaced by others at any time. The table of hashes containing all the identities of connected users and their IP addresses at a given time is distributed to all their machines.
To use a simple analogy is, things happens almost like in a street of a residential area. You know your neighbors, but not the neighbors of your neighbors’ neighbors. Yet it will be easy to find them by querying a first neighbor who will ask another and so on. A substantial difference is that digital networks are much faster and much more effective than word of mouth. (laughs)
Can we really speak of complete privacy?
Yes, to the extent that this issue is returned to brought back to where it resided earlier ― at the human level. When you communicate with someone, you do it with confidence to that person. Ring ensures that confidence is maintained and reliable.
Technologically, encryption is based on the well known system of asymmetric keys ― public key and private key. Ring uses the latter to encrypt outgoing communications. The private key is stored only on your machine and never comes out: only you possess the copy. Even if some entity intercepted data packets on the fly, you can be certain that they will not get any benefit.
Another very important aspect of security is the fact that Ring is a free software licensed under GPLv3. Its source code resides on the public servers of Savoir-faire Linux, and the codes of its software dependencies are available on the public servers of their respective communities. In short, everything is free, accessible, and transparent!
Advanced users can also help to correct problems: we welcome contributions. We expect people to tell us what needs to be corrected, but they can also do it and submit their patches. This is the way it worked with SFLphone and it works pretty well.
What operating systems does Ring support and what is the roadmap?
At the end of April, we have opened our first alpha version, still in its infancy, for 64-bit Linux systems based on Ubuntu and Fedora as well as Mac OSX. Of course, we have already tested internally and with a bunch of geeks our there, but we have to check if it works well on a large distributed network. It is expected that we receive a lot of feedback and correct some problems. This is precisely the aim of this first step.
Subsequently, we’ll start the beta phase, adding more advanced features, and with two main objectives:
First, frequency. We want to be very close to the needs and feedback of the community. So we will offer frequent updates.
Secondly, interoperability. We will work on mobile platforms such as Android and simultaneously on a Windows port, which is already well advanced.
Making our tools available to as many people as possible is in the very logic and moral values of free software. So we develop Ring constantly keeping in mind the fact that he had to be portable across many architectures ― office systems and mobile platforms, of course, but also (and perhaps, especially) embedded systems. With the Internet of Things, embedded systems will become highly sensitive platforms in the coming years.
» Interview by ring:6a8da1380eb39e06d76634944384022ca92da937
The need for efficient public distributed systems is becoming increasingly important as the influence of the Net giants centralizing information and communications more than ever is growing every day. This is a paradox since the Internet gives network nodes the unprecedented opportunity to exchange directly, without centralized processing point.
To address this issue, we developed OpenDHT — a free and open library implementing a distributed hash table and incorporating a number of important innovations. OpenDHT is at the heart of Ring, the decentralized communication system that we are also releasing today.
DHT (distributed hash table) is a class of distributed systems that provides access to a shared dictionary of key ➛ value pairs from any node of the network, and in which this data is distributed among the participants. Currently, the most popular DHT networks, such as Mainline DHT (BitTorrent), are used for peer to peer file sharing. On these networks, the key is the identifier of the torrent file — also called “Magnet link” — and the values are the IP addresses of the seeders, i.e. the clients sharing the torrent.
OpenDHT is a light and robust network project DHT in C++11 proposing a simple to use interface for application developers. Originally inspired by the DHT library developed by Juliusz Chroboczek and used, for example, by the BitTorrent client Transmission, OpenDHT includes a number of important innovations.
OpenDHT provides the ability to store any type of data — not just IP addresses — with a limit value of 64 KB. It has also a listening function (listen) enabling a node to be informed of changes in key values. Since we needed these crucial features for the Ring project, we wew pushed to create OpenDHT with the counterparty to make its protocol incompatible with the Mainline DHT network of BitTorrent.
The listen function is for example used in Ring to enable receiving calls or messages, even for computers behind NATs. In conjunction with the ICE technology, OpenDHT then allows the robust establishment of peer-to-peer connections.
OpenDHT is published on GitHub under the The GNU General Public License v3.0. Comments and patches are welcome. An early documentation is also available here.
OpenDHT is simple to use, thus reducing the cost and difficulty of developing applications that benefit from it. For example, starting a new node on local port 4222, and connecting to the network through a known node is as simple as these three lines of C++:
In the most popular type of DHT network (Kademlia) used by OpenDHT, each node (participant program) of the network has a unique identifier evenly distributed in the identifiers space — a 160-bit space in our case.
Similarly, each data stored on the network is characterized by an identifier which is its key. The keys are uniformly distributed in the same 160-bit space as the node identifiers. Multiple values can share the same key.
The binary operator XOR (⊕) is defined as the distance operator between key, or between keys and node IDs. To recap, the XOR result is true if both operands have different Boolean values. This implies that the XOR result of two 160-bit keys is the “binary distance” between these keys: A ⊕ A = 0 for every key A. For two distinct keys A and B with X = A ⊕ B, the number of zero bits at the beginning of X will be equal to the number of bits common to the beginning of A and B.
This interesting property offers the ability to partition each node’s routing table using a binary tree. In fact, each node maintains and updates a routing table including mainly the neighbouring nodes (in the sense of distance of the XOR operator introduced above).
A data element, that is to say a key-value pair (K, V), will be stored on the L nodes that are closest to key K (typically with L = 8). Any node knowing K will be able to find V by an iterative algorithm which will lead him to contact nodes whose identifiers are increasingly closer to K (Fig. 1).
Queries including the K key and the reply of each node include a list of other nodes known as closest to K. V value will be found in just O (log (N)) iterations — N representing the number of nodes on the network.
Just like the Internet, public DHT are inherently unreliable networks. They involve trusting many other programs randomly on the network to store data.
Instead of trying to make the protocol resistant and withstanding any type of malicious node, which would be illusive, the OpenDHT approach is to consider the network itself as untrustworthy and build over an optional cryptographic layer public key, using the PKCS infrastructure, and to verify the author and message integrity (signature) and encrypt the latter with public certificates published on the DHT network.
Knowing the identifier of the contact_id public key of a contact, storing an encrypted data for this contact on the DHT network is as simple as:
node.putEncrypted("my_key", contact_id, value);
The cryptography layer — or identity layer — then will transparently retrieve the certificate of the contact, use the public key to encrypt the data, and then store it on the network.
This layer will also transparently check the signature of signed data received. If the check fails, the data is not presented to the application. Similarly, only encrypted data that can be decrypted are passed to the application.
Ring implements these cryptographic operations to securely exchange invitations, initiation of calls and private messages. The network is therefore really used as a public meeting place.