rfc/spec/33/index.html

464 lines
20 KiB
HTML

<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta name="generator" content="Hugo 0.106.0">
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="Abstract # 33/WAKU2-DISCV5 specifies a modified version of Ethereum&rsquo;s Node Discovery Protocol v5 as a means for ambient node discovery. 10/WAKU2 uses the 33/WAKU2-DISCV5 ambient node discovery network for establishing a decentralized network of interconnected Waku2 nodes. In its current version, the 33/WAKU2-DISCV5 discovery network is isolated from the Ethereum Discovery v5 network. Isolation improves discovery efficiency, which is especially significant with a low number of Waku nodes compared to the total number of Ethereum nodes.">
<meta name="theme-color" content="#FFFFFF"><meta property="og:title" content="33/WAKU2-DISCV5" />
<meta property="og:description" content="Abstract # 33/WAKU2-DISCV5 specifies a modified version of Ethereum&rsquo;s Node Discovery Protocol v5 as a means for ambient node discovery. 10/WAKU2 uses the 33/WAKU2-DISCV5 ambient node discovery network for establishing a decentralized network of interconnected Waku2 nodes. In its current version, the 33/WAKU2-DISCV5 discovery network is isolated from the Ethereum Discovery v5 network. Isolation improves discovery efficiency, which is especially significant with a low number of Waku nodes compared to the total number of Ethereum nodes." />
<meta property="og:type" content="article" />
<meta property="og:url" content="https://rfc.vac.dev/spec/33/" /><meta property="article:section" content="docs" />
<title>33/WAKU2-DISCV5 | Vac RFC</title>
<link rel="manifest" href="/manifest.json">
<link rel="icon" href="/favicon.png" type="image/x-icon">
<link rel="stylesheet" href="/book.min.e935e20bd0d469378cb482f0958edf258c731a4f895dccd55799c6fbc8043f23.css" integrity="sha256-6TXiC9DUaTeMtILwlY7fJYxzGk&#43;JXczVV5nG&#43;8gEPyM=">
<script defer src="/en.search.min.3046b86cb92dccdec08b19835aacb2c101f5dcdcb9724839cd2e5d755c428ae5.js" integrity="sha256-MEa4bLktzN7AixmDWqyywQH13Ny5ckg5zS5ddVxCiuU="></script>
<!--
Made with Book Theme
https://github.com/alex-shpak/hugo-book
-->
</head>
<body dir="ltr">
<input type="checkbox" class="hidden toggle" id="menu-control" />
<input type="checkbox" class="hidden toggle" id="toc-control" />
<main class="container flex">
<aside class="book-menu">
<div class="book-menu-content">
<nav>
<h2 class="book-brand">
<a href="/"><span>Vac RFC</span>
</a>
</h2>
<div class="book-search">
<input type="text" id="book-search-input" placeholder="Search" aria-label="Search" maxlength="64" data-hotkeys="s/" />
<div class="book-search-spinner hidden"></div>
<ul id="book-search-results"></ul>
</div>
<ul>
<li>Raw
<ul>
<li><a href="/spec/20/">20/TOY-ETH-PM</a></li>
<li><a href="/spec/24/">24/STATUS-CURATION</a></li>
<li><a href="/spec/28/">28/STATUS-FEATURING</a></li>
<li><a href="/spec/31/">31/WAKU2-ENR</a></li>
<li><a href="/spec/32/">32/RLN-V1</a></li>
<li><a href="/spec/34/">34/WAKU2-PEER-EXCHANGE</a></li>
<li><a href="/spec/35/">35/WAKU2-NOISE</a></li>
<li><a href="/spec/37/">37/WAKU2-NOISE-SESSIONS</a></li>
<li><a href="/spec/38/">38/CONSENSUS-CLARO</a></li>
<li><a href="/spec/43/">43/WAKU2-NOISE-PAIRING</a></li>
<li><a href="/spec/44/">44/WAKU2-DANDELION</a></li>
<li><a href="/spec/45/">45/WAKU2-ADVERSARIAL-MODELS</a></li>
<li><a href="/spec/46/">46/GOSSIPSUB-TOR-PUSH</a></li>
<li><a href="/spec/47/">47/WAKU2-TOR-PUSH</a></li>
<li><a href="/spec/48/">48/RLN-INTEREP-SPEC</a></li>
<li><a href="/spec/51/">51/WAKU2-RELAY-SHARDING</a></li>
<li><a href="/spec/52/">52/WAKU2-RELAY-STATIC-SHARD-ALLOC</a></li>
<li><a href="/spec/57/">57/STATUS-Simple-Scaling</a></li>
<li><a href="/spec/58/">58/RLN-V2</a></li>
</ul>
</li>
<li>Draft
<ul>
<li><a href="/spec/1/">1/COSS</a></li>
<li><a href="/spec/3/">3/REMOTE-LOG</a></li>
<li><a href="/spec/4/">4/MVDS-META</a></li>
<li><a href="/spec/10/">10/WAKU2</a></li>
<li><a href="/spec/12/">12/WAKU2-FILTER</a></li>
<li><a href="/spec/13/">13/WAKU2-STORE</a></li>
<li><a href="/spec/14/">14/WAKU2-MESSAGE</a></li>
<li><a href="/spec/15/">15/WAKU2-BRIDGE</a></li>
<li><a href="/spec/16/">16/WAKU2-RPC</a></li>
<li><a href="/spec/17/">17/WAKU2-RLN-RELAY</a></li>
<li><a href="/spec/18/">18/WAKU2-SWAP</a></li>
<li><a href="/spec/19/">19/WAKU2-LIGHTPUSH</a></li>
<li><a href="/spec/21/">21/WAKU2-FTSTORE</a></li>
<li><a href="/spec/22/">22/TOY-CHAT</a></li>
<li><a href="/spec/23/">23/WAKU2-TOPICS</a></li>
<li><a href="/spec/26/">26/WAKU2-PAYLOAD</a></li>
<li><a href="/spec/27/">27/WAKU2-PEERS</a></li>
<li><a href="/spec/29/">29/WAKU2-CONFIG</a></li>
<li><a href="/spec/30/">30/ADAPTIVE-NODES</a></li>
<li><a href="/spec/33/"class=active>33/WAKU2-DISCV5</a></li>
<li><a href="/spec/36/">36/WAKU2-BINDINGS-API</a></li>
<li><a href="/spec/53/">53/WAKU2-X3DH</a></li>
<li><a href="/spec/54/">54/WAKU2-X3DH-SESSIONS</a></li>
<li><a href="/spec/55/">55/STATUS-1TO1-CHAT</a></li>
<li><a href="/spec/56/">56/STATUS-COMMUNITIES</a></li>
</ul>
</li>
<li>Stable
<ul>
<li><a href="/spec/2/">2/MVDS</a></li>
<li><a href="/spec/6/">6/WAKU1</a></li>
<li><a href="/spec/7/">7/WAKU-DATA</a></li>
<li><a href="/spec/8/">8/WAKU-MAIL</a></li>
<li><a href="/spec/9/">9/WAKU-RPC</a></li>
<li><a href="/spec/11/">11/WAKU2-RELAY</a></li>
</ul>
</li>
<li>Deprecated
<ul>
<li><a href="/spec/5/">5/WAKU0</a></li>
</ul>
</li>
<li>Retired</li>
</ul>
</nav>
<script>(function(){var e=document.querySelector("aside.book-menu nav");addEventListener("beforeunload",function(){localStorage.setItem("menu.scrollTop",e.scrollTop)}),e.scrollTop=localStorage.getItem("menu.scrollTop")})()</script>
</div>
</aside>
<div class="book-page">
<header class="book-header">
<div class="flex align-center justify-between">
<label for="menu-control">
<img src="/svg/menu.svg" class="book-icon" alt="Menu" />
</label>
<strong>33/WAKU2-DISCV5</strong>
<label for="toc-control">
<img src="/svg/toc.svg" class="book-icon" alt="Table of Contents" />
</label>
</div>
<aside class="hidden clearfix">
<nav id="TableOfContents">
<ul>
<li><a href="#separate-discovery-network">Separate Discovery Network</a>
<ul>
<li><a href="#wrt-waku2-relay-network">w.r.t. Waku2 Relay Network</a></li>
<li><a href="#wrt-ethereum-discovery-v5">w.r.t. Ethereum Discovery v5</a></li>
</ul>
</li>
</ul>
<ul>
<li><a href="#waku2-specific-protocol-id">WAKU2-Specific <code>protocol-id</code></a></li>
</ul>
<ul>
<li><a href="#sybil-attack">Sybil attack</a></li>
<li><a href="#eclipse-attack">Eclipse attack</a></li>
<li><a href="#security-implications-of-a-separate-discovery-network">Security Implications of a Separate Discovery Network</a></li>
</ul>
</nav>
</aside>
</header>
<article class="markdown">
<h1 id="33waku2-discv5">
33/WAKU2-DISCV5
<a class="anchor" href="#33waku2-discv5">#</a>
</h1>
<h1 id="waku-v2-discv5-ambient-peer-discovery">
Waku v2 Discv5 Ambient Peer Discovery
<a class="anchor" href="#waku-v2-discv5-ambient-peer-discovery">#</a>
</h1>
<img src="https://img.shields.io/badge/status-draft-blue?style=flat-square" />
<ul>
<li>Status: draft</li>
<li>Editor: Daniel Kaiser <a href="mailto:danielkaiser@status.im">danielkaiser@status.im</a></li>
</ul><h1 id="abstract">
Abstract
<a class="anchor" href="#abstract">#</a>
</h1>
<p><code>33/WAKU2-DISCV5</code> specifies a modified version of <a href="https://github.com/ethereum/devp2p/blob/master/discv5/discv5.md">Ethereum&rsquo;s Node Discovery Protocol v5</a> as a means for ambient node discovery.
<a href="/specs/10">10/WAKU2</a> uses the <code>33/WAKU2-DISCV5</code> ambient node discovery network for establishing a decentralized network of interconnected Waku2 nodes.
In its current version, the <code>33/WAKU2-DISCV5</code> discovery network is isolated from the Ethereum Discovery v5 network.
Isolation improves discovery efficiency, which is especially significant with a low number of Waku nodes compared to the total number of Ethereum nodes.</p>
<h1 id="disclaimer">
Disclaimer
<a class="anchor" href="#disclaimer">#</a>
</h1>
<p>This version of <code>33/WAKU2-DISCV5</code> has a focus on timely deployment of an efficient discovery method for <a href="/specs/10">10/WAKU2</a>.
Establishing a separate discovery network is in line with this focus.
However, we are aware of potential resilience problems (see section on security considerations) and are <a href="https://forum.vac.dev/t/waku-v2-discv5-roadmap-discussion/121/8">discussing</a>
and researching hybrid approaches.</p>
<h1 id="background-and-rationale">
Background and Rationale
<a class="anchor" href="#background-and-rationale">#</a>
</h1>
<p><a href="/specs/11">11/WAKU2-RELAY</a> assumes the existence of a network of Waku2 nodes.
For establishing and growing this network, new nodes trying to join the Waku2 network need a means of discovering nodes within the network.
<a href="/specs/10">10/WAKU2</a> supports the following discovery methods in order of increasing decentralization</p>
<ul>
<li>hard coded bootstrap nodes</li>
<li><a href="https://rfc.vac.dev/spec/10/#discovery-domain"><code>DNS discovery</code></a> (based on <a href="https://eips.ethereum.org/EIPS/eip-1459">EIP-1459</a>)</li>
<li><code>peer-exchange</code> (work in progress)</li>
<li><code>33/WAKU2-DISCV5</code> (specified in this document)</li>
</ul>
<p>The purpose of ambient node discovery within <a href="/specs/10">10/WAKU2</a> is discovering Waku2 nodes in a decentralized way.
The unique selling point of <code>33/WAKU2-DISCV5</code> is its holistic view of the network, which allows avoiding hotspots and allows merging the network after a split.
While the other methods provide either a fixed or local set of nodes, <code>33/WAKU2-DISCV5</code> can provide a random sample of Waku2 nodes.
Future iterations of this document will add the possibility of efficiently discovering Waku2 nodes that have certain capabilities, e.g. holding messages of a certain time frame during which the querying node was offline.</p>
<h2 id="separate-discovery-network">
Separate Discovery Network
<a class="anchor" href="#separate-discovery-network">#</a>
</h2>
<h3 id="wrt-waku2-relay-network">
w.r.t. Waku2 Relay Network
<a class="anchor" href="#wrt-waku2-relay-network">#</a>
</h3>
<p><code>33/WAKU2-DISCV5</code> spans an overlay network separate from the <a href="https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/README.md">GossipSub</a> network <a href="/specs/11">11/WAKU2-RELAY</a> builds on.
Because it is a P2P network on its own, it also depends on bootstrap nodes.
Having a separate discovery network reduces load on the bootstrap nodes, because the actual work is done by randomly discovered nodes.
This also increases decentralization.</p>
<h3 id="wrt-ethereum-discovery-v5">
w.r.t. Ethereum Discovery v5
<a class="anchor" href="#wrt-ethereum-discovery-v5">#</a>
</h3>
<p><code>33/WAKU2-DISCV5</code> spans a discovery network isolated from the Ethereum Discovery v5 network.</p>
<p>Another simple solution would be taking part in the Ethereum Discovery network, and filtering Waku nodes based on whether they support <a href="/specs/31">31/WAKU2-ENR</a>.
This solution is more resilient towards eclipse attacks.
However, this discovery method is very inefficient for small percentages of Waku nodes (see <a href="https://forum.vac.dev/t/waku-v2-discv5-roadmap-discussion/121/8">estimation</a>).
It boils down to random walk discovery and does not offer a O(log(n)) hop bound.
The rarer the requested property (in this case Waku), the longer a random walk will take until finding an appropriate node, which leads to a needle-in-the-haystack problem.
Using a dedicated Waku2 discovery network, nodes can query this discovery network for a random set of nodes
and all (well-behaving) returned nodes can serve as bootstrap nodes for other Waku2 protocols.</p>
<p>A more sophisticated solution would be using <a href="https://github.com/ethereum/devp2p/blob/master/discv5/discv5-theory.md#topic-advertisement">Discv5 topic discovery</a>.
However, in its current state it also has efficiency problems for small percentages of Waku nodes and is still in the design phase (<a href="https://github.com/ethereum/devp2p/issues/199">see here</a>).</p>
<p>Currently, the Ethereum discv5 network is very efficient in finding other discv5 nodes,
but it is not so efficient for finding discv5 nodes that have a specific property or offer specific services, e.g. Waku.</p>
<p>As part of our <a href="https://forum.vac.dev/t/waku-v2-discv5-roadmap-discussion/121">discv5 roadmap</a>, we consider two ideas for future versions of <code>33/WAKU2-DISCV5</code></p>
<ul>
<li><a href="https://github.com/ethereum/devp2p/blob/master/discv5/discv5-theory.md#topic-advertisement">Discv5 topic discovery</a> with adjustments (ideally upstream)</li>
<li>a hybrid solution that uses both a separate discv5 network and a Waku-ENR-filtered Ethereum discv5 network</li>
</ul>
<h1 id="semantics">
Semantics
<a class="anchor" href="#semantics">#</a>
</h1>
<p><code>33/WAKU2-DISCV5</code> fully inherits the <a href="https://github.com/ethereum/devp2p/blob/master/discv5/discv5-theory.md">discv5 semantics</a>.</p>
<p>Before announcing their address via Waku2 discv5, nodes SHOULD check if this address is publicly reachable.
Nodes MAY use the <a href="https://github.com/libp2p/specs/blob/master/autonat/README.md">libp2p AutoNAT protocol</a> to perform that check.
Nodes SHOULD only announce publicly reachable addresses via Waku2 discv5,
to avoid cluttering peer lists with nodes that are not reachable.</p>
<h1 id="wire-format-specification">
Wire Format Specification
<a class="anchor" href="#wire-format-specification">#</a>
</h1>
<p><code>33/WAKU2-DISCV5</code> inherits the <a href="https://github.com/ethereum/devp2p/blob/master/discv5/discv5-wire.md">discv5 wire protocol</a> except for the following differences</p>
<h2 id="waku2-specific-protocol-id">
WAKU2-Specific <code>protocol-id</code>
<a class="anchor" href="#waku2-specific-protocol-id">#</a>
</h2>
<p>Ethereum discv5:</p>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<p><code>33/WAKU2-DISCV5</code>:</p>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<h1 id="suggestions-for-implementations">
Suggestions for Implementations
<a class="anchor" href="#suggestions-for-implementations">#</a>
</h1>
<p>Existing discv5 implementations</p>
<ul>
<li>can be augmented to make the <code>protocol-id</code> selectable using a compile-time flag as in <a href="https://github.com/kaiserd/nim-eth/blob/add-selectable-protocol-id-static/eth/p2p/discoveryv5/encoding.nim#L34">this feature branch</a> of nim-eth/discv5.</li>
<li>can be forked followed by changing the <code>protocol-id</code> string as in <a href="https://github.com/status-im/go-waku/blob/master/waku/v2/discv5/discover.go#L135-L137">go-waku</a>.</li>
</ul>
<h1 id="security-considerations">
Security Considerations
<a class="anchor" href="#security-considerations">#</a>
</h1>
<h2 id="sybil-attack">
Sybil attack
<a class="anchor" href="#sybil-attack">#</a>
</h2>
<p>Implementations should limit the number of bucket entries that have the same network parameters (IP address / port) to mitigate Sybil attacks.</p>
<h2 id="eclipse-attack">
Eclipse attack
<a class="anchor" href="#eclipse-attack">#</a>
</h2>
<p>Eclipse attacks aim to eclipse certain regions in a DHT.
Malicious nodes provide false routing information for certain target regions.
The larger the desired eclipsed region, the more resources (i.e. controlled nodes) the attacker needs.
This introduces an efficiency versus resilience tradeoff.
Discovery is more efficient if information about target objects (e.g. network parameters of nodes supporting Waku) are closer to a specific DHT address.
If nodes providing specific information are closer to each other, they cover a smaller range in the DHT and are easier to eclipse.</p>
<p>Sybil attacks greatly increase the power of eclipse attacks, because they significantly reduce resources necessary to mount a successful eclipse attack.</p>
<h2 id="security-implications-of-a-separate-discovery-network">
Security Implications of a Separate Discovery Network
<a class="anchor" href="#security-implications-of-a-separate-discovery-network">#</a>
</h2>
<p>A dedicated Waku discovery network is more likely to be subject to successful eclipse attacks (and to DoS attacks in general).
This is because eclipsing in a smaller network requires less resources for the attacker.
DoS attacks render the whole network unusable if the percentage of attacker nodes is sufficient.</p>
<p>Using random walk discovery would mitigate eclipse attacks targeted at specific capabilities, e.g. Waku.
However, this is because eclipse attacks aim at the DHT overlay structure, which is not used by random walks.
So, this mitigation would come at the cost of giving up overlay routing efficiency.
The efficiency loss is especially severe with a relatively small number of Waku nodes.</p>
<p>Properly protecting against eclipse attacks is challenging and raises research questions that we will address in future stages of our discv5 roadmap.</p>
<h1 id="references">
References
<a class="anchor" href="#references">#</a>
</h1>
<ol>
<li><a href="/specs/10"><code>10/WAKU2</code></a></li>
<li><a href="/specs/11"><code>11/WAKU2-RELAY</code></a></li>
<li><a href="/specs/31"><code>31/WAKU2-ENR</code></a></li>
<li><a href="https://github.com/ethereum/devp2p/blob/master/discv5/discv5.md">Node Discovery Protocol v5 (<code>discv5</code>)</a></li>
<li><a href="https://github.com/ethereum/devp2p/blob/master/discv5/discv5-theory.md"><code>discv5</code> semantics</a>.</li>
<li><a href="https://github.com/ethereum/devp2p/blob/master/discv5/discv5-wire.md"><code>discv5</code> wire protocol</a></li>
<li><a href="https://github.com/ethereum/devp2p/blob/master/discv5/discv5-theory.md#topic-advertisement"><code>discv5</code> topic discovery</a></li>
<li><a href="https://rfc.vac.dev/spec/10/#discovery-domain">Waku DNS discovery</a></li>
<li><a href="https://github.com/libp2p/specs/blob/master/autonat/README.md">libp2p AutoNAT protocol</a></li>
<li><a href="https://eips.ethereum.org/EIPS/eip-1459"><code>EIP-1459</code></a></li>
<li><a href="https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/README.md"><code>GossipSub</code></a></li>
<li><a href="https://forum.vac.dev/t/waku-v2-discv5-roadmap-discussion/121">Waku discv5 roadmap discussion</a></li>
<li><a href="https://forum.vac.dev/t/waku-v2-discv5-roadmap-discussion/121/8">discovery efficiency estimation</a></li>
<li><a href="https://github.com/kaiserd/nim-eth/blob/add-selectable-protocol-id-static/eth/p2p/discoveryv5/encoding.nim">implementation: Nim</a></li>
<li><a href="https://github.com/status-im/go-waku/blob/master/waku/v2/discv5/discover.go">implementation: Go</a></li>
</ol>
<h1 id="copyright">
Copyright
<a class="anchor" href="#copyright">#</a>
</h1>
<p>Copyright and related rights waived via <a href="https://creativecommons.org/publicdomain/zero/1.0/">CC0</a>.</p>
</article>
<footer class="book-footer">
<div class="flex flex-wrap justify-between">
</div>
</footer>
<div class="book-comments">
</div>
<label for="menu-control" class="hidden book-menu-overlay"></label>
</div>
<aside class="book-toc">
<div class="book-toc-content">
<nav id="TableOfContents">
<ul>
<li><a href="#separate-discovery-network">Separate Discovery Network</a>
<ul>
<li><a href="#wrt-waku2-relay-network">w.r.t. Waku2 Relay Network</a></li>
<li><a href="#wrt-ethereum-discovery-v5">w.r.t. Ethereum Discovery v5</a></li>
</ul>
</li>
</ul>
<ul>
<li><a href="#waku2-specific-protocol-id">WAKU2-Specific <code>protocol-id</code></a></li>
</ul>
<ul>
<li><a href="#sybil-attack">Sybil attack</a></li>
<li><a href="#eclipse-attack">Eclipse attack</a></li>
<li><a href="#security-implications-of-a-separate-discovery-network">Security Implications of a Separate Discovery Network</a></li>
</ul>
</nav>
</div>
</aside>
</main>
</body>
</html>