cMixx Mixnet PKI
Benjamin Wenger
Richard T. Carback III
David Stainton
Introduction
As mentioned in the threat model, the mixnet PKI system holds the authority over all the privacy and security notions of the entire mix network. For example an adversary that compromises the PKI can swap out the old mix cascades for his own mix cascades where the adversary knows all the cMix keys and can therefore link senders and receivers. Additionally the PKI system is responsible for distributing public key material for our wire protocol authentication. Therefore all the other privacy and security guarantees of the mixnet all depend on the PKI not being compromised by the adversary.
Elixxir engineering efforts have been iterative. Currently the PKI is a single server (permissioning server[^1]) however the implementation in the future will be fully decentralized and involve the Elixxir blockchain and BFT consensus protocols. These implementation details of the PKI are outside the scope of this document which only attempts to describe the high level abstraction of the mixnet PKI. Here we will discuss how the PKI is used by the various components in our mixnet: clients, gateways and mix nodes.
Just like other network components, the PKI uses the mixnet's wire protocol (which is essentially gRPC over TLS). The PKI's purpose is to publish and distribute the "network view" documents to the other network components. In the Elixxir mixnet the "network view" is composed of a NDF (network definition file). The NDF acts as a sort of DNS zone file for the entire network but includes port numbers and cryptographic keying material necessary for the xx protocol stack, similar to the consensus document (generated by the Tor network's Directory Authority system) in Tor.
The PKI document contains X.509 certificates which are used by the network components for their TLS authentication. Additionally the mix cascade hierarchy is enforced by this TLS authentication by means of certificates distributed in the PKI document.
Currently, a permissioning server[^1], which will be replaced by blockchain consensus, generates and signs the NDF. The cMix nodes poll the permissioning server for the "Full" NDF, which consists of all network connectivity information. The cMix gateways poll their local cMix node for both a "Partial" and "Full" NDF. A Partial NDF does not contain connectivity information for other nodes, and clients are able to poll any cMix gateways for the Partial NDF.
Diagram: Permissioning (generates NDF) -> Nodes -> Gateways -> Clients
- Gateways don't talk to permissioning
- Clients don't talk to nodes or permissioning
Similar to how cacheing DNS resolvers prevent clients from having to talk directly to the authoritative servers, xx clients don't need to talk to PKI system directly because the NDF and mix rounds information is cached and made available by the Gateways.
The NDF contains a list of "Nodes" (cMix nodes) and "Gateways" (cMix gateways) that detail the address and the PEM encoded TLS X.509 public keys for each entity. An example of this data structure from a Partial NDF is as follows:
{
"...": "...",
"Gateways": [
{
"Id": "6ZTH8Y01DHrRFahBtLjF4uRTPed/JuM1R12lr2A2hv0B",
"Address": "161.35.228.41:22840",
"Tls_certificate": "-----BEGIN CERTIFICATE-----\n...==\n-----END CERTIFICATE-----\n",
"Bin": "NorthAmerica"
},
"...": "...",
],
"Nodes": [
{
"Id": "6ZTH8Y01DHrRFahBtLjF4uRTPed/JuM1R12lr2A2hv0C",
"Address": "",
"Tls_certificate": "",
"Status": 0
},
{},
],
"...": "...",
}
PKI document format
The complete gRPC schema can be found here:
https://git.xx.network/elixxir/comms/-/blob/release/mixmessages/mixmessages.proto
Here we have the NDF which is opaque because it's signed:
// The Network Definition File is defined as a
// JSON structure in primitives/ndf. Can be provided in a
// "complete" and "incomplete" format. An incomplete
// NDF is provided to level 4 (ie clients) to protect the inner levels
message NDF{
bytes Ndf = 1;
messages.RSASignature Signature = 2;
}
Whereas the inner NDF structure is defined elsewhere ( https://gitlab.com/xx_network/primitives/-/blob/release/ndf/ndf.go ) :
// NetworkDefinition structure hold connection and network information. It
// matches the JSON structure generated in Terraform.
type NetworkDefinition struct {
Timestamp time.Time
Gateways []Gateway
Nodes []Node
Registration Registration
Notification Notification
UDB UDB `json:"Udb"`
E2E Group `json:"E2e"`
CMIX Group `json:"Cmix"`
AddressSpace []AddressSpace
ClientVersion string // Ids that bypass rate limiting
WhitelistedIds []string // Ips that bypass rate limiting
WhitelistedIpAddresses []string //Details on how gateways will rate limit clients
RateLimits RateLimiting
}
The Future Decentralized PKI
Here we should include links to the documentation about the “PKI” blockchain consensus BFT protocols that we are using for the future decentralized PKI system