Brought to you by @krixano and @gitcenter
KxoId is a new Id Provider, created by @krixano and @gitcenter, that ensures Unique usernames. It uses the PeerMessage plugin to:
- make sure all registration requests only happen within the ZeroNet network
- ensure the servers cannot be blocked easily by ISPs or Governments
- and ensure that IPs are not leaked to the clearnet and that IPs remain hidden when using Tor
KxoId uses a two-level system.
- Level 1 - This is always preferred first. Level 1 uses only the official KxoNetwork servers to do the registrations. This offers the highest level of trust to ensure usernames are always unique.
- Level 2 - This is used when the official KxoNetwork servers are unavailable on the network (e.g. if they go down). Level 2 uses a set of Trusted Peers to handle the registrations.
Zite owners can easily restrict login to only Level 1 ids on their zites.Detecting Traitor Peers
Because Trusted Peers can give the private keys used for registrations to new Trusted Peers - there's always a chance a peer that intentionally malfunctions (e.g. intentionally allows registration of non-unique usernames) can become a "Trusted Peer". We call this type of Peer a Traitor Peer.
KxoId will have a system to try to detect Traitor Peers. When a Traitor Peer is detected, the following will happen:
- Any non-unique usernames the peer has created will be added to the Traitor Blocklist. We recommend both users and zite owners block these accounts. These users will be notified when they visit KxoNetwork that their id was added to the blocklist due to not being unique.
- KxoId requires that all registrations handled by "Trusted Peers" be logged in. So, the account associated with the traitor peer is also added to the blocklist. The ip address of the peer will also be added to a list.
- Unique usernames are re-verified and re-added to the database under a more trustworthy peer.
ZeroId accesses a clearnet server to ensure usernames are always unique. This server handles detecting of existing users as well as the signing of the user ids. Due to this, the server is easily inaccessible by blocking its IP address (China has already done this multiple times).
KaffieId is a fully decentralized Id Provider - Id Signature creation happens locally, on the computer doing the registration. Because of this, KaffieId does not ensure unique usernames.
KxoId uses a collection of Trusted Peer servers. Requests are given to and sent from these servers by broadcasting over the ZeroNet network using the PeerMessage plugin.
When you register a username, an encrypted message is broadcasted over the network with the help of the PeerMessage plugin. The message is encrypted via ECIES (which is known to be safe) to ensure that nobody can steal your username before it's registered.Broadcasting with PeerMessage
The message is sent to 5 random peers. Those peers broadcast the message to 5 other peers (so 25 peers total), and so on. This means that the message is broadcasted to the whole network very quickly. For signing, we use ECDSA, the same thing that Bitcoin uses for signing (we don't have blockchain!!).KxoId Registration
When a Trusted Peer receives a message, they will decrypt it, validate your request, and add you to the database. You will be able to use ZeroNet in less than a minute.KxoId Consensus
However, what would happen when two people try to register the same username at the same time? No problem, KxoID uses a consensus algorithm to fix this.
When you try to register, the Trusted Peers talk to each other (via signed broadcasts) to make sure that the username is not being registered already. In this case, the one who's message is received first will get the username.