This repository evolves from an academic specification into an applied research project and a functional prototype focused on asynchronous messaging and file transfer with strong privacy guarantees.
Status: active research + initial prototype. Not production software.
- Taior (The Amnesic Incognito Oblivious Routing): overlay network focused on resisting traffic and metadata correlation, with cryptographic amnesia and minimal state retention.
- AORP (Adaptive Oblivious Routing Protocol): hop-by-hop probabilistic routing without predefined paths; the route emerges statistically and is known by no node.
- Metadata and timing correlation that can re-identify sender/receiver.
- Observation of fixed or predictable routes (circuits) exposing patterns.
- Need for practical anonymity for messaging and file sending without trusting individual nodes.
- Asynchronous messaging: store-and-forward delivery with delivery windows and probabilistic retries.
- File transfer: chunking, loss-tolerant reordering, hybrid routes to balance latency and privacy.
- Lightweight client: rotating identities and ephemeral keys; no persistent sessions.
- Phase 1 – Rotating identities (base prototype):
- Ephemeral keys per short session; automatic rotation.
- Initial guards selected with a minimal stability criterion.
- Primary metric: >95% message delivery under moderate load with p95 latency < 4x direct path.
- Phase 2 – Forwarding with ZK proofs (responsible forwarding pilot):
- Forwarding proofs without revealing identity (ephemeral tokens / zk receipts) for anonymous reputation.
- Primary metric: reputation false positives <1%, cryptographic overhead <15% of forwarding time.
- Phase 3 – Full amnesia (maturation):
- Accelerated deletion of state and keys after a short TTL.
- Adaptive multipath with a mix of cover traffic.
- Primary metric: end-to-end correlation ≈ baseline noise (e.g., mutual information ~0 within experimental margin).
- Guards: stable first hop to reduce predecessor attacks and limit source exposure.
- Probabilistic routes: after the guard, hop-by-hop selection with local function
f(latency, bandwidth, local_entropy, ephemeral_reputation, random_seed). - Hybrid routes: mix of short and long paths per profile (low latency vs. higher privacy). Adaptive cover packet ratio.
flowchart LR
C[Client] --> G[Guard]
G -- prob. --> N1[Node]
G -- prob. --> N2[Node]
N1 -- prob. --> N3[Node]
N2 -- prob. --> N4[Node]
N3 & N4 --> D[Logical destination]
- Anonymous micropayments: blind vouchers or tickets; preserve payer and node privacy.
- Subscription / quotas: prepaid quotas tied to rotating identities; avoid linkable persistent balances.
- Minimal incentives: dynamic fees by bandwidth/latency; mild penalties for nodes that fall below availability thresholds.
- No linkable payment histories; only ephemeral verifiable receipts.
- Cover and mix: cover traffic vs. real traffic ratio; initial target 1:1 at peaks, 1:0.3 at rest.
- Route entropy: diversity of next hops per packet; distribution close to uniform within the trusted neighborhood.
- Resistance to temporal correlation: jitter and batching; p95 temporal misalignment > configurable Δ.
- Limited observability: only aggregate counters (success/fail per window, p50/p95 latency, bandwidth consumption). Persistent identifiers in logs are forbidden.
- Delivery and loss: delivery success, retries, TTL exhausted vs. delivered.
- Partial network adversary: can observe multiple links but not the whole network; can inject/drop packets in limited domains.
- Adversary with malicious nodes: controls a subset of nodes but not the majority of guards or all edges.
- Not covered: fully compromised endpoints, perfect global adversary, side-channels outside the network layer.
- Mitigations: guards, key rotation, probabilistic routes, cover traffic, forwarding proofs to discourage lazy nodes.
- Milestone 0: Minimal CLI client (short messages), fixed guard, basic probabilistic forwarding. Metric: >90% delivery in a 5-node testnet.
- Milestone 1: Configurable cover traffic, chunking/reassembly of small files (<5 MB). Metric: p95 file delivery < 8x direct latency.
- Milestone 2: Automated rotating identities + guard selection with stability criteria. Metric: reduced source-guard correlation measured by simulation.
- Milestone 3: ZK proofs or ephemeral tokens for responsible forwarding. Metric: overhead <15% and false rejects <1% in testbed.
- Milestone 4: Node economy (blind tickets or quotas) on testnet. Metric: mean settlement time <200 ms, no inter-session linkability.
- Milestone 5: Limited observability and internal metrics dashboard. Metric: no identifiable logs, aggregate-only reporting.
- Core team: defines the specification, accepts critical changes, and publishes recommended parameters.
- Community: open issues, discussions, and PRs for simulations, prototypes, and security reviews.
- Academic collaboration: invitation to labs and privacy groups for co-authored experiments and formal analyses.
- Periodic reviews: quarterly cycles to validate metrics and adjust noise and economy parameters.
- Documentation, specifications, and research materials: CC BY-NC-SA 4.0.
- Simulations, reference implementations, and PoC code: AGPLv3.
- Ethical Commercial License (optional): required for commercial use; forbids surveillance, data resale, tracking, and dark patterns.
- Share and adapt non-commercial material with attribution and the same license type.
- Any network deployment of AGPL code must publish the corresponding source code.
- Commercial use requires a separate agreement under the Ethical Commercial License.
- Open issues with findings, risks, or improvement proposals.
- Well-scoped PRs: simulations, routing prototypes, metrics, or documentation.
- Avoid introducing identifiable telemetry or closed-source dependencies.
PROTOCOL/: AORP, hybrid routing, packet formats.THREAT_MODEL.md: adversaries and limits.DESIGN_GOALS.md: principles and target metrics.SIMULATIONS/: scripts and test scenarios.ABSTRACT.md,PAPER.md,COMPARISONS/,REFERENCES.md: academic context.CONTRIBUTING.md: collaboration guide.
Taior is experimental research. It has not been audited or validated for production anonymity. Use only with lab expectations and explicit risk evaluation.