Skip to content

Commit 6359d23

Browse files
TotallyNotK0TotallyNotK0
authoredAug 9, 2025
Betanet 1.0 Specification
·
1.11.0
1 parent 2bcea0a commit 6359d23

File tree

1 file changed

+293
-2
lines changed

1 file changed

+293
-2
lines changed
 

‎README.md

Lines changed: 293 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,293 @@
1-
# betanet
2-
The official specification for Betanet.
1+
# Betanet Version 1.0 – Official Implementation Specification
2+
3+
> **Normative document.** All requirements marked **MUST**, **MUST NOT**, or **SHALL** are mandatory for compliance.
4+
5+
---
6+
7+
## 0 Status & Scope
8+
9+
Betanet is a fully decentralised, censorship-resistant network intended to replace the public Internet.
10+
The design eliminates single points of failure, disguises itself as ordinary HTTPS, and makes selective blocking economically or politically prohibitive.
11+
12+
---
13+
14+
## 1 General Encoding Rules
15+
16+
* Multi-byte integers: **unsigned big-endian**.
17+
* `varint`: QUIC variable-length integer (RFC 9000 §16).
18+
* Unless stated, all sizes are in bytes.
19+
* Binary examples use hexadecimal.
20+
21+
---
22+
23+
## 2 Cryptography
24+
25+
| Purpose | Primitive |
26+
| ------------------------------- | -------------------------------------------------- |
27+
| Hash | **SHA-256** (32 B) |
28+
| AEAD | **ChaCha20-Poly1305** (IETF, 12-B nonce, 16-B tag) |
29+
| KDF | **HKDF-SHA256** |
30+
| Signatures | **Ed25519** |
31+
| Diffie–Hellman | **X25519** |
32+
| Post-quantum hybrid<sup>†</sup> | **X25519-Kyber768** (draft-ietf-pqtls-00) |
33+
34+
> †Offering the hybrid ciphersuite is **MUST** after *2027-01-01*.
35+
36+
---
37+
38+
## 3 Layer Model
39+
40+
| Layer | Function |
41+
| ------ | ----------------------------------------------------------- |
42+
| **L0** | Access media (any IP bearer: fibre, 5 G, sat, LoRa, etc.) |
43+
| **L1** | Path selection & routing (SCION + IP-transition header) |
44+
| **L2** | Cover transport (HTX over TCP-443 / QUIC-443) |
45+
| **L3** | Overlay mesh (libp2p-v2 object relay) |
46+
| **L4** | Optional privacy hop (Nym mixnet) |
47+
| **L5** | Naming & trust (self-certifying IDs + 3-chain alias ledger) |
48+
| **L6** | Payments (federated Cashu + Lightning) |
49+
| **L7** | Applications |
50+
51+
---
52+
53+
## 4 Path Layer (L1)
54+
55+
### 4.1 SCION Packet Header
56+
57+
```
58+
0 1 2 3
59+
+-------+-------+-------+-------+
60+
|Ver=0x2|Reserved| Type |
61+
+-------------------------------+
62+
| Total Header Length |
63+
+-------------------------------+
64+
| Payload Length |
65+
+-------------------------------+
66+
| Path Segment 0 … |
67+
+-------------------------------+
68+
```
69+
70+
* **Ver** MUST be `0x02`.
71+
* **Type** MUST be `0x01` (single path) or `0x03` (path list).
72+
* Each AS-hop signature in every segment **MUST** verify before forwarding; otherwise drop.
73+
74+
### 4.2 IP-Transition Header
75+
76+
For links without native SCION support, prepend:
77+
78+
```
79+
+-------+-------------------------------------------------+
80+
| ID=0xF1 | 64-B Ed25519 sig over (prev-AS ‖ next-AS) |
81+
+-------+-------------------------------------------------+
82+
```
83+
84+
Gateways **MUST** verify and strip this header when re-entering a SCION-capable segment.
85+
86+
### 4.3 Path Maintenance
87+
88+
End hosts **MUST** maintain **≥ 3** disjoint validated paths to every peer and switch within **300 ms** of failure detection.
89+
90+
---
91+
92+
## 5 Cover Transport (L2) — HTX
93+
94+
### 5.1 Outer TLS 1.3 Handshake
95+
96+
* Client **MUST** mimic Chrome Stable (N-2) using uTLS rules.
97+
* **ECH** is attempted first; fallback is silent.
98+
* ALPN probabilities: `h3` 70 %, `h2` 25 %, `http/1.1` 5 %.
99+
* Hybrid ciphersuite (Kyber768) **MUST** be present once the date criterion is met.
100+
101+
### 5.2 Access-Ticket Bootstrap
102+
103+
1. The server’s decoy site embeds `ticketPub` (32-B X25519 public key, Base64URL).
104+
2. Client generates `ticketPriv`, computes `sharedSecret = X25519(ticketPriv, ticketPub)`.
105+
3. Client picks 32-B random `nonce32`.
106+
4. `accessTicket = HKDF(sharedSecret, "betanet-ticket", nonce32, 32)`.
107+
5. Client sends
108+
109+
```
110+
GET /bootstrap HTTP/1.1
111+
Host: <front-domain>
112+
x-px-ticket: <Base64URL(accessTicket)>
113+
```
114+
6. If ticket matches current UTC hour, server proceeds; else serves only decoy content.
115+
116+
### 5.3 Noise *XK* Handshake & Inner Keys
117+
118+
Unchanged from §2 .3 of prior draft: derive `K_inner = HKDF-Expand-Label(TLS-Exporter, "htx inner", "", 32)`.
119+
AEAD nonce: **96-bit little-endian counter** (wrap ≈2⁹⁶-1 frames).
120+
121+
### 5.4 Inner Frame Format
122+
123+
```c
124+
struct Frame {
125+
uint24 length; // ciphertext length (excl. tag)
126+
uint8 type; // 0=STREAM, 1=PING, 2=CLOSE
127+
varint stream_id; // present if type==STREAM
128+
uint8[] ciphertext;
129+
}
130+
```
131+
132+
* Client streams use **odd** `stream_id`; server streams **even**.
133+
* Flow-control window: **65 535 B**; `WINDOW_UPDATE` frames substitute when 50 % consumed.
134+
135+
### 5.5 HTTP/2 Behaviour Emulation
136+
137+
| Frame | Requirement |
138+
| -------------- | ----------------------------- |
139+
| SETTINGS | Within 30 ms of stream 0 open |
140+
| WINDOW\_UPDATE | When ≥ 50 % of window used |
141+
| PING | Every 15 s ± 3 s |
142+
| PRIORITY | On ≈1 % of connections |
143+
144+
Idle padding: if no DATA for 512 ± 128 ms, send dummy 1 KiB encrypted DATA.
145+
146+
### 5.6 UDP Variant
147+
148+
* Attempt QUIC v1 on UDP-443 + MASQUE `CONNECT-UDP`.
149+
* On failure, retry TCP within **500 ms**.
150+
151+
---
152+
153+
## 6 Overlay Mesh (L3)
154+
155+
### 6.1 Peer Identity
156+
157+
`PeerID =` multihash `0x12 0x20 || SHA-256(pubkey)`.
158+
159+
### 6.2 Transports
160+
161+
```
162+
/betanet/htx/1.0.0 (TCP-443)
163+
/betanet/htxquic/1.0.0 (QUIC-443)
164+
/betanet/webrtc/1.0.0 (optional)
165+
```
166+
167+
### 6.3 Bootstrap Discovery
168+
169+
The client **MUST** keep trying methods **a → e** until ≥ 5 peers respond:
170+
171+
| Order | Method | Central infra? |
172+
| ----- | ------------------------------------------------------------------ | ------------------- |
173+
| a | **Deterministic DHT**: 32 synthetic IDs `SHA256("betanet-seed-i")` | No |
174+
| b | **mDNS** service `_betanet._udp` | No |
175+
| c | **Bluetooth LE** UUID `0xB7A7` | No |
176+
| d | Onion v3 list (signed, mirrored via IPFS) | Minimal |
177+
| e | DNS fallback list | Yes (fallback only) |
178+
179+
### 6.4 Block Exchange
180+
181+
* CID =`multihash(SHA-256(content))`.
182+
* Bitswap-v2 on `/betanet/bitswap/2.1.0`.
183+
* Requester **SHOULD** open ≥ 3 parallel streams on distinct SCION paths.
184+
185+
---
186+
187+
## 7 Privacy Layer (L4)
188+
189+
### 7.1 Modes
190+
191+
| Mode | Requirement |
192+
| ---------------------- | ------------------------------------- |
193+
| **strict** | Every stream through ≥ 3 Nym hops |
194+
| **balanced** (default) | ≥ 1 hop until peer-trust ≥ 0.8 |
195+
| **performance** | No mixnet unless dest label `.mixreq` |
196+
197+
### 7.2 Mixnode Selection
198+
199+
`seed = SHA256(srcPeerID || dstPeerID || unixHour)`
200+
— used as VRF input to pick hops.
201+
202+
---
203+
204+
## 8 Naming & Trust (L5)
205+
206+
### 8.1 Self-Certifying ID
207+
208+
```
209+
betanet://<hex SHA-256(service-pubkey)>[/resource]
210+
```
211+
212+
Verify that the peer’s presented pubkey hashes to the ID.
213+
214+
### 8.2 Human-Readable Alias Ledger
215+
216+
A record is valid **only if** identical payload appears at the same height on at least **2 of 3** chains:
217+
218+
* **Handshake** Layer-1
219+
* **Filecoin FVM**
220+
* **Ethereum L2 “Raven-Names”**
221+
222+
Re-orgs deeper than 12 blocks are ignored.
223+
224+
Record format (UTF-8):
225+
226+
```
227+
betanet1 pk=<hex32> sig=<base64sig> exp=<unixSec>
228+
```
229+
230+
---
231+
232+
## 9 Payment System (L6)
233+
234+
### 9.1 Federated Cashu Mints
235+
236+
* Each mint = FROST-Ed25519 **(n ≥ 5, t = 3)** group.
237+
* Keyset ID =`SHA-256(sorted pubkeys)`.
238+
* Relays **MUST** accept vouchers from any announced keyset (topic `betanet.mints`).
239+
240+
Voucher (64 B): `secret32 || aggregatedSig32`.
241+
242+
### 9.2 Settlement
243+
244+
Relays **MAY** redeem ≥ 10 000 sat via their own Lightning node or swap with peers.
245+
Vouchers never leave encrypted streams.
246+
247+
---
248+
249+
## 10 Governance & Versioning (L7)
250+
251+
### 10.1 Node Uptime Score
252+
253+
```
254+
score = log2(1 + seconds_uptime / 86 400) // capped at 16
255+
```
256+
257+
### 10.2 Voting Power
258+
259+
```
260+
vote_weight = uptime_score + log10(total_ecash_staked / 1 000 sat + 1)
261+
```
262+
263+
A version proposal passes when
264+
265+
```
266+
Σ weight(ACK) ≥ 0.67 × Σ weight(all_reachable_nodes)
267+
```
268+
269+
### 10.3 Upgrade Delay
270+
271+
After threshold reached, activation waits **≥ 30 days**.
272+
Raven Development Team publishes a time-lock hash of the final spec text.
273+
274+
---
275+
276+
## 11 Compliance Summary
277+
278+
An implementation is **compliant** if it:
279+
280+
1. Implements HTX over TCP-443 **and** QUIC-443 with TLS 1.3 mimic + ECH.
281+
2. Uses rotating access tickets (§5.2).
282+
3. Encrypts inner frames with ChaCha20-Poly1305, 24-bit length, 96-bit nonce.
283+
4. Maintains ≥ 3 signed SCION paths **or** attaches a valid IP-transition header.
284+
5. Offers `/betanet/htx/1.0.0` **and** `/betanet/htxquic/1.0.0` transports.
285+
6. Implements deterministic DHT seed bootstrap.
286+
7. Verifies alias ledger with 2-of-3 chain consensus.
287+
8. Accepts Cashu vouchers from federated mints & supports Lightning settlement.
288+
9. Builds reproducibly and publishes **SLSA 3** provenance.
289+
10. Presents X25519-Kyber768 suites once the mandatory date is reached.
290+
291+
---
292+
293+
## 12 End of Betanet Specification 1.0

0 commit comments

Comments
 (0)
Please sign in to comment.