|
1 | | -# Betanet Version 1.0 – Official Implementation Specification |
| 1 | +# Betanet Version 1.0 – Official Implementation Specification |
2 | 2 |
|
3 | 3 | > **Normative document.** All requirements marked **MUST**, **MUST NOT**, or **SHALL** are mandatory for compliance. |
4 | 4 |
|
@@ -14,7 +14,7 @@ The design eliminates single points of failure, disguises itself as ordinary HTT |
14 | 14 | ## 1 General Encoding Rules |
15 | 15 |
|
16 | 16 | * Multi-byte integers: **unsigned big-endian**. |
17 | | -* `varint`: QUIC variable-length integer (RFC 9000 §16). |
| 17 | +* `varint`: QUIC variable-length integer (RFC 9000 §16). |
18 | 18 | * Unless stated, all sizes are in bytes. |
19 | 19 | * Binary examples use hexadecimal. |
20 | 20 |
|
@@ -28,10 +28,10 @@ The design eliminates single points of failure, disguises itself as ordinary HTT |
28 | 28 | | AEAD | **ChaCha20-Poly1305** (IETF, 12-B nonce, 16-B tag) | |
29 | 29 | | KDF | **HKDF-SHA256** | |
30 | 30 | | Signatures | **Ed25519** | |
31 | | -| Diffie–Hellman | **X25519** | |
32 | | -| Post-quantum hybrid<sup>†</sup> | **X25519-Kyber768** (draft-ietf-pqtls-00) | |
| 31 | +| Diffie–Hellman | **X25519** | |
| 32 | +| Post-quantum hybrid<sup>†</sup> | **X25519-Kyber768** (draft-ietf-pqtls-00) | |
33 | 33 |
|
34 | | -> †Offering the hybrid ciphersuite is **MUST** after *2027-01-01*. |
| 34 | +> † Offering the hybrid ciphersuite is **MUST** after *2027-01-01*. |
35 | 35 |
|
36 | 36 | --- |
37 | 37 |
|
@@ -63,7 +63,7 @@ The design eliminates single points of failure, disguises itself as ordinary HTT |
63 | 63 | +-------------------------------+ |
64 | 64 | | Payload Length | |
65 | 65 | +-------------------------------+ |
66 | | -| Path Segment 0 … | |
| 66 | +| Path Segment 0 … | |
67 | 67 | +-------------------------------+ |
68 | 68 | ``` |
69 | 69 |
|
@@ -77,19 +77,19 @@ For links without native SCION support, prepend: |
77 | 77 |
|
78 | 78 | ``` |
79 | 79 | +-------+-------------------------------------------------+ |
80 | | -| ID=0xF1 | 64-B Ed25519 sig over (prev-AS ‖ next-AS) | |
| 80 | +| ID=0xF1 | 64-B Ed25519 sig over (prev-AS ‖ next-AS) | |
81 | 81 | +-------+-------------------------------------------------+ |
82 | 82 | ``` |
83 | 83 |
|
84 | 84 | Gateways **MUST** verify and strip this header when re-entering a SCION-capable segment. |
85 | 85 |
|
86 | 86 | ### 4.3 Path Maintenance |
87 | 87 |
|
88 | | -End hosts **MUST** maintain **≥ 3** disjoint validated paths to every peer and switch within **300 ms** of failure detection. |
| 88 | +End hosts **MUST** maintain **≥ 3** disjoint validated paths to every peer and switch within **300 ms** of failure detection. |
89 | 89 |
|
90 | 90 | --- |
91 | 91 |
|
92 | | -## 5 Cover Transport (L2) — HTX |
| 92 | +## 5 Cover Transport (L2) — HTX |
93 | 93 |
|
94 | 94 | ### 5.1 Outer TLS 1.3 Handshake |
95 | 95 |
|
@@ -100,7 +100,7 @@ End hosts **MUST** maintain **≥ 3** disjoint validated paths to every peer |
100 | 100 |
|
101 | 101 | ### 5.2 Access-Ticket Bootstrap |
102 | 102 |
|
103 | | -1. The server’s decoy site embeds `ticketPub` (32-B X25519 public key, Base64URL). |
| 103 | +1. The server’s decoy site embeds `ticketPub` (32-B X25519 public key, Base64URL). |
104 | 104 | 2. Client generates `ticketPriv`, computes `sharedSecret = X25519(ticketPriv, ticketPub)`. |
105 | 105 | 3. Client picks 32-B random `nonce32`. |
106 | 106 | 4. `accessTicket = HKDF(sharedSecret, "betanet-ticket", nonce32, 32)`. |
@@ -115,8 +115,8 @@ End hosts **MUST** maintain **≥ 3** disjoint validated paths to every peer |
115 | 115 |
|
116 | 116 | ### 5.3 Noise *XK* Handshake & Inner Keys |
117 | 117 |
|
118 | | -Unchanged from §2 .3 of prior draft: derive `K_inner = HKDF-Expand-Label(TLS-Exporter, "htx inner", "", 32)`. |
119 | | -AEAD nonce: **96-bit little-endian counter** (wrap ≈2â¹â¶-1 frames). |
| 118 | +Unchanged from §2 .3 of prior draft: derive `K_inner = HKDF-Expand-Label(TLS-Exporter, "htx inner", "", 32)`. |
| 119 | +AEAD nonce: **96-bit little-endian counter** (wrap ≈2⁹⁶-1 frames). |
120 | 120 |
|
121 | 121 | ### 5.4 Inner Frame Format |
122 | 122 |
|
@@ -137,11 +137,11 @@ struct Frame { |
137 | 137 | | Frame | Requirement | |
138 | 138 | | -------------- | ----------------------------- | |
139 | 139 | | SETTINGS | Within 30 ms of stream 0 open | |
140 | | -| WINDOW\_UPDATE | When ≥ 50 % of window used | |
141 | | -| PING | Every 15 s ± 3 s | |
142 | | -| PRIORITY | On ≈1 % of connections | |
| 140 | +| WINDOW\_UPDATE | When ≥ 50 % of window used | |
| 141 | +| PING | Every 15 s ± 3 s | |
| 142 | +| PRIORITY | On ≈1 % of connections | |
143 | 143 |
|
144 | | -Idle padding: if no DATA for 512 ± 128 ms, send dummy 1 KiB encrypted DATA. |
| 144 | +Idle padding: if no DATA for 512 ± 128 ms, send dummy 1 KiB encrypted DATA. |
145 | 145 |
|
146 | 146 | ### 5.6 UDP Variant |
147 | 147 |
|
@@ -166,7 +166,7 @@ Idle padding: if no DATA for 512 ± 128 ms, send dummy 1 KiB encrypted DATA. |
166 | 166 |
|
167 | 167 | ### 6.3 Bootstrap Discovery |
168 | 168 |
|
169 | | -The client **MUST** keep trying methods **a → e** until ≥ 5 peers respond: |
| 169 | +The client **MUST** keep trying methods **a → e** until ≥ 5 peers respond: |
170 | 170 |
|
171 | 171 | | Order | Method | Central infra? | |
172 | 172 | | ----- | ------------------------------------------------------------------ | ------------------- | |
@@ -180,7 +180,7 @@ The client **MUST** keep trying methods **a → e** until ≥ 5 peers r |
180 | 180 |
|
181 | 181 | * CID =`multihash(SHA-256(content))`. |
182 | 182 | * Bitswap-v2 on `/betanet/bitswap/2.1.0`. |
183 | | -* Requester **SHOULD** open ≥ 3 parallel streams on distinct SCION paths. |
| 183 | +* Requester **SHOULD** open ≥ 3 parallel streams on distinct SCION paths. |
184 | 184 |
|
185 | 185 | --- |
186 | 186 |
|
@@ -190,14 +190,14 @@ The client **MUST** keep trying methods **a → e** until ≥ 5 peers r |
190 | 190 |
|
191 | 191 | | Mode | Requirement | |
192 | 192 | | ---------------------- | ------------------------------------- | |
193 | | -| **strict** | Every stream through ≥ 3 Nym hops | |
194 | | -| **balanced** (default) | ≥ 1 hop until peer-trust ≥ 0.8 | |
| 193 | +| **strict** | Every stream through ≥ 3 Nym hops | |
| 194 | +| **balanced** (default) | ≥ 1 hop until peer-trust ≥ 0.8 | |
195 | 195 | | **performance** | No mixnet unless dest label `.mixreq` | |
196 | 196 |
|
197 | 197 | ### 7.2 Mixnode Selection |
198 | 198 |
|
199 | 199 | `seed = SHA256(srcPeerID || dstPeerID || unixHour)` |
200 | | -— used as VRF input to pick hops. |
| 200 | +— used as VRF input to pick hops. |
201 | 201 |
|
202 | 202 | --- |
203 | 203 |
|
@@ -209,15 +209,15 @@ The client **MUST** keep trying methods **a → e** until ≥ 5 peers r |
209 | 209 | betanet://<hex SHA-256(service-pubkey)>[/resource] |
210 | 210 | ``` |
211 | 211 |
|
212 | | -Verify that the peer’s presented pubkey hashes to the ID. |
| 212 | +Verify that the peer’s presented pubkey hashes to the ID. |
213 | 213 |
|
214 | 214 | ### 8.2 Human-Readable Alias Ledger |
215 | 215 |
|
216 | 216 | A record is valid **only if** identical payload appears at the same height on at least **2 of 3** chains: |
217 | 217 |
|
218 | 218 | * **Handshake** Layer-1 |
219 | 219 | * **Filecoin FVM** |
220 | | -* **Ethereum L2 “Raven-Namesâ€** |
| 220 | +* **Ethereum L2 “Raven-Names”** |
221 | 221 |
|
222 | 222 | Re-orgs deeper than 12 blocks are ignored. |
223 | 223 |
|
@@ -233,15 +233,15 @@ betanet1 pk=<hex32> sig=<base64sig> exp=<unixSec> |
233 | 233 |
|
234 | 234 | ### 9.1 Federated Cashu Mints |
235 | 235 |
|
236 | | -* Each mint = FROST-Ed25519 **(n ≥ 5, t = 3)** group. |
| 236 | +* Each mint = FROST-Ed25519 **(n ≥ 5, t = 3)** group. |
237 | 237 | * Keyset ID =`SHA-256(sorted pubkeys)`. |
238 | 238 | * Relays **MUST** accept vouchers from any announced keyset (topic `betanet.mints`). |
239 | 239 |
|
240 | 240 | Voucher (64 B): `secret32 || aggregatedSig32`. |
241 | 241 |
|
242 | 242 | ### 9.2 Settlement |
243 | 243 |
|
244 | | -Relays **MAY** redeem ≥ 10 000 sat via their own Lightning node or swap with peers. |
| 244 | +Relays **MAY** redeem ≥ 10 000 sat via their own Lightning node or swap with peers. |
245 | 245 | Vouchers never leave encrypted streams. |
246 | 246 |
|
247 | 247 | --- |
@@ -263,12 +263,12 @@ vote_weight = uptime_score + log10(total_ecash_staked / 1 000 sat + 1) |
263 | 263 | A version proposal passes when |
264 | 264 |
|
265 | 265 | ``` |
266 | | -Σ weight(ACK) ≥ 0.67 × Σ weight(all_reachable_nodes) |
| 266 | +Σ weight(ACK) ≥ 0.67 × Σ weight(all_reachable_nodes) |
267 | 267 | ``` |
268 | 268 |
|
269 | 269 | ### 10.3 Upgrade Delay |
270 | 270 |
|
271 | | -After threshold reached, activation waits **≥ 30 days**. |
| 271 | +After threshold reached, activation waits **≥ 30 days**. |
272 | 272 | Raven Development Team publishes a time-lock hash of the final spec text. |
273 | 273 |
|
274 | 274 | --- |
@@ -278,9 +278,9 @@ Raven Development Team publishes a time-lock hash of the final spec text. |
278 | 278 | An implementation is **compliant** if it: |
279 | 279 |
|
280 | 280 | 1. Implements HTX over TCP-443 **and** QUIC-443 with TLS 1.3 mimic + ECH. |
281 | | -2. Uses rotating access tickets (§5.2). |
| 281 | +2. Uses rotating access tickets (§5.2). |
282 | 282 | 3. Encrypts inner frames with ChaCha20-Poly1305, 24-bit length, 96-bit nonce. |
283 | | -4. Maintains ≥ 3 signed SCION paths **or** attaches a valid IP-transition header. |
| 283 | +4. Maintains ≥ 3 signed SCION paths **or** attaches a valid IP-transition header. |
284 | 284 | 5. Offers `/betanet/htx/1.0.0` **and** `/betanet/htxquic/1.0.0` transports. |
285 | 285 | 6. Implements deterministic DHT seed bootstrap. |
286 | 286 | 7. Verifies alias ledger with 2-of-3 chain consensus. |
|
0 commit comments