分布式P2P网络中的识别

Question

SCENARIO: a P2P distributed network in which users connect by a DHT. They identify themselves by a hexadecimal 76-character string.

PROBLEM: users need to choose their own ID, not have a really long and random one assigned to them. And with security in mind, the network needs to remain 100% distributed, so servers with pubkey:username aren't possible.

POSSIBLE SOLUTION: distributed databases. However, how can we guarantee the uniqueness of the username? A blockchain à la bitcoin isn't a possibility because downloading gigabytes of data also isn't user friendly and also not useful for dynamic content.

POSSIBLE SOLUTION: Distributed file systems such as Tahoe-LAFS. Extremely complicated and overkill, not easily or cleanly implemented.

So, the issue is having user-friendliness and security/distribution at the same time.

Any ideas?

Answer 1

So the question is - do you assume the users to be friendly or evil? That means - do you assume, the users will try to steal each others IDs or if you tell them that such an ID is already taken, they will accept it and simply choose another?

When you assume friendliness of the users, you could simply use a DHT and generate a dummy entry for each user name or user id. This way you can check easily if such an entry already exists or not and also create it. This shouldn't allow any duplicate entries (when the DHT is written properly).

When you assume that users will try to impersonate others, than you need much stronger security mechanisms and should probably go for GnuPG or other PGP or PPK (Public Private Key) implementations. That is - to my knowledge - the simplest decentralised way to ensure someones identity. However in that case you'd need to store the public keys of the user.