*** Sagar Acharya [2023-10-14 13:17]:
>So, a network which before transmitting a packet, encrypts it with the recipients' public key and broadcasts it with recipients id as header, say like,
Pay attention that using asymmetric cryptography is pretty CPU consuming
task. Using it for each IP packet (or TCP segment, UDP datagram,
whatever) is pretty harsh.
Moreover if you use modern ECC-based algorithm like curve25519 (that is
magnitudes faster than RSA for example, and has pretty compact public
keys), then take into account that it can not "encrypt" data, but only
to exchange/derive the shared key between the sender and recipient, so
you will have to send ephemeral public key with each packet, that will
also take at least 32 bytes of the payload more. Like "crypto_box" of
NaCl does:
https://nacl.cr.yp.to/box.html
So if you want usable efficiency, in general you have to do some kind of
the handshake, to share the common cryptographic state and then use
efficient symmetric cryptography further, like nearly all transport
protocols do.
Maybe something like Yggdrasil would be interesting to you:
https://yggdrasil-network.github.io/
Each peer has its own public/private keypair and corresponding IPv6
address (from 200::/7 space) is derived from the public key. So you can
directly communicate with the peer knowing that address in advance.
Yggdrasil implementations can discover each other other the multicast IP
network (Ethernet/WiFi) without any additional configuration,
transparently building the meshed interconnected overlay network.
Basically no configuration required (IPv6 link-local addresses should be
always present on network interfaces, link-scope multicast packets will
find Yggdrasil capable nodes nearby) and you can transparently
communicate with each node by its 200::/7 IPv6 address.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: 12AD 3268 9C66 0D42 6967 FD75 CB82 0563 2107 AD8A
Received on Sun Oct 15 2023 - 06:12:26 CEST