1 files changed, 308 insertions, 0 deletions
diff --git a/doc/documentation/chapters/keyconcepts.texi b/doc/documentation/chapters/keyconcepts.texi
new file mode 100644
index 000000000..55f79f1c7
--- /dev/null
+++ b/doc/documentation/chapters/keyconcepts.texi
@@ -0,0 +1,308 @@
+@cindex Key Concepts
+@node Key Concepts
+@chapter Key Concepts
+In this section, the fundamental concepts of GNUnet are explained.
+@c FIXME: Use @uref{https://docs.gnunet.org/bib/, research papers}
+@c once we have the new bibliography + subdomain setup.
+Most of them are also described in our research papers.
+First, some of the concepts used in the GNUnet framework are detailed.
+The second part describes concepts specific to anonymous file-sharing.
+@menu
+* Authentication::
+* Accounting to Encourage Resource Sharing::
+* Confidentiality::
+* Anonymity::
+* Deniability::                       
+* Peer Identities::
+* Zones in the GNU Name System (GNS Zones)::
+* Egos::
+@end menu
+@cindex Authentication
+@node Authentication
+@section Authentication
+Almost all peer-to-peer communications in GNUnet are between mutually
+authenticated peers. The authentication works by using ECDHE, that is a
+DH (Diffie---Hellman) key exchange using ephemeral elliptic curve
+cryptography. The ephemeral ECC (Elliptic Curve Cryptography) keys are
+signed using ECDSA (@uref{http://en.wikipedia.org/wiki/ECDSA, ECDSA}).
+The shared secret from ECDHE is used to create a pair of session keys
+@c FIXME: Long word for HKDF. More FIXMEs: Explain MITM etc.
+(using HKDF) which are then used to encrypt the communication between the
+two peers using both 256-bit AES (Advanced Encryption Standard)
+and 256-bit Twofish (with independently derived secret keys).
+As only the two participating hosts know the shared secret, this
+authenticates each packet
+without requiring signatures each time. GNUnet uses SHA-512
+(Secure Hash Algorithm) hash codes to verify the integrity of messages.
+@c FIXME: A while back I got the feedback that I should try and integrate
+@c explanation boxes in the long-run. So we could explain
+@c "man-in-the-middle" and "man-in-the-middle attacks" and other words
+@c which are not common knowledge. MITM is not common knowledge. To be
+@c selfcontained, we should be able to explain words and concepts used in
+@c a chapter or paragraph without hinting at Wikipedia and other online
+@c sources which might not be available or accessible to everyone.
+@c On the other hand we could write an introductionary chapter or book
+@c that we could then reference in each chapter, which sound like it
+@c could be more reusable.
+In GNUnet, the identity of a host is its public key. For that reason,
+man-in-the-middle attacks will not break the authentication or accounting
+goals. Essentially, for GNUnet, the IP of the host has nothing to do with
+the identity of the host. As the public key is the only thing that truly
+matters, faking an IP, a port or any other property of the underlying
+transport protocol is irrelevant. In fact, GNUnet peers can use
+multiple IPs (IPv4 and IPv6) on multiple ports --- or even not use the
+IP protocol at all (by running directly on layer 2).
+@c FIXME: "IP protocol" feels wrong, but could be what people expect, as
+@c IP is "the number" and "IP protocol" the protocol itself in general
+@c knowledge?
+@c NOTE: For consistency we will use @code{HELLO}s throughout this Manual.
+GNUnet uses a special type of message to communicate a binding between
+public (ECC) keys to their current network address. These messages are
+commonly called @code{HELLO}s or @code{peer advertisements}.
+They contain the public key of the peer and its current network
+addresses for various transport services.
+A transport service is a special kind of shared library that
+provides (possibly unreliable, out-of-order) message delivery between
+peers.
+For the UDP and TCP transport services, a network address is an IP and a
+port.
+GNUnet can also use other transports (HTTP, HTTPS, WLAN, etc.) which use
+various other forms of addresses. Note that any node can have many
+different active transport services at the same time,
+and each of these can have a different addresses.
+Binding messages expire after at most a week (the timeout can be
+shorter if the user configures the node appropriately).
+This expiration ensures that the network will eventually get rid of
+outdated advertisements.
+@footnote{Ronaldo A. Ferreira, Christian Grothoff, and Paul Ruth.
+A Transport Layer Abstraction for Peer-to-Peer Networks
+Proceedings of the 3rd International Symposium on Cluster Computing
+and the Grid (GRID 2003), 2003.
+(@uref{https://gnunet.org/git/bibliography.git/plain/docs/transport.pdf, https://gnunet.org/git/bibliography.git/plain/docs/transport.pdf})}
+@cindex Accounting to Encourage Resource Sharing
+@node Accounting to Encourage Resource Sharing
+@section Accounting to Encourage Resource Sharing
+Most distributed P2P networks suffer from a lack of defenses or
+precautions against attacks in the form of freeloading.
+While the intentions of an attacker and a freeloader are different, their
+effect on the network is the same; they both render it useless.
+Most simple attacks on networks such as @command{Gnutella}
+involve flooding the network with traffic, particularly
+with queries that are, in the worst case, multiplied by the network.
+In order to ensure that freeloaders or attackers have a minimal impact
+on the network, GNUnet's file-sharing implementation (@code{FS} tries
+to distinguish good (contributing) nodes from malicious (freeloading)
+nodes. In GNUnet, every file-sharing node keeps track of the behavior
+of every other node it has been in contact with. Many requests
+(depending on the application) are transmitted with a priority (or
+importance) level.  That priority is used to establish how important
+the sender believes this request is. If a peer responds to an
+important request, the recipient will increase its trust in the
+responder: the responder contributed resources.  If a peer is too busy
+to answer all requests, it needs to prioritize.  For that, peers do
+not take the priorities of the requests received at face value.
+First, they check how much they trust the sender, and depending on
+that amount of trust they assign the request a (possibly lower)
+effective priority. Then, they drop the requests with the lowest
+effective priority to satisfy their resource constraints. This way,
+GNUnet's economic model ensures that nodes that are not currently
+considered to have a surplus in contributions will not be served if
+the network load is high.
+@footnote{Christian Grothoff. An Excess-Based Economic Model for Resource
+Allocation in Peer-to-Peer Networks. Wirtschaftsinformatik, June 2003.
+(@uref{https://gnunet.org/git/bibliography.git/plain/docs/ebe.pdf, https://gnunet.org/git/bibliography.git/plain/docs/ebe.pdf})}
+@c 2009?
+@cindex Confidentiality
+@node Confidentiality
+@section Confidentiality
+Adversaries (malicious, bad actors) outside of GNUnet are not supposed
+to know what kind of actions a peer is involved in. Only the specific
+neighbor of a peer that is the corresponding sender or recipient of a
+message may know its contents, and even then application protocols may
+place further restrictions on that knowledge.  In order to ensure
+confidentiality, GNUnet uses link encryption, that is each message
+exchanged between two peers is encrypted using a pair of keys only
+known to these two peers.  Encrypting traffic like this makes any kind
+of traffic analysis much harder. Naturally, for some applications, it
+may still be desirable if even neighbors cannot determine the concrete
+contents of a message.  In GNUnet, this problem is addressed by the
+specific application-level protocols. See for example the following
+sections @pxref{Anonymity}, @pxref{How file-sharing achieves Anonymity},
+and @pxref{Deniability}.
+@cindex Anonymity
+@node Anonymity
+@section Anonymity
+@menu
+* How file-sharing achieves Anonymity::
+@end menu
+Providing anonymity for users is the central goal for the anonymous
+file-sharing application. Many other design decisions follow in the
+footsteps of this requirement.
+Anonymity is never absolute. While there are various
+scientific metrics@footnote{Claudia Díaz, Stefaan Seys, Joris Claessens,
+and Bart Preneel. Towards measuring anonymity.
+2002.
+(@uref{https://gnunet.org/git/bibliography.git/plain/docs/article-89.pdf, https://gnunet.org/git/bibliography.git/plain/docs/article-89.pdf})}
+that can help quantify the level of anonymity that a given mechanism
+provides, there is no such thing as "complete anonymity".
+GNUnet's file-sharing implementation allows users to select for each
+operation (publish, search, download) the desired level of anonymity.
+The metric used is the amount of cover traffic available to hide the
+request.
+While this metric is not as good as, for example, the theoretical metric
+given in scientific metrics@footnote{likewise},
+it is probably the best metric available to a peer with a purely local
+view of the world that does not rely on unreliable external information.
+The default anonymity level is @code{1}, which uses anonymous routing but
+imposes no minimal requirements on cover traffic. It is possible
+to forego anonymity when this is not required. The anonymity level of
+@code{0} allows GNUnet to use more efficient, non-anonymous routing.
+@cindex How file-sharing achieves Anonymity
+@node How file-sharing achieves Anonymity
+@subsection How file-sharing achieves Anonymity
+Contrary to other designs, we do not believe that users achieve strong
+anonymity just because their requests are obfuscated by a couple of
+indirections. This is not sufficient if the adversary uses traffic
+analysis.
+The threat model used for anonymous file sharing in GNUnet assumes that
+the adversary is quite powerful.
+In particular, we assume that the adversary can see all the traffic on
+the Internet. And while we assume that the adversary
+can not break our encryption, we assume that the adversary has many
+participating nodes in the network and that it can thus see many of the
+node-to-node interactions since it controls some of the nodes. 
+The system tries to achieve anonymity based on the idea that users can be
+anonymous if they can hide their actions in the traffic created by other
+users.
+Hiding actions in the traffic of other users requires participating in the
+traffic, bringing back the traditional technique of using indirection and
+source rewriting. Source rewriting is required to gain anonymity since
+otherwise an adversary could tell if a message originated from a host by
+looking at the source address. If all packets look like they originate
+from one node, the adversary can not tell which ones originate from that
+node and which ones were routed.
+Note that in this mindset, any node can decide to break the
+source-rewriting paradigm without violating the protocol, as this
+only reduces the amount of traffic that a node can hide its own traffic
+in.
+If we want to hide our actions in the traffic of other nodes, we must make
+our traffic indistinguishable from the traffic that we route for others.
+As our queries must have us as the receiver of the reply
+(otherwise they would be useless), we must put ourselves as the receiver
+of replies that actually go to other hosts; in other words, we must
+indirect replies.
+Unlike other systems, in anonymous file-sharing as implemented on top of
+GNUnet we do not have to indirect the replies if we don't think we need
+more traffic to hide our own actions.
+This increases the efficiency of the network as we can indirect less under
+higher load.@footnote{Krista Bennett and Christian Grothoff.
+GAP --- practical anonymous networking. In Proceedings of
+Designing Privacy Enhancing Technologies, 2003.
+(@uref{https://gnunet.org/git/bibliography.git/plain/docs/aff.pdf, https://gnunet.org/git/bibliography.git/plain/docs/aff.pdf})}
+@cindex Deniability
+@node Deniability
+@section Deniability
+Even if the user that downloads data and the server that provides data are
+anonymous, the intermediaries may still be targets. In particular, if the
+intermediaries can find out which queries or which content they are
+processing, a strong adversary could try to force them to censor
+certain materials. 
+With the file-encoding used by GNUnet's anonymous file-sharing, this
+problem does not arise.
+The reason is that queries and replies are transmitted in
+an encrypted format such that intermediaries cannot tell what the query
+is for or what the content is about.  Mind that this is not the same
+encryption as the link-encryption between the nodes.  GNUnet has
+encryption on the network layer (link encryption, confidentiality,
+authentication) and again on the application layer (provided
+by @command{gnunet-publish}, @command{gnunet-download},
+@command{gnunet-search} and @command{gnunet-gtk}).
+@footnote{Christian Grothoff, Krista Grothoff, Tzvetan Horozov,
+and Jussi T. Lindgren.
+An Encoding for Censorship-Resistant Sharing.
+2009.
+(@uref{https://gnunet.org/git/bibliography.git/plain/docs/ecrs.pdf, https://gnunet.org/git/bibliography.git/plain/docs/ecrs.pdf})}
+@cindex Peer Identities
+@node Peer Identities
+@section Peer Identities
+Peer identities are used to identify peers in the network and are unique
+for each peer. The identity for a peer is simply its public key, which is
+generated along with a private key the peer is started for the first time.
+While the identity is binary data, it is often expressed as ASCII string.
+For example, the following is a peer identity as you might see it in
+various places:
+@example
+UAT1S6PMPITLBKSJ2DGV341JI6KF7B66AC4JVCN9811NNEGQLUN0
+@end example
+@noindent
+You can find your peer identity by running @command{gnunet-peerinfo -s}.
+@cindex Zones in the GNU Name System (GNS Zones)
+@node Zones in the GNU Name System (GNS Zones)
+@section Zones in the GNU Name System (GNS Zones)
+@c FIXME: Explain or link to an explanation of the concept of public keys
+@c and private keys.
+@c FIXME: Rewrite for the latest GNS changes.
+GNS@footnote{Matthias Wachs, Martin Schanzenbach, and Christian Grothoff.
+A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name
+System. In proceedings of 13th International Conference on Cryptology and
+Network Security (CANS 2014). 2014.
+@uref{https://gnunet.org/git/bibliography.git/plain/docs/gns2014wachs.pdf, https://gnunet.org/git/bibliography.git/plain/docs/gns2014wachs.pdf}}
+zones are similar to those of DNS zones, but instead of a hierarchy of
+authorities to governing their use, GNS zones are controlled by a private
+key.
+When you create a record in a DNS zone, that information is stored in your
+nameserver. Anyone trying to resolve your domain then gets pointed
+(hopefully) by the centralised authority to your nameserver.
+Whereas GNS, being fully decentralized by design, stores that information
+in DHT. The validity of the records is assured cryptographically, by
+signing them with the private key of the respective zone.
+Anyone trying to resolve records in a zone of your domain can then verify
+the signature of the records they get from the DHT and be assured that
+they are indeed from the respective zone.
+To make this work, there is a 1:1 correspondence between zones and
+their public-private key pairs.
+So when we talk about the owner of a GNS zone, that's really the owner of
+the private key.
+And a user accessing a zone needs to somehow specify the corresponding
+public key first.
+@cindex Egos
+@node Egos
+@section Egos
+@c what is the difference between peer identity and egos? It seems
+@c like both are linked to public-private key pair.
+Egos are your "identities" in GNUnet. Any user can assume multiple
+identities, for example to separate their activities online. Egos can
+correspond to "pseudonyms" or "real-world identities". Technically an
+ego is first of all a key pair of a public- and private-key.

diff --git a/doc/documentation/chapters/keyconcepts.texi b/doc/documentation/chapters/keyconcepts.texi new file mode 100644 index 000000000..55f79f1c7 --- /dev/null +++ b/doc/documentation/chapters/keyconcepts.texi
@@ -0,0 +1,308 @@
	1
	2	@cindex Key Concepts
	3	@node Key Concepts
	4	@chapter Key Concepts
	5
	6	In this section, the fundamental concepts of GNUnet are explained.
	7	@c FIXME: Use @uref{https://docs.gnunet.org/bib/, research papers}
	8	@c once we have the new bibliography + subdomain setup.
	9	Most of them are also described in our research papers.
	10	First, some of the concepts used in the GNUnet framework are detailed.
	11	The second part describes concepts specific to anonymous file-sharing.
	12
	13	@menu
	14	* Authentication::
	15	* Accounting to Encourage Resource Sharing::
	16	* Confidentiality::
	17	* Anonymity::
	18	* Deniability::
	19	* Peer Identities::
	20	* Zones in the GNU Name System (GNS Zones)::
	21	* Egos::
	22	@end menu
	23
	24	@cindex Authentication
	25	@node Authentication
	26	@section Authentication
	27
	28	Almost all peer-to-peer communications in GNUnet are between mutually
	29	authenticated peers. The authentication works by using ECDHE, that is a
	30	DH (Diffie---Hellman) key exchange using ephemeral elliptic curve
	31	cryptography. The ephemeral ECC (Elliptic Curve Cryptography) keys are
	32	signed using ECDSA (@uref{http://en.wikipedia.org/wiki/ECDSA, ECDSA}).
	33	The shared secret from ECDHE is used to create a pair of session keys
	34	@c FIXME: Long word for HKDF. More FIXMEs: Explain MITM etc.
	35	(using HKDF) which are then used to encrypt the communication between the
	36	two peers using both 256-bit AES (Advanced Encryption Standard)
	37	and 256-bit Twofish (with independently derived secret keys).
	38	As only the two participating hosts know the shared secret, this
	39	authenticates each packet
	40	without requiring signatures each time. GNUnet uses SHA-512
	41	(Secure Hash Algorithm) hash codes to verify the integrity of messages.
	42
	43	@c FIXME: A while back I got the feedback that I should try and integrate
	44	@c explanation boxes in the long-run. So we could explain
	45	@c "man-in-the-middle" and "man-in-the-middle attacks" and other words
	46	@c which are not common knowledge. MITM is not common knowledge. To be
	47	@c selfcontained, we should be able to explain words and concepts used in
	48	@c a chapter or paragraph without hinting at Wikipedia and other online
	49	@c sources which might not be available or accessible to everyone.
	50	@c On the other hand we could write an introductionary chapter or book
	51	@c that we could then reference in each chapter, which sound like it
	52	@c could be more reusable.
	53	In GNUnet, the identity of a host is its public key. For that reason,
	54	man-in-the-middle attacks will not break the authentication or accounting
	55	goals. Essentially, for GNUnet, the IP of the host has nothing to do with
	56	the identity of the host. As the public key is the only thing that truly
	57	matters, faking an IP, a port or any other property of the underlying
	58	transport protocol is irrelevant. In fact, GNUnet peers can use
	59	multiple IPs (IPv4 and IPv6) on multiple ports --- or even not use the
	60	IP protocol at all (by running directly on layer 2).
	61	@c FIXME: "IP protocol" feels wrong, but could be what people expect, as
	62	@c IP is "the number" and "IP protocol" the protocol itself in general
	63	@c knowledge?
	64
	65	@c NOTE: For consistency we will use @code{HELLO}s throughout this Manual.
	66	GNUnet uses a special type of message to communicate a binding between
	67	public (ECC) keys to their current network address. These messages are
	68	commonly called @code{HELLO}s or @code{peer advertisements}.
	69	They contain the public key of the peer and its current network
	70	addresses for various transport services.
	71	A transport service is a special kind of shared library that
	72	provides (possibly unreliable, out-of-order) message delivery between
	73	peers.
	74	For the UDP and TCP transport services, a network address is an IP and a
	75	port.
	76	GNUnet can also use other transports (HTTP, HTTPS, WLAN, etc.) which use
	77	various other forms of addresses. Note that any node can have many
	78	different active transport services at the same time,
	79	and each of these can have a different addresses.
	80	Binding messages expire after at most a week (the timeout can be
	81	shorter if the user configures the node appropriately).
	82	This expiration ensures that the network will eventually get rid of
	83	outdated advertisements.
	84	@footnote{Ronaldo A. Ferreira, Christian Grothoff, and Paul Ruth.
	85	A Transport Layer Abstraction for Peer-to-Peer Networks
	86	Proceedings of the 3rd International Symposium on Cluster Computing
	87	and the Grid (GRID 2003), 2003.
	88	(@uref{https://gnunet.org/git/bibliography.git/plain/docs/transport.pdf, https://gnunet.org/git/bibliography.git/plain/docs/transport.pdf})}
	89
	90	@cindex Accounting to Encourage Resource Sharing
	91	@node Accounting to Encourage Resource Sharing
	92	@section Accounting to Encourage Resource Sharing
	93
	94	Most distributed P2P networks suffer from a lack of defenses or
	95	precautions against attacks in the form of freeloading.
	96	While the intentions of an attacker and a freeloader are different, their
	97	effect on the network is the same; they both render it useless.
	98	Most simple attacks on networks such as @command{Gnutella}
	99	involve flooding the network with traffic, particularly
	100	with queries that are, in the worst case, multiplied by the network.
	101
	102	In order to ensure that freeloaders or attackers have a minimal impact
	103	on the network, GNUnet's file-sharing implementation (@code{FS} tries
	104	to distinguish good (contributing) nodes from malicious (freeloading)
	105	nodes. In GNUnet, every file-sharing node keeps track of the behavior
	106	of every other node it has been in contact with. Many requests
	107	(depending on the application) are transmitted with a priority (or
	108	importance) level. That priority is used to establish how important
	109	the sender believes this request is. If a peer responds to an
	110	important request, the recipient will increase its trust in the
	111	responder: the responder contributed resources. If a peer is too busy
	112	to answer all requests, it needs to prioritize. For that, peers do
	113	not take the priorities of the requests received at face value.
	114	First, they check how much they trust the sender, and depending on
	115	that amount of trust they assign the request a (possibly lower)
	116	effective priority. Then, they drop the requests with the lowest
	117	effective priority to satisfy their resource constraints. This way,
	118	GNUnet's economic model ensures that nodes that are not currently
	119	considered to have a surplus in contributions will not be served if
	120	the network load is high.
	121	@footnote{Christian Grothoff. An Excess-Based Economic Model for Resource
	122	Allocation in Peer-to-Peer Networks. Wirtschaftsinformatik, June 2003.
	123	(@uref{https://gnunet.org/git/bibliography.git/plain/docs/ebe.pdf, https://gnunet.org/git/bibliography.git/plain/docs/ebe.pdf})}
	124	@c 2009?
	125
	126	@cindex Confidentiality
	127	@node Confidentiality
	128	@section Confidentiality
	129
	130	Adversaries (malicious, bad actors) outside of GNUnet are not supposed
	131	to know what kind of actions a peer is involved in. Only the specific
	132	neighbor of a peer that is the corresponding sender or recipient of a
	133	message may know its contents, and even then application protocols may
	134	place further restrictions on that knowledge. In order to ensure
	135	confidentiality, GNUnet uses link encryption, that is each message
	136	exchanged between two peers is encrypted using a pair of keys only
	137	known to these two peers. Encrypting traffic like this makes any kind
	138	of traffic analysis much harder. Naturally, for some applications, it
	139	may still be desirable if even neighbors cannot determine the concrete
	140	contents of a message. In GNUnet, this problem is addressed by the
	141	specific application-level protocols. See for example the following
	142	sections @pxref{Anonymity}, @pxref{How file-sharing achieves Anonymity},
	143	and @pxref{Deniability}.
	144
	145	@cindex Anonymity
	146	@node Anonymity
	147	@section Anonymity
	148
	149	@menu
	150	* How file-sharing achieves Anonymity::
	151	@end menu
	152
	153	Providing anonymity for users is the central goal for the anonymous
	154	file-sharing application. Many other design decisions follow in the
	155	footsteps of this requirement.
	156	Anonymity is never absolute. While there are various
	157	scientific metrics@footnote{Claudia Díaz, Stefaan Seys, Joris Claessens,
	158	and Bart Preneel. Towards measuring anonymity.
	159	2002.
	160	(@uref{https://gnunet.org/git/bibliography.git/plain/docs/article-89.pdf, https://gnunet.org/git/bibliography.git/plain/docs/article-89.pdf})}
	161	that can help quantify the level of anonymity that a given mechanism
	162	provides, there is no such thing as "complete anonymity".
	163	GNUnet's file-sharing implementation allows users to select for each
	164	operation (publish, search, download) the desired level of anonymity.
	165	The metric used is the amount of cover traffic available to hide the
	166	request.
	167	While this metric is not as good as, for example, the theoretical metric
	168	given in scientific metrics@footnote{likewise},
	169	it is probably the best metric available to a peer with a purely local
	170	view of the world that does not rely on unreliable external information.
	171	The default anonymity level is @code{1}, which uses anonymous routing but
	172	imposes no minimal requirements on cover traffic. It is possible
	173	to forego anonymity when this is not required. The anonymity level of
	174	@code{0} allows GNUnet to use more efficient, non-anonymous routing.
	175
	176	@cindex How file-sharing achieves Anonymity
	177	@node How file-sharing achieves Anonymity
	178	@subsection How file-sharing achieves Anonymity
	179
	180	Contrary to other designs, we do not believe that users achieve strong
	181	anonymity just because their requests are obfuscated by a couple of
	182	indirections. This is not sufficient if the adversary uses traffic
	183	analysis.
	184	The threat model used for anonymous file sharing in GNUnet assumes that
	185	the adversary is quite powerful.
	186	In particular, we assume that the adversary can see all the traffic on
	187	the Internet. And while we assume that the adversary
	188	can not break our encryption, we assume that the adversary has many
	189	participating nodes in the network and that it can thus see many of the
	190	node-to-node interactions since it controls some of the nodes.
	191
	192	The system tries to achieve anonymity based on the idea that users can be
	193	anonymous if they can hide their actions in the traffic created by other
	194	users.
	195	Hiding actions in the traffic of other users requires participating in the
	196	traffic, bringing back the traditional technique of using indirection and
	197	source rewriting. Source rewriting is required to gain anonymity since
	198	otherwise an adversary could tell if a message originated from a host by
	199	looking at the source address. If all packets look like they originate
	200	from one node, the adversary can not tell which ones originate from that
	201	node and which ones were routed.
	202	Note that in this mindset, any node can decide to break the
	203	source-rewriting paradigm without violating the protocol, as this
	204	only reduces the amount of traffic that a node can hide its own traffic
	205	in.
	206
	207	If we want to hide our actions in the traffic of other nodes, we must make
	208	our traffic indistinguishable from the traffic that we route for others.
	209	As our queries must have us as the receiver of the reply
	210	(otherwise they would be useless), we must put ourselves as the receiver
	211	of replies that actually go to other hosts; in other words, we must
	212	indirect replies.
	213	Unlike other systems, in anonymous file-sharing as implemented on top of
	214	GNUnet we do not have to indirect the replies if we don't think we need
	215	more traffic to hide our own actions.
	216
	217	This increases the efficiency of the network as we can indirect less under
	218	higher load.@footnote{Krista Bennett and Christian Grothoff.
	219	GAP --- practical anonymous networking. In Proceedings of
	220	Designing Privacy Enhancing Technologies, 2003.
	221	(@uref{https://gnunet.org/git/bibliography.git/plain/docs/aff.pdf, https://gnunet.org/git/bibliography.git/plain/docs/aff.pdf})}
	222
	223	@cindex Deniability
	224	@node Deniability
	225	@section Deniability
	226
	227	Even if the user that downloads data and the server that provides data are
	228	anonymous, the intermediaries may still be targets. In particular, if the
	229	intermediaries can find out which queries or which content they are
	230	processing, a strong adversary could try to force them to censor
	231	certain materials.
	232
	233	With the file-encoding used by GNUnet's anonymous file-sharing, this
	234	problem does not arise.
	235	The reason is that queries and replies are transmitted in
	236	an encrypted format such that intermediaries cannot tell what the query
	237	is for or what the content is about. Mind that this is not the same
	238	encryption as the link-encryption between the nodes. GNUnet has
	239	encryption on the network layer (link encryption, confidentiality,
	240	authentication) and again on the application layer (provided
	241	by @command{gnunet-publish}, @command{gnunet-download},
	242	@command{gnunet-search} and @command{gnunet-gtk}).
	243	@footnote{Christian Grothoff, Krista Grothoff, Tzvetan Horozov,
	244	and Jussi T. Lindgren.
	245	An Encoding for Censorship-Resistant Sharing.
	246	2009.
	247	(@uref{https://gnunet.org/git/bibliography.git/plain/docs/ecrs.pdf, https://gnunet.org/git/bibliography.git/plain/docs/ecrs.pdf})}
	248
	249	@cindex Peer Identities
	250	@node Peer Identities
	251	@section Peer Identities
	252
	253	Peer identities are used to identify peers in the network and are unique
	254	for each peer. The identity for a peer is simply its public key, which is
	255	generated along with a private key the peer is started for the first time.
	256	While the identity is binary data, it is often expressed as ASCII string.
	257	For example, the following is a peer identity as you might see it in
	258	various places:
	259
	260	@example
	261	UAT1S6PMPITLBKSJ2DGV341JI6KF7B66AC4JVCN9811NNEGQLUN0
	262	@end example
	263
	264	@noindent
	265	You can find your peer identity by running @command{gnunet-peerinfo -s}.
	266
	267	@cindex Zones in the GNU Name System (GNS Zones)
	268	@node Zones in the GNU Name System (GNS Zones)
	269	@section Zones in the GNU Name System (GNS Zones)
	270
	271	@c FIXME: Explain or link to an explanation of the concept of public keys
	272	@c and private keys.
	273	@c FIXME: Rewrite for the latest GNS changes.
	274	GNS@footnote{Matthias Wachs, Martin Schanzenbach, and Christian Grothoff.
	275	A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name
	276	System. In proceedings of 13th International Conference on Cryptology and
	277	Network Security (CANS 2014). 2014.
	278	@uref{https://gnunet.org/git/bibliography.git/plain/docs/gns2014wachs.pdf, https://gnunet.org/git/bibliography.git/plain/docs/gns2014wachs.pdf}}
	279	zones are similar to those of DNS zones, but instead of a hierarchy of
	280	authorities to governing their use, GNS zones are controlled by a private
	281	key.
	282	When you create a record in a DNS zone, that information is stored in your
	283	nameserver. Anyone trying to resolve your domain then gets pointed
	284	(hopefully) by the centralised authority to your nameserver.
	285	Whereas GNS, being fully decentralized by design, stores that information
	286	in DHT. The validity of the records is assured cryptographically, by
	287	signing them with the private key of the respective zone.
	288
	289	Anyone trying to resolve records in a zone of your domain can then verify
	290	the signature of the records they get from the DHT and be assured that
	291	they are indeed from the respective zone.
	292	To make this work, there is a 1:1 correspondence between zones and
	293	their public-private key pairs.
	294	So when we talk about the owner of a GNS zone, that's really the owner of
	295	the private key.
	296	And a user accessing a zone needs to somehow specify the corresponding
	297	public key first.
	298
	299	@cindex Egos
	300	@node Egos
	301	@section Egos
	302
	303	@c what is the difference between peer identity and egos? It seems
	304	@c like both are linked to public-private key pair.
	305	Egos are your "identities" in GNUnet. Any user can assume multiple
	306	identities, for example to separate their activities online. Egos can
	307	correspond to "pseudonyms" or "real-world identities". Technically an
	308	ego is first of all a key pair of a public- and private-key.