I2P is an anonymous communication system based on P2P, on which a variety of secure anonymous programs are running, and the supported applications include anonymous Web browsing, blogging, email, online chat, file sharing, etc. Different from other anonymous access tools, I2P separates the intermediate node and the target node through different tunnels, that is, it is not a secret that a certain node runs I2P, the secret is what message the node user sent through the I2P anonymous network, the message to whom.
The core of I2P anonymity is garlic routing (a variant of onion routing), which encrypts and packages multiple messages layer by layer, and then reaches the target node after being decrypted layer by layer through the transmission tunnel.
The I2P system consists of three parts: local client, I2P node, and network database.
(1) I2P encryption process
As shown in the figure, I2P performs three layers of encryption on the communication information during the communication process:
① "Garlic" encryption (ElGamal/SessionTag+AES): Encrypt the message from user Alice to user Bob, such as the message from a to h; ②Tunnel
encryption (private key AES): encrypt the message from the tunnel entry node to the tunnel exit node, such as Messages from a to d, e to h;
③Transmission encryption (DH/STS+AES): encrypt messages between communication tunnel nodes, such as messages from a to b, b to c.
(2) The topology of I2P
There are two types of nodes, Floodfill and Nonfloodfill, in I2P. Nonfloodfill is the default initial identity of a node. When the performance of the node meets certain requirements, it will become a Floodfill node adaptively, or it can be manually configured to become a Floodfill node. The number of Floodfill nodes in I2P accounts for about 6% of the total. The Floodfill node saves two types of data information, RouterInfo and LeaseSet, among which RouterInfo includes node ID, communication protocol and port, public key, signature, update time and other information, and LeaseSet includes hidden service hash value and hash value information of multiple tunnel entry nodes , start and end valid time, signature and other information. And organize all Floodfil nodes according to the Kademlia algorithm to form an I2P network database (network database, netDB) to provide functions such as saving and querying all RouterInfo and LeaseSet information.
