Oddbean new post about login | logout One question for nostr:nprofile1qythwumn8ghj7cnfw33k76twv4ezuum0vd5kzmp0qythwumn8ghj7un9d3shjtnswf5k6ctv9ehx2ap0qyd8wumn8ghj7erpwd5zumt0vd4kjmn809hh2tnrdakj7qgcwaehxw309ahx7um5wghxsetvd9hkgetc9e3kvtcprfmhxue69uhhqctfvshxummnw3exjenfv4jzummjvuhsqgynpn80zgmjm5h3vptul320pk7egv6a3dgmfcnnwgmtqr9twx8umyel8dkf : what is the problem of having a small DHT? If the BitTorrent DHT works super well as you say, why wouldn't it work if it was exactly the same, but smaller (with just Nostr clients) and done with secp256k1?
hyperdht is smaller and additional benefits 1. used by keet and pear runtime 2. protects against eclipse attack 3. has best in industry holepunching built in pear runtime as dat started out with bittorrent mainline dht too, but moved on because of issues related to holepunching and eclipse attacks that cant be fixed in bittorrent mainline, because it wpuld be a breaking change and bittorrent mainline is too widely distributed. the scale of mainline is much less helpful when it cokes to eclipse attacks and smaller size is sometimes as secure because of the additional sybil eclipse attack protection. anyway - would recommend to talk to the pear runtime team at holepunch. hyperdht is the most advanced and modern dht i am aware of and would definitely recommend 🙂
At the extreme a small DHT can be thought of as a list of relays but worse because you allow anyone to join that list dynamically and without permission. So all it takes to disrupt that list is to: 1. create many more sybil nodes than honest ones 2. spam/DDoS the honest nodes to make them less responsive and probably an attacker will try both for maximum effect. a small DHT has less capacity than a large one all things being equal, the effect of churn is much more disruptive, but more importantly much more vulnerable. You say a DHT of Nostr clients, but that needs using upnp or asking users to manually open ports, other wise clients are useless and only dedicated servers can count. Bittorrent provides a robust and proven supply of nodes willing to do that, because it had it is product market fit and there is no sign of that fading away. If you think the risk of hardcoded relays not being enough (relays get abandoned, or overwhelmed, or censored) is low, then you should favor that over a small DHT.
a large DHT without eclipse attack protection can be worse than a smaller DHT with eclipse atrqck protection. Wthout an attacker can occupy a specific area of the DHT with relatively few sock puppet nodes. With the protection the cant attack specific areas and need to just spam the entire DHT nodes to eventually attack the DHT keys they are interested in. Also, if every DHT node supported holepunching and assisted new nodes with holepunching as well, things become a lot more useful. The sybill attack mitigation and the assisted distributed holepunching is both supported by hyperdht which the pear and bare runtime use. Would be cool to bundle it with a nostr node. If all nostr nodes supported it, it would improve the resistance against the sybil attacks by an order of magnitude more than with other DHTs like bittorrent mainline
"If the BitTorrent DHT works super well as you say" No, it _does_ work super well, and it is not about what I say, you can verify it yourself, you can use it, you can stress test it, and you can inspect it deeply to see that there are no smokes or mirrors or shortcuts, and we keep going out of our way to make that easier. https://github.com/pubky/mainline Being a skeptic is fine, being a skeptic that refuses acknowledge or examine the evidence is weird, because why be both apathetic and skeptic at the same time? Apathy is sufficient. nostr:note12krsnpu8yfvl0vpj57qtm4eutyzvk803depk7u5ymtqh6rfeqmksxdyfe4