Enhancement: strategic consideration of censorship-resistant node startup and inter-node discovery

[crProductGuy]

Description

I love Iron Fish's high prioritization of usability, accessibility, and easy node discovery on a standard port using (currently) a single bootstrap node, but it concerns me about vulnerability to actors who wish to block crypto, especially privacy coins.

It may be that with appropriate technology additions, we could have adequately easy node discovery and censorship-resistance.

I believe that it would give Iron Fish more competitive advantages and reasons for rapid adoption.

Why? Thinking about the global shift away from cash and some recent situations of financial repression, I think there is merit in a different balance of ease-of-discovery vs. resistance to firewalling or other communications blocking attempts. It would strengthen and balance Iron Fish's other privacy and security benefits.

Call to action: I'd advocate for the team to consider this as part of the longer term roadmap and contingency plans. I'm guessing you've already thought some about it.

How? There must be some ingenious methods of dynamic network and application behavior that could still enable predictable node startup and inter-node discovery, yet resist static port blocks or even dynamic firewall algorithms. This may not be needed yet, but it could be worth considering for an upgradeable modular connection library.

Gem: Specifically for crypto comms, I found this article from 2018 that proposes a concept and method that directly addresses the censorship problem: https://eprint.iacr.org/2018/454.pdf.

Here are some concepts from other fields that may provide other inspirations.

1. Spread spectrum RF communication, where communications do not depend on one predictable static frequency slot (analogous to a single a TCP or UDP port and DNS name for the bootstrap node), but rather use frequency-hopping and time-sequencing techniques as well as the addition of pseudo-noise.

These enable communications to penetrate RF loss, interference, or jamming. The actress Hedy Lamarr conceived of this during WWII and won patents for it. https://www.arkansasonline.com/news/2012/jan/22/actress-composer-pioneered-spread-spectru-20120122/ Tech references: https://www.eetimes.com/tutorial-on-spread-spectrum-technology/ https://www.sciencedirect.com/topics/engineering/spread-spectrum-communications

Network-domain inspirations I'd draw from this are pseudo-random port-hopping behavior for initial peer discovery and longer-lived peer-peer connections, using encryption and other techniques to foil deep packet inspection (DP) and modified intrusion prevention systems (IPS) from being able to successfully detect and block traffic.

2. Qualcomm's CDMA patents digitized and took the spread spectrum concepts to another level. They revolutionized the resilience and security of mobile phone communications. There might be additional inspirations to be found in that technology.

Encryption is intrinsic to securing 4G and 5G mobile communications, so again there may be helpful parallels and takeaways. Iron Fish might even be able to generate patents as a competitive moat vs. other privacy-oriented cryptos.

3. Another digital example of unpredictability is address space layout randomization (ASLR) in OSs to resist certain security threats. See https://www.techtarget.com/searchsecurity/definition/address-space-layout-randomization-ASLR.

It's not directly applicable to communications, but the point is that randomness can be very useful, and Iron Fish already has randomization components that could be re-used.

Other reasons for system-level robustness and resilience:

• Outages or other kinds of disruptions.
• There may be future take-down attempts or network-startup-prevention attempts across borders or within regions.
• Recovery of the network or reconnection of fragments of the network will be important in the real world.
• Examples of disruptors are natural disasters, kinetic or cyber-warfare

For all of these, shielded dynamic peer-peer node discovery would be valuable (no central bootstrap node needed).

Note that TLS 1.3 is blocked in China and to/from China. You have to downgrade to TLS 1.2 for connections to be allowed.

I like the recent enhancement to cache node neighbors for quick restart of multiple connections. Maybe that's another area to continue to enhance. I'd be happy to discuss further.

A stronger future: I believe there's high potential to make Iron Fish even more robust and dependable, and the go-to unstoppable privacy coin!

Thank you for your consideration of this idea.

ProductGuy