This article was originally published on The Daily Chain, 7th January 2020.
The Loki Review with The Wizards from Oz
Loki is as mischievous as the Norse god after which it is named.
Loki is the Norse god of trickery, which is partially how we attain privacy in our system, through obfuscation. It’s also ‘low key’ — a pun that we thought works quite well
Simon Harman, Loki CEO, September 2019
This is a sponsored article. To learn more see here.
If one were to include a glossary of terms for a review of Loki it would likely take longer to read than the review itself.
We could discuss Loki’s ancestry as a fork of Monero and describe the cryptographical sleight-of-hand trick that is the use of ring signatures to obfuscate transaction inputs, like a game of thimblerig. But we wont.
Ring signatures work by constructing a ring of possible signers to a transaction where only one of the signers is the actual sender.
We could talk about the mysterious origins of the CryptoNote protocol on which Monero and hundreds of other coins are based, and how esoteric terms like Stealth Addresses and Bulletproofs have improved upon that work by CryptoNote’s anonymous creator Nicolas van Saberhagen. Many paragraphs could be written on Proof-of-Work mining algorithms and the seemingly futile pursuit of ASIC resistance. But they won’t be.
When examining Loki lineage we could even talk about DASH, a fork of Bitcoin, and its invention of staking Masternodes in a two-tier Proof-of-Work/Proof-of-Stake hybrid.
A writer might then dip into some history and spice things up by documenting the bitter rivalry between the DASH and Monero communities, despite their common purpose, and note how Loki has mischievously combined their powers. For there are more ways than one to skin a cat, and as it turns out more ways than one to peel an onion.
Of course we could then cite examples of how Loki has improved upon the features of its cryptocurrency forebears. The most obvious example being a fixed ring signature size of 10, meaning that in Loki’s game of thimblerig there are only ever 10 cups used. This is done because a man playing thimblerig with an unusually large number of cups stands out from the crowd (ring sizes and transactions are viewable in CryptoNote explorers even though balances and addresses are not), and a man playing thimblerig with only 3 cups will surely not hide his ball very well.
Yes it is true Loki is a fork of Monero and yes, like DASH, Loki uses a hybrid PoS/PoW consensus mechanism and has its equivalent to Masternodes which it calls Service Nodes. But that’s the boring part and we won’t linger on these subjects.
Loki gets really interesting when we begin to understand how these Service Nodes are used, and to understand that we must look at Loki’s other competitive ancestors, Tor (The Onion Router) and I2P (Invisible Internet Project).
Loki is a privacy network which will allow users to transact and communicate privately over the internet, providing a suite of tools to help maintain the maximum amount of anonymity possible while browsing, transacting and communicating online.
If you hold enough Loki you can setup a staking Service Node which route and store encrypted messages, and power Lokinet and the decentralized and trustless applications on the Loki network, known as SNApps. Loki has created a new routing protocol called Low Latency Anonymous Routing Protocol or LLARP for short
Underlying all applications for Service Nodes is an anonymous routing protocol, which defines the way each Service Node communicates with its peers. Loki proposes a new routing protocol called LLARP which is designed as a hybrid between Tor and I2P to provide additional desirable properties versus any existing routing protocol.
The staking Service Nodes (SN) act as full nodes in validating transactions for the Proof-of-Work (PoW) miners thus making Loki a hybrid consensus protocol. The Loki ledger is secured by PoW miners and contains an automatically updating list of available Service Nodes. In turn the SN carry a DHT (Distributed Hash Table) which provides clients with a complete view of the network nodes in order to privately route data across a circuit of randomly picked nodes in the network. LLARP is designed as an anonymous layer in the OSI model and can handle any kind of traffic including UDP packets commonly used in VoIP
The costs associated with setting up Service Nodes makes Loki more resilient to Sybil attack than either Tor or I2P where an attacker need only spin up lots of nodes at nominal expense to begin performing traffic analysis.
“Traffic analysis is the process of passively collecting data on the movement of packets across a network, when traffic analysis is conducted effectively it can be used to deanonymize users even when they are using onion routing networks, and one of the factors that increases effectiveness is the percentage of the network nodes you own and can watch” elaborates Kee, Loki CTO and Co-Founder
When nodes operate in a trustless environment without a centralised leader enforcing over arching rules, maintaining proper node behaviour on the network becomes difficult. Although Service Nodes in Loki must hold the correct collateral requirement, they may choose to not route traffic or store data in their memory pools. Because this option is financially beneficial (using less bandwidth/CPU cycles/storage), a system of distributed flagging must be proposed to remove underperforming nodes.
How to eliminate bad actors in a trustless P2P network like Lokinet? Tor does so with directory authorities which are centralized servers run by people close to the Tor foundation. Loki improves upon this centralized model with a truly decentralized approach.
Essentially a small group of 10 Service Nodes is picked at random in a deterministic way for every block mined. These 10 nodes then run a suite of tests on the nodes around them (Bandwidth Test , Message Storage Test, Blockchain Storage Test , Exit Node Test) and nodes who are found to be misbehaving are penalized by having their SN status revoked and their staking rewards locked for 30 days.
The idea of Loki was to prevent increased intrusion into peoples personal lives by corporations and state level actors , we have always thought about these threats when designing the technical details of the system
Kee Jeffreys, Loki CTO
game theory (n.)
the branch of mathematics concerned with the analysis of strategies for dealing with competitive situations where the outcome of a participant’s choice of action depends critically on the actions of other participants. Game theory has been applied to contexts in war, business, and biology.
In addition to the complex implementation of this breakthrough solution there comes a lot of game theory. Kee Jeffreys shared with me two documents which attest to the research Loki has made in this field.
The commissioned paper is entitled Cryptoeconomics of the Loki network. Quoting from the end of the paper commissioned by Loki and written by Brendan Markey-Towler of the RMIT Blockchain Innovation Hub and School of Economics, University of Queensland:
5 Conclusion: solutions to Loki’s cryptoeconomic problem
Loki is a Blockchain network oriented toward the provision of privacy-preserving services over a network of service nodes. The salient cryptoeconomic problem we addressed here was how to incentivise service nodes in a manner compatible with the objectives of the Loki network, in particular decentralisation and privacy. We used cryptoeconomic game theory to characterise this problem and formulate a solution to the design problem.
Onion routing networks (Lokinet vs Tor vs I2P )
Lokinet wraps data packets with multiple layers of encryption as they pass through a randomly selected circuit of nodes. This design is very similar to Tor (The Onion Router) and can be visualized in the diagram below.
I spoke with Jeff, the Lokinet Lead Dev
“I worked on i2pd for like 2 years for free, then i got an email from loki offering my dream job. I have a lot of other i2p related stuff on my github, among other things. Before loki I basically sold my soul to free software for 5 years.”
Elaborating on Lokinet’s Tor-like routing Jeff told me:
“We use xchacha20 with nonces that are xored at each hop with the hash of the hop’s ephemeral secret. that way it’s harder to correlate paths by the nonce. The hop secret is generated by an ephemeral key exchange and on top of that is another layer of encryption for SNApps which uses blake2 ( ntru || curve25519). So it’s got a little bit of quantum resistance in SNApp layer.”
Lokinet supports hidden web services? I asked Jeff
Yes, it’s an encrypted authenticated IP transit network using onion routing as the mechanism for securing it. So anything using IP can be done over SNApps. Even GRE, I tried it and it works (GRE is for ip tunnels). You can do super cool stuff with it — so it’s not just web, it’s anything that speaks IP: tcp/udp/icmp/gre/[insert obscure ip protocol here]. This is probably a huge freaking deal.
Jeff, Lokinet Lead Dev
Jeff was kind enough to make a short video demonstrating the impressive speed of Lokinet.
The creators of Lokinet feel their design improves upon other mixnets like Tor and I2P in a variety of ways.
- Tor relies on 10 hard-coded directory authorities which are centralized servers run by people close to the Tor foundation. These servers monitor node behavior and inform users joining Tor where to go to route their data. This is known as the Tor consensus file.
- Tor only supports TCP and lacks support for UDP packets, commonly used in VoIP, and other types of data packet.
- I2P’s design allows any client joining the network to route traffic. This slows the network down as each connection can only be as fast as the slowest node in the path.
- I2P defaults with support for only 1 hard-coded exit node to access the Internet. Few users setup exit nodes and I2P is more commonly used for private torrents and internal P2P. Tor is faster and more popular as an anonymous web proxy.
- I2P development has not been smooth and employs outdated cryptography which performs slowly in contrast to elliptic curve operations. The project started in 2003 and still has no easy to use tools
Both I2P and Tor have not fully mitigated Sybil attacks. A sufficiently motivated attacker that has enough time and capital to buy large amounts of relays can perform temporal analysis which undermines user privacy.
“In Lokinet, we operate on the IP instead of the application layer, which greatly simplifies integration. We also do not have directory authorities, as because each of the relays in Lokinet are staked nodes, they are able to self organise and regulate node quality by using quorums. Thirdly, having staked nodes allows us to enforce minimum standards across the network, so that we can force the network to scale with demand.”
I think people underestimate how powerful Loki Messenger could become. There are so many features to be added, and so much privacy centric utility that it’ll have that others don’t. There’s also the Lokinet browser, and a bunch of integrations. I think the thing that a lot of crypto analysts miss is that the development milestones are less relevant than actual user numbers. Crypto has become a graveyard of basically dead products, but little attention is paid to this. We aim to have some fairly substantial user growth by the end of 2020, and that is what will make or break the project.
Simon Harman, Loki CEO
Loki Messenger is a fork of Signal, the private messaging app by Moxie Marlinspikee. In the same way that Lokinet improves upon the design of Tor so too Loki Messenger improves upon Signal in two key ways
- Messages are not stored on a centralized server. Rather the messages are distributed and stored across SN’s and deleted from those servers in a user-definable period of time
- Unlike Signal there is no requirement to attach a phone number to the application
Loki Messenger works extremely well and was the app I used to chat with Simon Harman, Loki CEO, who has published his public key on his twitter account. As Simon explained as we chatted over Loki Messenger:
“Loki Messenger is a fork of Signal, so it maintains the same end to end encryption, but unlike signal, does not require your phone number to work, masks your IP address at all times using Lokinet, and has no central server which can be used to build graphs of who is talking to who, either actively by Signal or passively by timing analysis.”
Simon Harman, Loki CEO
Lokinet and Loki Messenger are completely free to download and use. No Loki tokens need to be staked, no transaction fees are incurred for using either. You don’t need any Loki to use these tools!
Most blockchain projects use a fee-for-service model to prevent abuse and spamming. However Loki has borrowed from Hashcash and Nano and instead opted to require a small proof-of-work before sending messages or data across the network. The result are tools that can be used without expense or hurdle to the end user which offer a significant advantage over competing products.
Thanks to the trustless security provided by Service Nodes, Loki has an instant payment system in which funds can be sent without PoW confirmations much like DASH’s InstantX which relies on Masternodes to accomplish the same feat. Blink is very well documented and I asked Kee how Blink differs from InstantX.
“It’s essentially the same thing, with Service Nodes locking transactions before they are included in the blockchain. However with Loki those transactions are fully private, unlike in Dash, Blink transactions have all the normal properties that any Loki/Monero transaction has so its instant AND private.”
The Wizards from Oz
It is a little known fact that Loki was born in Melbourne, Australia. It is I who has affectionately named its parents The Wizards from Oz
Simon Harman, Loki CEO, now barely in his 20’s, was modding Minecraft at 14, developing websites professionally by 16, and was an events manager for 3 years prior to Loki. Simon explained the start of Loki.
“Kee, Chris, Josh and I set out on this journey at first. It was an opportunity that we seized thanks to an offer of some seed funding. A friend of ours in the local blockchain community reached out and offered to help us kick the project off once we’d been formulating it for a couple of months. The four of us and some others were regulars at the local blockchain meetup and over several months of discussing Monero and privacy and other issues, eventually it evolved into the basis for the concept of Loki. We’ve always been inspired by the work of the Tor project, Bitcoin, Monero, and other decentralised technologies helping to give users more control over their data and wealth.
Recruitment is something that we’ve always had very strict control over. Hiring is one of the most critical tasks in any startup, and we pride ourselves in our rigorous selection process. As the vision has grown, so too has the need for excellent people, and I’m very proud to say that we’ve built a A tier team.”
Simon is rightfully proud of Loki’s hires. Jeff is one of the many experienced developers Loki has brought on-board. Others include Doyle Thai, Beau Campbell-Brown, Ryan Tharp, Tom Winget (of Monero fame), Maxim Shishmarev, Mikunj Varsani, Michael Thorpe, Niels Andriesse, Sacha and Jason. Additionally Loki has hired marketing and operations specialists, whose profiles are all linked on the team page on the Loki website. All this has been paid for with the funds from the private Loki sale of 2018, after which there was a Loki airdrop in May of the same year.
Johnathan Ross, a Loki researcher explained his motivation for joining Loki. “I’m an Australian born tech enthusiast, who studied engineering at University. When first hearing about cryptocurrencies I deep dived immediately and after doing research I found the two most important features of money are ownership and privacy. To help people maintain their ownership of their cryptocurrencies I founded Coinstop.io, Australia’s leading Hardware Wallet Distributor. In our physical world, privacy is a considered at the utmost of importance, this is why our houses are built with doors that lock and curtains over our windows.”
I’d hate to imagine a world where companies can spy on us through our windows and aim to manipulate us into consuming products based on the highest bidder our information. This is where I find my personal motivation to build a privacy focused project such as a Loki, Loki puts the curtains over your digital windows.
Johnathan Ross, Loki Researcher
I would be remiss if I forgot to complement the Loki team on the unbelievably detailed yet easy-to-navigate documentation on their website. It is quite superb, and their published papers just as accomplished. If other projects want to learn how to properly document their technology then look no further than Loki’s website.
A very strong team now galvanizes the four tenacious, highly professional and gifted young Australians who birthed Loki not so many moons ago. Loki Messenger, a more decentralized Signal, is out now for Android and iOS and totally free to use. Lokinet, a more decentralized Tor is in beta but is live, working and also completely free to use. It is immediately apparent when using Loki products how much talent and energy has gone into creating these remarkable privacy tools, and I doubt there is another project in this space which has come to such fruition with the extraordinary combination of so many different technologies.
Thanks to Simon Harman, Kee, Jeffreys, Johnathan Ross and Jeff (notjeff) for spending time to help out with this review