IMPORTANT NOTICE: This document is intended for informational purposes only. The views expressed in this document are not, and should not be construed as, investment advice or recommendations. Recipients of this document should do their own due diligence, taking into account their specific financial circumstances, investment objectives and risk tolerance (which are not considered in this document) before investing. This document is not an offer, nor the solicitation of an offer, to buy or sell any of the assets mentioned herein.
A couple of months ago I wrote this analysis of the Orchid Protocol for myself, and with recent news of Orchid raising a huge round of funding I thought I’d publish it. Please let me know what you think and where I may have gone wrong.
Introduction
Sir Tim Berners-Lee, one of the founders of the modern day Internet is quoted as saying, “I imagined the web as an open platform that would allow everyone, everywhere to share information, access opportunities and collaborate across geographic and cultural boundaries.” Unfortunately this vision was only reality during the early days of the web. Today two-thirds of the world’s Internet users live in countries with censored Internet and Internet Service Providers regularly collect and sell browsing data. (Source) To reverse this process the team at Orchid Labs has designed an open-source protocol with the goal of making the Internet free of censorship and surveillance.
The Orchid Protocol is a decentralized network that lets users access the Internet free of censorship, restrictions, and surveillance. Using an overlay network that runs on top of the Internet, Internet traffic on Orchid is routed randomly through a chain of suppliers (called nodes) who sign up to contribute their bandwidth. Users looking to access the Internet free of censorship exchange Orchid Tokens (OCT) for bandwidth via a peer-to-peer exchange, called the Orchid Market.
To keep Internet traffic on Orchid private the Orchid Protocol automatically separates information regarding the traffic’s origin, destination and contents. To accomplish this, traffic is automatically wrapped in layers of encryption and then passed to its destination via a sequence of relay nodes. Each relay decrypts one layer of encryption to reveal where the traffic must be sent next, this process is repeated until the traffic reaches its final destination. No one relay can decrypt every layer because they only have the key for decrypting their specific layer. This makes it impossible for a central authority to tie Internet traffic to a specific user.
The basis of the Orchid Protocol is built on top of WebRTC, a communications protocol that enables real time peer-to-peer communication. WebRTC includes encryption that prevents attackers from using Deep Packet Inspections or Active Probing techniques to determine the contents of Internet traffic. By making Deep Packet and Active Probing techniques ineffective, user of the Orchid Protocol can bypass firewalls.
Another method often used by sophisticated firewalls is timing inference, a technique in which governments analyze packet size, quantity and timing to infer the nature of Internet traffic. Because the timing of encrypted traffic is likely to differ from unencrypted traffic, users living in countries where the government uses timing inference techniques are encouraged to use bandwidth burning. Bandwidth burning is when an Orchid user pays for data to be sent around the network in order to obscure the nature of their Internet traffic. The team is also working on implementing “traffic steganography,” a technique that makes Orchid traffic look like average Internet traffic. (Source) This will likely further strengthen the Orchid Protocol’s ability to bypass firewalls.
Protocol Mechanics
The Orchid Protocol is made up of the following components:
- Suppliers, those selling bandwidth on the Orchid Market.
- Bandwidth Supply, which is determined by the suppliers and directly impacts the price of bandwidth on the Orchid Market.
- Customers, those looking to access the Internet free of censorship and surveillance.
- Orchid Tokens, the medium of exchange used to purchase bandwidth.
- A payment system.
How it Works:
Step One: Suppliers install the Orchid Protocol software and connect their device to the network. During this process:
- Suppliers must perform a series of computations to obtain a Medallion token, which acts as a license to sell bandwidth on the Orchid Market. Suppliers must obtain a new Medallion via the same process every time a new block is added to the Ethereum blockchain.
- Suppliers set the parameters for which sites can be accessed via their device. This protects suppliers from accessing illegal or dangerous websites unknowingly.
Step Two: User’s install the Orchid Protocol software and deposit Orchid Tokens in their wallet. User’s can now access the Internet via Orchid.
Step Three: The Orchid Protocol automatically encrypts and randomly routes user’s Internet traffic to the desired location via a chain of nodes.
Step Four: Orchid tokens are debited from the users wallet as they use Orchid. To facilitate payments between users and nodes, Orchid uses probabilistic micropayments (see payments section).
Payments
The Orchid Protocol uses probabilistic micropayments to facilitate payments between users and bandwidth suppliers. This allows users on the Orchid Market to make arbitrarily small payments without paying high transaction fees or any of the cost associated with setting up a payment channel.
How Payments Work:
- The user deposits Orchid Tokens in an Ethereum smart contract.
- As the user accesses the Internet they continuously issue tickets to each supplier their traffic is routed through. Each ticket proves to the supplier that they have a certain probability of being able to claim their tokens in the smart contract.
- By precisely configuring the probability of winning and the frequency at which tokens are issued, the Orchid Protocol can effectively guarantee that the supplier will be paid.
- If the supplier stops receiving tickets at the specified intervals they can simply stop providing bandwidth to the user.
- If the user stops receiving bandwidth, they simply stop issuing tickets.
- The probability used to determine whether a ticket is a “winning” ticket is not determined by the user or the supplier, that way the odds are not rigged in either’s favor and neither of them can game the system.
Token Utility
The Orchid Protocol’s native token, Orchid Tokens (OCT), is ERC20 compatible and necessary for the functioning of the protocol because it functions as the medium of exchange on the Orchid Network. Users can only use Orchid Tokens to pay bandwidth suppliers for uncensored and anonymous Internet access.
Using a token system within the Orchid Protocol allows for scarce resources, in this case bandwidth to be allocated efficiently and provides an incentive for sellers to join the market and sell additional bandwidth when demand exceeds the current supply. For example, when there is a shortage of bandwidth, instead of forcing all customers to access the Internet via a slow connection, customers can outbid each other for faster Internet speeds. The higher prices paid by customer also works to correct the shortage by luring suppliers into the market with the prospect of higher profits.
The use of a native token also establishes a network effect specific to the Orchid Protocol and creates greater alignment between the network participants. In the case of Orchid, potential appreciation in the value of Orchid Tokens incents early users to grow the user base, and a growing user base attracts more suppliers, which then brings down the costs of bandwidth and in turn attracts more users.
Token Valuation
The market for censorship resistant Internet access is undoubtedly large, Tor has 2 million users (Source), 416 million people use VPNs to access websites blocked in their country (Source), and over two-thirds of the global population’s Internet access is restricted or censored (Source). In China access to Google, Facebook, YouTube, The New York Times, and many other sites are blocked (Source). Russia has begun increasing the level of censorship within their country by incorporating elements of China’s Great Firewall (Source). And numerous Middle Eastern and African countries censor their Internet and media, including Syria, Turkmenistan, Ethiopia, Sudan, Saudi Arabia, the United Arab Emirates, Pakistan, Iran and Bahrain (Source).
Demand for the Orchid Protocol consist of more than just citizens with censored Internet. It also includes individuals who are looking for an additional layer of privacy and individuals who want to stop their Internet Service Providers from collecting and selling their browsing data.
While there are existing competitors (Tor and VPNs) the Orchid Protocol will likely steal market share away from these competitors due to its superior value proposition. VPNs are built upon centralized technology, which means governments can identify the IP address and shut them down. Unlike VPNs, the Orchid Protocol is entirely decentralized which means there is no single point of failure. Through the use of a token system Orchid’s value proposition also surpasses the value proposition of Tor. By offering bandwidth suppliers compensation in the form of Orchid Tokens, the Orchid Protocol becomes a more attractive alternative for suppliers, but also for users because the protocol can now support a greater number of users at faster speeds. The Orchid Protocol is likely to be more attractive to suppliers not only because it offers the compensation, but also because it includes mechanisms that allow suppliers to protect themselves from accessing illegal or dangerous services.
Using the equation of exchange formula I was able to build a model for estimating the value of Orchid Tokens.
Currently, I must rely on several assumptions to estimate the total number of coins in circulation because the Orchid Protocol has not held their ICO or stipulated the terms of their ICO. To fill the gap in my knowledge I assumed 70% of the tokens will be issued at the ICO with the remaining 30% being split between the founders (15%), the foundation (10%) and early investors (5%). To model the rate at which tokens are added to the market I assumed the early investors’ tokens will be held in a 3 year lock-up period, the founders’ tokens will be held in a 4 year lock-up period, and the foundation would sell one thirtieth of their tokens annually. I also assumed a small percentage, 10%, of the Orchid Tokens would be hodl’d and that the number of tokens hodl’d would decrease at a rate of 2% annually. To keep my valuation grounded in the utility value of the Orchid Tokens I intentionally made my estimate of the number of tokens hodl’d conservative.
Given the pervasiveness of censorship I expect 65% of the annual global IP traffic to make up the Orchid Protocol’s total addressable market and given the Orchid Protocol’s superior value proposition and the presence of network effects I expect the Orchid Protocol to capture 80% of this market.
Finally, I estimate one gigabyte of bandwidth on the Orchid Market will cost twenty-five cents. Ultimately the cost per GB of bandwidth will be determined by supply and demand, but I believe twenty-five cents is a nice estimate because it amounts to half of what it would cost to purchase a GB of bandwidth from the average VPN today. (Source)
Based on these variables the discounted future utility value of Orchid Tokens is $3.95.
The model is available here on Google Sheets if you are interested exploring the valuation in detail.
Risks
Shrinking Monetary Base
For most suppliers, I expect there to be zero or very small costs associated with selling bandwidth on the Orchid Market. For this reason, bandwidth prices on the Orchid Market could fall even further below what VPNs charge today. When you couple declining prices with high velocity it is possible that the monetary base necessary to support the Orchid Market shrinks. This would likely cause the price of Orchid Tokens to fall.
Lack of Governance Method and Velocity
Currently, the Orchid protocol lacks any sort of governance method. As a result there is no reason for users to hold Orchid Tokens for extended periods of time. This could result in high velocity and downward price movement. It is also likely that velocity could increases for other reasons. As atomic swaps are developed and possibly baked into protocol design it will be possible for individuals to buy and sell tokens almost immediately.
Additionally, a lack of say in the governance of the Orchid Protocol could also alienate suppliers or user and drive them to another protocol.
Government Ban
If the Orchid Protocol succeeds it will likely be banned by any government that wishes to censor their citizen’s Internet, but given the decentralized nature of the Orchid Protocol it will be very hard for governments to effectively shut it down.
Forks
Because the Orchid Protocol is open source it is possible for another party to fork the source code and replace Orchid Tokens with an existing token or a newly created token. However, copying the Orchid Protocol would likely be futile if Orchid’s network effects had already been established. The new network would lack a strong base of suppliers willing to accept the new token and would have trouble attracting users without a supplier base. Additionally, suppliers on the Orchid Market would have no reason to switch to the new market because all their customers are on the Orchid Market and using Orchid Tokens.
Experimental Technology
The Orchid Protocol is currently in private alpha and undergoing security tests and audits. (Source) In Q1 of 2018 the team plans on offering public beta and open sourcing the Orchid Protocol software. Until then it is hard to determine how secure the protocol is. And given the newness of the technology it is possible that the protocol can be broken in unforeseen ways.
Platform Dependency
Like all tokens built on Ethereum, Orchid Tokens are subject to any security flaws affecting Ethereum. Likewise, if Ethereum can not scale to allow for a greater number of transactions and the network becomes clogged the gas costs necessary for Orchid’s payment method will increase.
Ethereum and WebRTC Traffic
Ethereum gives off an unique network signal that makes Ethereum traffic identifiable. As a result it may be possible for firewall providers to simply block Internet access to all computers running Ethereum and using WebRTC traffic. The Orchid team doesn’t plan on including any methods for disguising the Ethereum traffic in its initial release but does plan on fixing this vulnerability in future versions of the protocol.
Security Precautions
Included in the design of the Orchid Protocol are numerous security measures made to make the protocol resistant to a Sybil, Denial of Service, Quality of Service, Eclipse and Man in the Middle Attacks.
Sybil Attacks
A Sybil Attack is when one user pretends to be multiple users, examples include submitting multiple reviews to Yelp or Etsy. In the case of Orchid if one seller of bandwidth succeeded in pretending to be multiple relay nodes they could observe an individual’s Internet traffic. To prevent Sybil Attacks and ensure a user’s browsing remains private the Orchid Protocol includes a proof of work system to prevent trivial entry into the market. To sell bandwidth on the Orchid Market a seller must perform a series of computations in order to obtain a Medallion, which acts as a license to sell bandwidth on the Orchid Market. These computations must be made every time a new block is added to the Ethereum chain otherwise the Medallion expires and the seller can no longer sell bandwidth. Solving these computations bears costs in the form of computing resources, which add up when Medallions are created in bulk and make launching a Sybil Attack very expensive. However, the difficulty of these computations were designed so the costs of obtaining a single Medallion are minimal. That way non-malicious nodes will face no difficulty joining the network. In addition to the costs of computing resources, the cost of acquiring bandwidth that one then resells on the Orchid Market impose budgetary constraints on attackers as well.
Eclipse Attacks
An Eclipse Attack occurs when the attacker gains control of a node’s access to information regarding the peer to peer network. After hijacking a node’s access to information an attacker can force a node to only communicate with malicious nodes and feed the good nodes false information. If a malicious actor was able to eclipse a buyer they could direct the buyer’s Internet traffic to a subnetwork of the Orchid Market made up entirely of malicious nodes who intend to censor or collude to analyze browsing activity. To prevent the development of malicious subnetworks nodes can’t route information to nodes of their choosing. Nodes can only direct traffic to nodes that have been chosen algorithmically, this makes it impossible to form a subnetwork.
Bootstrapping
One method firewall providers could use to attack the Orchid Protocol would be to obtain a list of all bandwidth suppliers on the Orchid Market and block their Internet access. To prevent this from happening the Orchid Protocol cycles through a large number of random IP addresses. The protocol developers believe this makes it impossible for a government to ascertain the IP addresses of bandwidth suppliers. The only solution for a government would be to shut down the majority of the Internet in their country. (Source)
Denial of Service
To take nodes on the Orchid Market offline an attacker may wish to overwhelm the node with purchases of bandwidth. Because bandwidth on the Orchid Market has a cost, this attack vector would be very expensive. It would also be impermanent because attackers do not have infinite funds so it would be impossible to keep nodes offline indefinitely.
The Team
The founders behind the Orchid Protocol are well known and experienced individuals. The team includes:
Stephen Bell: A serial entrepreneur who started companies in Europe, the U.S., and China, before founding Trilogy VC China, where he spent 10 years investing in Chinese seed stage startups.
Brian J. Fox: A well known programer, entrepreneur and open-source advocate. He was the first employee of the Free Software Foundation, and the author of the GNU Bash shell.
Gustav Simonsson: An engineer and developer who helped launch Ethereum. As a core developer at the Ethereum Foundation he focused primarily on blockchain security, core protocols, clients, and security auditing.
Jay Freeman: A software engineer known for creating Cydia software and his work on jailbroken iOS software.
Dr. Steven Waterhouse: An experienced investor and entrepreneur. Waterhouse ran the Honeycomb project at Sun Microsystems, was CTO and co-founder of RPX Corp, and led cryptocurrency projects at Fortress and Pantera Capital.
Competitors
Unprotected Internet Access
A large number of users who access the Internet without protection find their Internet access subject to restriction and censorship. Additionally, users who access the Internet without protection provide their browsing history and website use to their Internet service providers, who can share and sell that data.
As long as they don’t care about having their browsing history sold, a consumer living in a country free of censorship is probably content accessing the Internet without protection, but the large number of individuals who do find their Internet censored would most likely prefer to access the Internet via Orchid.
Virtual Private Networking Services (VPNs)
VPNs encrypt and transport their subscribers Internet traffic across a network until it has reached the VPNs receiver. Once the VPN has their subscribers traffic, the traffic is decrypted and retransmitted across another network. In some cases this retransmission allows users to circumvent firewalls. However, the network used to transmit subscribers Internet traffic is often insecure and the centralized nature of a VPN makes them vulnerable to censorship. The IP address of a VPN can be identified which enables governments and companies to block traffic to and from the VPN. For this reason VPNs are not the optimal choice for citizens living under an oppressive government. Additionally, some VPNs collect and sell their subscribers browsing data.
Tor
Tor is a free software project that directs Internet traffic over a network of volunteer relays. To protect users privacy Tor uses Onion Routing to encrypt Internet traffic across the network. This means every message is wrapped in layers of encryption, analogous to layers of an onion, and then passed to its destination via a sequence of relays. Each relay “peels” a way one layer of encryption to uncover the messages next destination, this process is repeated until the message reaches its destination. Only the final (exit) node can read the routing instructions and the message.
Tor suffers from a lack of widespread adoption, today there are only 7,000 nodes which limits web browsing speeds. Additionally, the small number of relay and exit nodes makes it easier for attackers to monitor and attack the Tor network. Orchid believes their market based approach will incentivise nodes to join the network and thus enable Orchid to achieve widespread adoption.
Tor’s growth has also been limited by bad publicity, as it can be used to access illegal services such as The Silk Road. Accessing illegal services can result in a visit from law enforcement. This further limits Tor’s growth as nodes may be deterred from joining the network. The Orchid Protocol resolves this issue by allowing nodes to opt out of accessing specific websites if they desire, this way exit nodes can protect themselves from unknowingly accessing illegal or dangerous information on behalf of users.
The Orchid Protocol also outperforms Tor when it comes to the security of the network. Tor lacks many of the security measures inherent to the Orchid Protocol such as protection against Sybil Attacks. And people are beginning to suspect that governments have infiltrated the Tor network.
Orchid Payment System
The Orchid Protocol uses probabilistic micropayments to facilitate payments between users and bandwidth suppliers. This allows users on the Orchid Network to make arbitrarily small payments without paying high transaction fees or any of the cost associated with setting up a payment channel.
Future Work
In the Orchid whitepaper the Orchid team discusses the possibility of adding features to the Orchid Network. According to the team the features they discuss fall into two categories: nice to haves and features they are conflicted about releasing to the public for various reasons.
Proof-of-Space
Currently the Orchid Protocol uses proof-of-work to verify a nodes “realness” and prevent Sybil Attacks. However, the Orchid team is exploring alternative methods such as proof-of-space, which would allow old phones and other devices to participate in the Orchid Market.
Protecting Content Hosts
Content host have an interest in the same anonymity and protection that Orchid provides to web users. In the future Orchid may upgrade the protocol to allow content hosts to transmit data to a node acting as a rendezvous point where it can be retrieved by someone surfing the web. This would conceal the origin of the content.
Orchid as a Platform
The Orchid team is very interested in the idea of using the Orchid Network as a platform to build applications on top of. Features and applications discussed by the Orchid team in the whitepaper include: APIs for websites to directly interface to the network, and incorporate tokens into their service, On-Network file storage and static website hosting, file sharing, email/messaging service, and an arbitration/moderation service.
Securing Ethereum Traffic
Ethereum gives off a identifiable network signal which could give firewall providers a hint of which individuals are using the Orchid Protocol. The Orchid team plans on fixing this vulnerability “in the near future.” (Source)
