HOPR introduces data verifiability with Ceramic

How the HOPR network is using Ceramic to provide off-chain logging information to node runners while keeping the data private.

The HOPR protocol is a layer-0 privacy foundation for the new generation of decentralized applications. The incentivized HOPR mixnet lets any application send data without leaking data or metadata. HOPR nodes will rely on Ceramic to track node payments without sacrificing user privacy.

Are you ready to be part of the data privacy revolution? Visit HOPRnet.org to run a node.

The HOPR protocol

Standard end-to-end encryption does not provide sufficient privacy, because it still leaks important metadata, such as who is exchanging data, when, and how often. Given enough metadata, global adversaries and private companies can identify your behaviour across multiple applications, even when the content of the traffic you exchange remains encrypted.

Services like VPNs can hide your information from your internet service provider (ISP), but can’t protect you from the general fingerprinting your browser, mobile devices, and websites perform on a daily basis. Over time, this online behaviour creates a profile that can be traced.

HOPR addresses this challenge by ensuring all the data and metadata you produce and consume online stays private. To do this, HOPR feeds content through our state-of-the-art mixnet, the HOPR network.

HOPR incentivises node runners who relay packets using its own currency, the HOPR token. Messages routed through the network are embedded with HOPR tokens in the form of “tickets” to pay each node along the route. HOPR’s proof of relay mechanism ensures a node can’t claim a ticket until the data packet is relayed to the next downstream node. This creates positive incentives for nodes to be good actors in the network. Tickets are cashed out via an Ethereum compatible blockchain (EVM), but are not always valid. This probabilistic payment system ensures a node’s online behaviour cannot be analyzed using timing attacks.

To ensure privacy at any level of network usage, the HOPR network is constantly fed with cover traffic: arbitrary data which provides cover for real users. This is particularly important in the early years of the network, when usage will understandably be lower.

The HOPR Association has allocated 250m HOPR tokens to cover traffic, to be released over four years. These will be issued anonymously by nodes sponsored by the HOPR Association, and will be routed through nodes selected by multiple parameters such as HOPR tokens staked, amount of channels (connections to other nodes) open, and general connectivity.

Verifiable off-chain activity for HOPR node runners

This incentivized cover traffic system, combined with proof of relay, is what sets HOPR apart from other privacy networks which either lack the proper incentives to scale or have to compromise privacy or decentralization. However, privacy networks are very challenging to develop and then test. How can we monitor and verify node activity without sacrificing privacy?

This is particularly important for the development of cover traffic and the long-term economic balancing of the network. Since running HOPR nodes incurs electricity and internet bandwidth costs, it’s important to be able to distinguish between the Kickstarter cover traffic (artificially high for the first four years) and the real traffic (initially minimal, but growing as the network scales).

Tickets issued by cover traffic can be tagged as such and shared off-chain. This would allow analysis but prevent inspection by other nodes. However, we need a reliable way to implement this approach. We can’t simply log this information in a decentralized IPFS node, and call it a day: since anyone can add information to IPFS, information about cover traffic metrics could be skewed or manipulated by any party in the network.

Ceramic provides a solution.

Ceramic Streams: A decentralized monitoring tool for HOPR nodes

About Ceramic

Ceramic is a public, permissionless, open-source protocol that provides computation, state transformations, and consensus for all types of data structures stored on the decentralized web. Ceramic’s stream processing enables developers to build dynamic information without trusted database servers to create powerful, secure, trustless, and censorship-resistant applications.

Ceramic does this by processing and ingesting data as it arrives, with the resulting output applied to a log. This log represents the current state of a given piece of information.

HOPR + Ceramic

By using Ceramic, HOPR can propagate user-specific data and allow node runners to inspect and share their node’s information as needed. To do this, nodes create a log entry in a Ceramic Stream, a DAG-based data structure for storing continuous, mutable streams of content on IPFS, every time they receive a particular message (for example, one with the cover traffic tag). Since this information is published with the secp256k1 private key used by the HOPR nodes, this information can be connected to a HOPR node and verified as such. This prevents outside manipulation of data.

HOPR node runners can use the HOPR dashboard to see their node data, and by checking the Ceramic Streams pinned by their nodes, obtain meaningful information about the cover traffic sent to their nodes. In this way, Ceramic not only helps HOPR developers, but also allows users themselves to verify the state of the network without involuntarily compromising their privacy.

Previous iterations of HOPR testnets issued unverifiable cover traffic via a bot, which was cumbersome and of limited utility. Thanks to Ceramic, HOPR nodes can now easily compare notes and assess their own ability to connect to other nodes.

Although the HOPR Network is the first of its kind to leverage Ceramic to log decentralized data to be consumed by an open-source protocol, we believe this approach can be used by any project which relies on peer-to-peer off-chain data, which would otherwise be unverifiable.

Connecting HOPR nodes to external accounts

Since HOPR nodes have their own private keys, which need to quickly sign and submit transactions on-chain, each node has a unique private identity. This is extremely important for privacy, but it also makes engaging with our community of node runners challenging. As a result, we cannot easily link a HOPR node runner to another digital identity, enrich our node runner data, or perform promotional actions linked to our staking program which would be trivial in a centralized (but not private) setting. Again, this is where Ceramic gives us a lot more flexibility.

The identities of HOPR node runners are private, but they don’t have to be anonymous. It’s possible to connect node runners with another digital identity, as long as that connection is verifiable.

We’ve already started using Ceramic’s identity protocol, IDX, for this use case in our recent testnet on the Polygon network. HOPR nodes leveraged IDX to connect to external Ethereum accounts outside of the HOPR network. With IDX, HOPR nodes now have the ability to sign an Ethereum account, enabling users to connect their nodes with an existing pseudonymous digital identity — real or not.

What’s next for HOPR?

In the coming weeks, the HOPR team will start to test our cover traffic nodes, which will become the cornerstone for the HOPR network. To support us, the HOPR Association will continue to run testnets with the community to finetune the HOPR protocol. From there, node adoption and development of the protocol will continue alongside our community. We’ll be using Ceramic in most of these endeavours, to strike the fine balance between data gathering and privacy.

We’re excited about what’s next to come and hope you’ll join us alongside this journey to change the state of data privacy for good.

Stay up to date with the progress of the HOPR protocol, see product demos, read our papers and more:

Jose Aguinaga

HOPR Head of Engineering

Website: https://www.hoprnet.org
Testnet: https://network.hoprnet.org
Twitter: https://twitter.com/hoprnet
Telegram: https://t.me/hoprnet
Discord: https://discord.gg/dEAWC4G
LinkedIn: https://www.linkedin.com/company/hoprnet
Forum: https://forum.hoprnet.org
Github: https://github.com/hoprnet