A Quick Introduction to the Hidden Lake Network

About a year ago I wrote an article describing the process of launching a node of the Hidden Lake anonymous network. In my opinion, the article was unsuccessful, because it paid too much attention to details, which created an accompanying idea of the complexity of such a process. Since then, 11 months have passed, the Hidden Lake network code has been gradually edited, some launch schemes have been changed, new features have been added. Following this, I decided to release a new article in order to remove or move excess information to separate spoiler sections or links, as well as to update the current process of launching and operating the network. As a result, the article should be simple, minimalistic and understandable, literally five minutes of reading.

A little bit about Hidden Lake

The difference between the Hidden Lake anonymous network and other representatives of this area, such as Tor, I2P, Mixminion, Crowds, etc., is in the theoretically provable protection against the actions of a global observer. In other words, even if the network is small, territorially limited and completely wiretapped, it will still be impossible for an observer to identify any connections between its participants. This is achieved through the QB task (a task based on queues), the advantages and limitations of which can be read in more detail in the article here. Due to this feature, the Hidden Lake network can successfully function even inside a centralized server, while maintaining the same level of anonymity. You can read more about this here.

Launching your own service

It is quite easy to set up a node in the Hidden Lake network – you just need to download the application HLS and run it. But in this case, there will be little benefit from this for two reasons: 1) the node will rise locally and will not be connected to the external network in any way, 2) there will be no application applications and, as a result, no applications. Therefore, in order to consider and understand the process of integrating a node with the Hidden Lake network from A to Z, it would be most correct to write your own small service. In our case, this will be an echo service.

package main

import (
	"fmt"
	"io"
	"log"
	"net/http"
)

func main() {
	http.HandleFunc("/echo", func(w http.ResponseWriter, r *http.Request) {
		if r.Method != http.MethodPost {
			w.WriteHeader(http.StatusMethodNotAllowed)
			return
		}
		req, err := io.ReadAll(r.Body)
		if err != nil {
			w.WriteHeader(http.StatusBadRequest)
			return
		}
		fmt.Fprintf(w, "echo(%s)", string(req))
	})
	log.Println("service is listening...")
	http.ListenAndServe("127.0.0.1:8080", nil)
}

In this concept, we will need two nodes: one will provide the service, the other will be represented by the client of this service. To do this, download the HLS application, set the execution rights and copy HLS to the client directory as well.

$ wget https://github.com/number571/go-peer/releases/latest/download/hls_amd64_linux
$ mv hls_amd64_linux hls && chmod +x hls
$ mkdir client && cp hls client/hls

* The above example works only for the Linux platform. HLS can also be downloaded for Windows / Darwin platforms, as well as for the arm64 architecture. To do this, simply change the name of the downloaded file, for example: hls_arm64_darwin. If you need to run HLS on a different platform or processor architecture, then you will need to compile the application yourself.

HLS Compilation

The Hidden Lake network code is completely open source, so the above method of running HLS is not the only one. Instead of using release and pre-compiled programs, you can compile them yourself. This will require the Go compiler and the following steps:

$ git clone https://github.com/number571/go-peer.git
$ cd go-peer && go build ./cmd/hidden_lake/service/cmd/hls

Next, in order to successfully connect to the external Hidden Lake network, we need to have a configuration file already configured. hls.yml. Such files can be downloaded HereAfter that we need to edit them a little.

Configuration files

I took the configuration file in the directory as a basis prod/1.

Service hls.yml:

settings:
  message_size_bytes: 8192
  work_size_bits: 22
  key_size_bits: 4096
  fetch_timeout_ms: 60000
  queue_period_ms: 5000
  network_key: 8Jkl93Mdk93md1bz
logging:
- info
- warn
- erro
address:
  # Удалил tcp поле из-за ненадобности
  http: 127.0.0.1:9571 # Поменял порт, чтобы клиент мог запустить свой http сервер
services: # Удалил сторонние сервисы и прописал путь к echo-сервису
  hidden-echo-service: # Название сервиса может быть любым
    host: 127.0.0.1:8080
connections:
- 94.103.91.81:9581

Client client/hls.yml:

settings:
  message_size_bytes: 8192
  work_size_bits: 22
  key_size_bits: 4096
  fetch_timeout_ms: 60000
  queue_period_ms: 5000
  network_key: 8Jkl93Mdk93md1bz
logging:
- info
- warn
- erro
address:
  # Удалил tcp поле из-за ненадобности
  http: 127.0.0.1:9572
# Удалил services поле из-за ненадобности
connections:
- 94.103.91.81:9581

After such an edit, the nodes will be able to successfully connect to the network relay, through which they will be able to send and receive messages. However, Hidden Lake is also F2F networkand therefore requires that nodes specify each other's public keys for further successful and mutual authentication. To generate service and client keys, it is enough to launch the HLS application:

$ ./hls # Терминал 1
> [INFO] 2024/08/31 03:53:42 HLS is started; {"message_size_bytes":8192,"key_size_bits":4096,"fetch_timeout_ms":60000,"queue_period_ms":5000,"work_size_bits":22,"network_key":"8Jkl93Mdk93md1bz","limit_message_size_bytes":6526}
$ cd client && ./hls # Терминал 2
> [INFO] 2024/08/31 03:55:37 HLS is started; {"message_size_bytes":8192,"key_size_bits":4096,"fetch_timeout_ms":60000,"queue_period_ms":5000,"work_size_bits":22,"network_key":"8Jkl93Mdk93md1bz","limit_message_size_bytes":6526}

After the first launch, private keys will be created: hls.key, client/hls.key. To obtain public keys, you need to contact the API of each node, update the files hls.yml and restart the nodes.

$ curl http://127.0.0.1:9571/api/network/pubkey
> PubKey{3082020A...03010001}
$ curl http://127.0.0.1:9572/api/network/pubkey
> PubKey{3082020A...03010001}

Final configuration files

Final service hls.yml:

settings:
  message_size_bytes: 8192
  work_size_bits: 22
  key_size_bits: 4096
  fetch_timeout_ms: 60000
  queue_period_ms: 5000
  network_key: 8Jkl93Mdk93md1bz
logging:
- info
- warn
- erro
address:
  http: 127.0.0.1:9571
services:
  hidden-echo-service:
    host: 127.0.0.1:8080
connections:
- 94.103.91.81:9581
friends:
  client-node: PubKey{3082020A...03010001} # Ключ полученный от http://127.0.0.1:9572/api/network/pubkey

Final client client/hls.yml:

settings:
  message_size_bytes: 8192
  work_size_bits: 22
  key_size_bits: 4096
  fetch_timeout_ms: 60000
  queue_period_ms: 5000
  network_key: 8Jkl93Mdk93md1bz
logging:
- info
- warn
- erro
address:
  http: 127.0.0.1:9572
connections:
- 94.103.91.81:9581
friends:
  service-node: PubKey{3082020A...03010001} # Ключ полученный от http://127.0.0.1:9571/api/network/pubkey

As a result of the actions taken, it becomes possible to access the service in the Hidden Lake network:

$ echo 'hello, world!' | base64
> aGVsbG8sIHdvcmxkIQ==
$ curl -i -X POST http://localhost:9572/api/network/request --data '{
    "receiver":"service-node",
    "req_data":{
        "method":"POST",
        "host":"hidden-echo-service",
        "path":"/echo",
        "body":"aGVsbG8sIHdvcmxkIQ=="
    }
}'
> 
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Fri, 30 Aug 2024 21:06:59 GMT
Content-Length: 102

{"code":200,"head":{"Content-Type":"text/plain; charset=utf-8"},"body":"ZWNobyhoZWxsbywgd29ybGQhKQ=="}
$ echo 'ZWNobyhoZWxsbywgd29ybGQhKQ==' | base64 -d
> echo(hello, world!)

In order not to repeat all the steps of setting up configuration files and linking public keys, a test has been prepared repository in which all this is done and on the example of which you can get the same result.