阅读 Lite Paper

Nym’s mission is to establish privacy as a default for online communications. Only then can people and organizations make meaningful and secure decisions about what, when and with whom they want to share data.

Reckless data harvesting has dominated Silicon Valley business models over the past decade and has rapidly become the norm for monetizing online activity. Understanding and predicting user behaviour is now the primary business model of the Internet. These data-driven models, collectively known as surveillance capitalism, have produced giant tech monopolies and governments that oversee an unprecedented system of manipulation and control, extracting data and value from society.

It is important to realize just how lacking current technology is with regards to maintaining privacy. Even though a private messenger might encrypt a message’s contents, the metadata (for example identifying the timing of the communications, IP addresses, locations, and lots more) is visible to everyone from the Internet Service Provider (ISP) that delivers the message to the messaging application itself. And in this world of big data, metadata is in many ways more valuable than the content of messages. It can be used by sophisticated and ubiquitous analytic systems to determine the nature of your social relationships and thus predict your personal characteristics and preferences.

The necessary technology to guarantee online privacy has remained underdeveloped - until recently. With progress in computing capacity, networking, research and funding, it is now possible to overcome these limits and deploy technology that avoids trusted third parties and is resistant to surveillance.

Introducing the Nym Protocol; A Global Privacy Commons

Nym was founded in 2018 to build a global privacy infrastructure and contribute to ending the era of surveillance as the default technical and business model of the internet.

Nym is an open-source, decentralized and permissionless privacy system. It provides full-stack privacy, allowing other applications, services or blockchains to provide their users with strong metadata protection, at both the network level (mixnet), and the application level (anonymous credentials) without the need to build privacy from scratch.

The Nym architecture is powered by three main technological advancements: a mixnet, private credentials and incentives.

How Nym can make the internet private

The Nym mixnet provides strong guarantees against the leakage and harvesting of metadata at the network layer. It is a general purpose privacy overlay network that is agnostic and can interface with almost any other digital application or service, enabling individuals as well as digital service providers to be able to guarantee their privacy or that of their users.

The mixnet improves on existing privacy systems by mixing internet traffic in a decentralized network. First, all packets are transformed by the user into Sphinx packets on their device. The Sphinx packet format renders all data packets a uniform size. Then, nodes in the mix network “mix” the traffic, releasing packets probabilistically in order to ensure timing obfuscation. If needed, at each node cover traffic is added, and multiple hops ensure users do not have to trust a single node.

While the mixnet builds a strong foundation by protecting the network-layer, Nym credentials enable fine-grained privacy at the application layer. Nym credentials allow digital service providers and users to engage securely without the need to compromise on privacy.

Nym credentials advances on the Coconut signature scheme, enabling people to prove their right to access and do things online while retaining privacy. Nym credentials encrypt and embed the data needed for a given service, including zero-knowledge proofs of private data. These credentials are validated in a decentralized and public manner, without revealing any link between the user and the service they want to access.

Nym is sustainable because it uses incentives to decentralize and maintain the quality of service of the network. Inspired by Bitcoin, Nym’s breakthrough proof-of-work system rewards nodes for mixing traffic rather than solving arbitrary Merkle puzzles. Nym node operators are rewarded for proof of mixing, ensuring privacy for all.Nym only uses enough electricity as needed to accomplish the work of mixing packets to meet demand, and so should minimize unnecessary environmental costs.

Nym employs a blockchain to decentralize the operations of the mixnet so that the network has no centralized points of failure: the Nym mixnet is run by nodes across the world as a global privacy commons. A major obstacle for any decentralized network is assembling real-world resources to run nodes. Tor and I2P’s volunteer model works but has limitations. With the logistical complexity of finding trusted and reliable volunteers, global reach is difficult: volunteers tend to be centralized in wealthy Western countries, with the majority of Tor relays in places like Germany and the US. We believe economic incentives can fix this problem so that the entire world can have privacy on the Internet.

Nym 与 VPN 相比如何?

目前最流行的网络层隐私解决方案是虚拟私人网络(virtual private network),它通过用户的计算机与供应商之间运行的加密通道提供网络层的保护。但是虚拟私人网络通常配置错误,即使配置正确了,也不能提供真正的隐私保护和足够的抗审查能力。 虚拟私人网络的供应商还可以彻底观察用户与公共网络之间的所有流量,并可以很确切的了解到用户在特定时间访问过何种服务。用户不得不相信供应商没有恶意使用这类信息或保留日志。 Nym 的混合网 mixnet 是一种匿名的叠加式网络,即使面对有能力被动监视整个网络的强大系统,也可以为网络层提供强大的匿名性。混合网是去中心化的,不需要相信任何第三方,因此不需要信任一个类似于虚拟私人网络的供应商。更重要的是,Nym为虚拟私人网络提供了优秀的隐私特性,并且可以通过激励机制来提供高质量的服务和低延迟。

Nym 与 Tor 相比如何?

Tor 是如今最著名的匿名叠加网络。与 VPN 不同,Tor 提供了三次跳转的的「电路」,比单节点 VPN 提供了更好的隐私性,因此 Tor 中的任何单个节点都无法对流量进行去匿名化处理。 Tor 的洋葱路由对每个节点之间的流量进行加密,因此只有最后一个跃点,即Tor的「退出节点」才能解密该数据包。


虽然 Tor 可能是用于访问整个互联网的通用 Web 浏览的最佳现有解决方案,但不可否认的是,对于诸如加密货币交易和安全信息传输之类的信息传输系统而言,mixnet 比 Tor 更胜一筹,并且我们相信设计合理的激励措施可以还可以将 Nym 用作通用的去中心化 VPN。 Nym 的 mixnet 可以让数据包之间无法彼此区分,增加覆盖流量以及提供时序混淆功能来提供更好的隐私性。与以前的 mixnet 设计和 Tor 都不一样,Nym 的 mixnet 使用区块链技术分散其运营,并使用激励措施来扩展规模并提供抗审查性。

Nym 与 I2P 相比如何?

I2P(Invisible Internet Project)将分布式目录哈希表替换了 Tor 的目录权限以进行路由。如何设计安全且私有的分布式哈希表仍然是一个开放的研究问题,并且 I2P 会遭受许多隔离、误导用户或对用户去匿名化的攻击。与 Tor 一样,I2P 也基于「通过隐匿实现安全」的概念,即假定没有对手可以监视整个网络。通过隐匿实现安全可能在21世纪初是一种最前沿的方式,但现在这种方法已展现出它的年龄。

Nym 的 mixnet 设计可确保网络匿名性,即使面对强大的去匿名化攻击,也能抵抗监视。与 I2P 不同的是,Nym 添加了诱骗流量和时序混淆功能。 Nym 使用区块链技术和经济激励措施来提高其网络的去中心化,而不是使用中心化的目录授权或分布式哈希表。Nym 的 mixnet 可以将元数据匿名化,甚至针对可以监视网络链接并观察所有客户端和服务器传入和传出流量的政府机构或私营企业。

Nym 与 Facebook Connect 相比如何?

Nym 凭证系统实现了 Facebook Connect 等系统功能的去中心化,同时增加了隐私。个人数据已经成为一种有害资产,即使对于将整个业务以之为基础的公司而言,也是如此,这在 2018 年 Facebook 的 OAuth 身份系统遭到黑客入侵以及随后发布的 5000 万用户数据中得到了证明。

与 Facebook Connect 和类似的基于 OAuth 的服务(例如,「Sign in with Google」,传统的用户名和密码,甚至公共/专用密钥对)不同,Nym 凭证使用户只有在愿意披露信息给第三方之后,身份​​验证和授权数据才会被共享。没有中心化的第三方管理凭证,用户完全控制自己的数据,仅将其公开给想要公开的人。用户可以将数据存储在任意位置(包括在自己的设备上),与 W3C 的 DID 等替代方法不同,用户无需在区块链上存储任何数据,从而提供了更好的隐私性。

Nym 可扩展吗?

俗话说「大隐隐于市」,系统要确保网络层隐私,就需要扩展到数百万级别的用户数。但现有能够扩展到数百万用户规模的匿名通讯设计仅能抵御较低级别的攻击,要么就会产生较高的延迟,而现有能够实现较强匿名性的系统则仅能进行纵向扩展。 Nym 的 mixnet 设计将强大的安全性与横向可扩展性相结合,即使在拥有数百万用户的情况下也可以有效运行。Nym 网络的速度随着流量与用户的增多而增加,因为随着匿名集的增长,所需的覆盖流量和时序混淆会减少。 像 Tor 和 I2P 这样的网络饱受缺少经济激励机制所困扰,从而导致性能不佳、难以扩展。Tor 依赖于众筹以及政府拨款提供资金支持,并不足以负担其网络中继的运行与维护成本。运行 Tor 的中继也缺少激励机制,更不用说运行较高风险的入口或出口节点了,因此,Tor 难以增加节点进行扩容,以应对增加的流量。而表明 Tor 缺少激励模型的一点就在于其中继地理位置的一致性。 相反,Nym使用经济激励措施来确保系统始终可以扩展以满足需求的增长。


显而易见,互联网隐私从未如此弱小,但它的重要性并没有降低-变革的时机已经成熟。 我们经验丰富,敬业奉献的团队很高兴能迈出第一步。



阅读 Lite Paper