161 lines
5.0 KiB
Markdown
161 lines
5.0 KiB
Markdown
# Superball Example: Anonymous Posting
|
|
|
|
## Scenario
|
|
Alice wants to post a message under her real identity while hiding her location from surveillance.
|
|
|
|
### Participants
|
|
- **Alice**: Original sender (pubkey: `alice123...`)
|
|
- **Thrower A**: First hop (pubkey: `thrower_a789...`)
|
|
- **Thrower B**: Second hop (pubkey: `thrower_b012...`)
|
|
- **Relay1**: `wss://relay1.com` (where Alice posts)
|
|
- **Relay2**: `wss://relay2.com` (intermediate relay)
|
|
- **Relay3**: `wss://relay3.com` (where final message appears)
|
|
|
|
## Step-by-Step Flow
|
|
|
|
### 1. Alice Creates Her Final Message That Will Be Posted
|
|
```json
|
|
{
|
|
"kind": 1,
|
|
"pubkey": "alice123...",
|
|
"content": "The government is lying about inflation statistics",
|
|
"tags": [],
|
|
"created_at": 1702222200,
|
|
"id": "alice_event_id",
|
|
"sig": "alice_signature"
|
|
}
|
|
```
|
|
|
|
### 2. Alice Encrypts Instructions for Thrower B (Final Hop)
|
|
Payload for Thrower B (final hop - no `p` field):
|
|
```json
|
|
{
|
|
"event": { /* Alice's signed event above */ },
|
|
"routing": {
|
|
"relays": ["wss://relay3.com", "wss://relay4.com"],
|
|
"delay": 15,
|
|
"audit": "audit_tag_b_456def",
|
|
"payment": "eCash_ZYX321..." // Optional payment
|
|
// No "p" field - this means final posting
|
|
}
|
|
}
|
|
```
|
|
|
|
Creates routing event:
|
|
```json
|
|
{
|
|
"kind": 22222,
|
|
"pubkey": "ephemeral_key_2",
|
|
"content": "<encrypted_payload_for_thrower_b>",
|
|
"tags": [["p", "thrower_b012..."]],
|
|
"created_at": 1703000100,
|
|
"id": "routing_for_b",
|
|
"sig": "ephemeral_signature_2"
|
|
}
|
|
```
|
|
|
|
### 3. Alice Encrypts Instructions for Thrower A (First Hop)
|
|
Payload for Thrower A (continuing chain):
|
|
```json
|
|
{
|
|
"event": { /* routing event for Thrower B above */ },
|
|
"routing": {
|
|
"relays": ["wss://relay2.com"],
|
|
"delay": 45,
|
|
"add_padding_bytes": 200,
|
|
"p": "thrower_b012...", // Next Thrower in chain
|
|
"audit": "1a2b3c4d5e6f7890abcdef1234567890abcdef1234567890abcdef1234567890",
|
|
"payment": "eCash_A1B2C3..." // Optional payment
|
|
}
|
|
}
|
|
```
|
|
|
|
Alice posts this to Relay1:
|
|
```json
|
|
{
|
|
"kind": 22222,
|
|
"pubkey": "ephemeral_key_1",
|
|
"content": "<encrypted_payload_for_thrower_a>",
|
|
"tags": [["p", "thrower_a789..."]],
|
|
"created_at": 1703000200,
|
|
"id": "routing_for_a",
|
|
"sig": "ephemeral_signature_1"
|
|
}
|
|
```
|
|
|
|
## Execution Timeline
|
|
|
|
**T+0**: Alice posts routing event to Relay1
|
|
```
|
|
Relay1: kind 22222 event (p tag = thrower_a789...)
|
|
```
|
|
|
|
**T+5**: Thrower A processes
|
|
- Decrypts payload
|
|
- Sees: relay2.com, delay 45s, add_padding_bytes 200, next hop thrower_b012...
|
|
- Creates padding-wrapper payload around the inner encrypted event
|
|
- Queues for 45-second delay
|
|
|
|
**T+50**: Thrower A forwards with padding wrapper
|
|
```
|
|
Relay2: NEW routing event with padding wrapper
|
|
{
|
|
"kind": 22222,
|
|
"pubkey": "thrower_a_ephemeral_key", // Fresh key
|
|
"content": "<padding_wrapper_payload>", // Contains inner event + padding
|
|
"tags": [
|
|
["p", "thrower_b012..."], // Real next hop
|
|
["p", "1a2b3c4d5e6f7890abcdef1234567890abcdef1234567890abcdef1234567890"] // Audit tag
|
|
]
|
|
}
|
|
```
|
|
|
|
Where the padding_wrapper_payload contains:
|
|
```json
|
|
{
|
|
"event": { /* The still-encrypted inner event for Thrower B */ },
|
|
"padding": "random_padding_data_200_bytes_worth"
|
|
}
|
|
```
|
|
|
|
Alice monitors relay2.com and sees her audit tag `1a2b3c4d5e6f...` appear at T+50, confirming Thrower A is honest.
|
|
|
|
**T+55**: Thrower B processes
|
|
- First decrypt: Gets padding wrapper payload - discards padding
|
|
- Second decrypt: Gets Alice's event + routing instructions (relays=[relay3.com, relay4.com], delay 15s)
|
|
- NO `p` field - this means final posting, extract and post Alice's event exactly as-is
|
|
- Queues for 15-second delay
|
|
|
|
**T+70**: Thrower B posts Alice's final event (end of chain)
|
|
```
|
|
Relay3 AND Relay4: Alice's original signed event appears exactly as she created it
|
|
{
|
|
"kind": 1,
|
|
"pubkey": "alice123...",
|
|
"content": "The government is lying about inflation statistics",
|
|
"tags": [], // Original tags preserved
|
|
"created_at": 1702222200,
|
|
"id": "alice_event_id",
|
|
"sig": "alice_signature" // Original signature preserved
|
|
}
|
|
```
|
|
|
|
Alice's message now appears on both relay3.com and relay4.com for redundancy.
|
|
|
|
## Privacy and Security Achieved
|
|
|
|
- **Alice's location**: Completely hidden from surveillance
|
|
- **Message origin**: Appears to come from Thrower B's location
|
|
- **Traffic analysis**: 65-second delay + size changes prevent correlation
|
|
- **Identity preserved**: Alice's real pubkey and signature maintained
|
|
- **Plausible deniability**: No proof Alice initiated the posting
|
|
- **Malicious node detection**: Audit tags allow Alice to verify proper forwarding
|
|
- **Accountability**: Bad Throwers can be identified and avoided
|
|
|
|
### Audit Trail for Alice
|
|
- **T+50**: Audit tag `1a2b3c4d5e6f...` appears on relay2.com (✓ Thrower A honest)
|
|
- **T+70**: Final message appears on relay3.com and relay4.com (✓ Thrower B honest)
|
|
- **Size verification**: Event sizes match expected padding operations
|
|
- **Timing verification**: Delays match requested timeouts
|
|
|
|
Alice successfully posts controversial content under her identity while protecting her physical location AND maintaining the ability to detect and avoid malicious routing nodes. |