Revised Nym for ZCash Network-level Privacy

@jelly5649 a bit more information with regards to your sudo question I got back from one of our mac developers: it is needed because we are not using network extensions but instead tapping into the network adapter through sudo in order to get a higher level of control and to help mediate the leaks, which there are plenty of, when using network extension.

Right now there is no alternative to this with the NymVPN app unfortunately.

Hi, is there an update on the code / submission review? If you need any other info from us let me know and I can get it done asap. Thanks!

Hi Max, I’m late to the party here.

Are these the things on the following post that you need reviewed?

Hi @pacu ,

Currently the list stands as such:

• I have created a module in our SDK which can be imported into crates or via Go FFI (if lightwalletd wanted to use it)
• FFI docs
• Module docs
• I have also created a pair of CLI binaries (docs) which can be used as standalone processes to easily test sending zcash traffic through the Mixnet - I have been using the zingocli wallet on a local machine with the TcpProxyClient binary to send traffic through the Mixnet to a VPS I’m running a testnet zcashd & lightwalletd instance on via the TcpProxyServer binary. The TcpProxyServer binary is also there so it could be e.g. added to the lightwalletd Helm setup. If you want to use these to test, I suggest using the conn-pool-update branch: this is a branch I have been working on a speedup on which is waiting to go into our next release, which involves a Client Pool abstraction.
• There are also the videos further up in this channel which were demonstrating the WIP versions of this work.

These components allow for Mixnet integration into ZCash codebases and can be used currently to use ZCash through the Mixnet.

Happy to help with any other questions you might have.

finally had some time to explore Nym project
wow it is serious
and going live in a month

image930×906 181 KB

I reviewed this code:

• nym/sdk/rust/nym-sdk/src/tcp_proxy/tcp_proxy_client.rs at develop · nymtech/nym · GitHub
• nym/sdk/rust/nym-sdk/src/tcp_proxy/tcp_proxy_server.rs at develop · nymtech/nym · GitHub
• nym/sdk/rust/nym-sdk/src/tcp_proxy/utils.rs at develop · nymtech/nym · GitHub
• nym/sdk/rust/nym-sdk/src/tcp_proxy/bin/proxy_client.rs at develop · nymtech/nym · GitHub
• nym/sdk/rust/nym-sdk/src/tcp_proxy/bin/proxy_server.rs at develop · nymtech/nym · GitHub
• nym/sdk/ffi/go/proxy_example.go at develop · nymtech/nym · GitHub

and these docs:

• FFI Bindings - Nym docs
• Architecture - Nym docs
  • This appears to be missing some flow diagrams.
• Standalone TcpProxy Binaries - Nym docs

With the caveat that I haven’t tried to run the code, it looks well-written and useful for the purpose described in the docs:

The motivation behind the creation of the TcpProxy module is to allow developers to interact with the Mixnet in a way that is far more familiar to them: simply setting up a connection with a transport, being returned a socket, and then being able to stream data to/from it, similar to something like the Tor arti client.

These might be an easy way for developers to start proxying their traffic throught the mixnet and understanding the sort of latency they should expect, and whether their application can currently tolerate it.

There is obviously a lot more design and integration work that would need to be done in order to use Nym more exensively in Zcash (in particular I don’t know whether we’d want to hook into the TCP-like abstraction or something more low-level), but this looks like a good start.

Thank you for the review!

What sort of diagrams do you think are missing here / aren’t covered by the Sessions and Message Ordering section? Something more like an architecture diagram of how the Proxies take incoming traffic, frame it, etc? Always happy to hear feedback on the docs and what else can be added to make them better

We are currently working on some protocol upgrades which will make the SDK Client interface a lot nicer to work with. This should remove the need for the localhost port exposed by the TcpProxy and allow for whatever code consumes the SDK to pipe bytes directly to the Client (also removing the need for the bytecodec shuffling in this abstraction), as well as doing stuff like multiplexing (removing the need for a lot of the accounting work this abstraction is currently doing). I will update this forum when we have something to share with regards to this upgrade - that should allow for lower-level integration work to take place.

Thank you Daira-Emma for your review!

I think they were either added after my review or they weren’t rendering correctly for me. The ones that are there now look good.

I was looking into this NymVPN project and it’s another one for this lovely thread:

Hey guys, can someone explain what’s going on here in simple terms for those of us who aren’t very technical? What’s the point of integrating Nym with the zcash wallet?
Why not just add an option in the wallet to work through SOCKS5, so you can run any software that provides a SOCKS5 proxy alongside it-whether it’s Nym, Tor, or something else?
From what I understand, something like this is being developed for $150K and about a year and a half, right?
Also, will this be a paid service? Meaning, will wallet users have to buy a Nym subscription to use it?

And one more thing, while reading the text “Addressing Network-Level Threats in Zcash Using the Nym Network”, I came across this passage:
Transaction and Address Linkability:
Similarly, when a wallet checks for received transactions, the wallet will indicate exactly which transactions it wants the ciphertext for.

Could someone explain in a bit more detail how this works? Does Lightwalletd really track user transactions in this way, or is something like bloom filters used? what is “ciphertext”?