Onion Routing
KayakNet uses onion routing to provide anonymity for all network traffic.
What is Onion Routing?
Onion routing wraps messages in multiple layers of encryption, like layers of an onion. Each node in the path can only see the previous and next hop, never the full route.
How It Works
Circuit Building
┌────────┐ ┌────────┐
│ Sender │ │Receiver│
└───┬────┘ └────▲───┘
│ │
│ Encrypted for Hop 3 │
│ ┌─────────────────────────────────────────────────┐ │
│ │ Encrypted for Hop 2 │ │
│ │ ┌─────────────────────────────────────────────┐ │ │
│ │ │ Encrypted for Hop 1 │ │ │
│ │ │ ┌─────────────────────────────────────────┐ │ │ │
│ │ │ │ Original Message │ │ │ │
│ │ │ └─────────────────────────────────────────┘ │ │ │
│ │ └─────────────────────────────────────────────┘ │ │
│ └─────────────────────────────────────────────────┘ │
│ │
▼ │
┌───────┐ ┌───────┐ ┌───────┐ │
│ Hop 1 │─────────▶│ Hop 2 │─────────▶│ Hop 3 │──────────────┘
└───────┘ └───────┘ └───────┘
Removes one Removes one Removes final
layer layer layerStep by Step
Sender selects 3 random nodes from the network
Sender generates session keys for each hop
Message is encrypted in layers:
Layer 3: Encrypted with Hop 3's key
Layer 2: Encrypted with Hop 2's key
Layer 1: Encrypted with Hop 1's key
Hop 1 receives, decrypts outer layer, forwards
Hop 2 receives, decrypts its layer, forwards
Hop 3 receives, decrypts final layer, delivers
KayakNet Implementation
Circuit Parameters
Hops
3
Balance of anonymity and latency
Circuit Lifetime
10 minutes
Prevent long-term correlation
Key Algorithm
X25519
Fast, secure key exchange
Encryption
ChaCha20-Poly1305
Modern AEAD cipher
Circuit Selection
Nodes are selected to maximize anonymity:
Header Format
Traffic Analysis Resistance
Beyond basic onion routing, KayakNet implements:
1. Constant Packet Size
All packets are padded to 1024 bytes, preventing size correlation.
2. Timing Obfuscation
Random delays (0-100ms) prevent timing analysis.
3. Dummy Traffic
Nodes send fake traffic to obscure real patterns.
4. Traffic Mixing
Packets are batched and shuffled before forwarding.
Anonymity Properties
What Onion Routing Provides
✅ Sender Anonymity - Receiver doesn't know sender ✅ Receiver Anonymity - Sender doesn't know receiver's IP ✅ Relationship Anonymity - Third parties can't link sender/receiver ✅ Forward Secrecy - Past traffic can't be decrypted
What It Doesn't Provide
❌ Global Passive Adversary - Nation-state level monitoring may correlate ❌ Endpoint Compromise - If sender or receiver is compromised ❌ Traffic Confirmation - If adversary controls first and last hop
Compared to Tor
Default Hops
3
3
Circuit Rotation
10 min
10 min
Traffic Padding
Yes
Limited
Timing Obfuscation
Yes
No
Dummy Traffic
Yes
No
Directory Servers
No (DHT)
Yes
Performance Impact
Onion routing adds latency:
Latency
~50ms
~150-300ms
Throughput
High
Moderate
CPU Usage
Low
Moderate
The tradeoff is acceptable for privacy-focused applications.
Configuration
Last updated