I know I'm reinventing things, but I don't mind doing so 😀. I'm learning lots

And my MONAD system allows all the relay operators to accept payment for providing the relay service. My hope is to motivate very large numbers of users to run these relays, to give the fastest and most reliable onion-based system

@FIPS the internet, fix the world

If you use three relays, then you have three 'sessions' nested inside each other so that each relay learns very little about your connection. You have one session with the first relay, and you use that connection to open a second session with the second relay, and so on. Typical onion routing.

NoiseNK encryption+authentication in session, which itself wraps HTTP2 which can be used for multiplexing multiple requests. One of the streams inside HTTP2 is used to control the payments. So the client exposes a SOCKS5 proxy which might be processing multiple requests in parallel, which is responsible for setting up these nested sessions and making the payments, while all the relays (except the last) just see a single encrypted stream. The relays know the previous hop and the next hop, but that's it; except that the final relay might see you exiting to multiple 'normal' final connections.

Don't be misled by the 'HTTP' in 'HTTP2'; the multiplexed connections can be any arbitrary TCP session, I use it for 'ssh' and am happy with the latency

If there are multiple users, then a given pair of relays would have one connection per user, which has one of that user's sessions (which might itself be many managin multiple 'exit' connections). Those per-user connections are wrapped inside QUIC, which apparently is the very scalable way to multiplex large numbers of connections. This should help a little with privacy, as external viewers see all the traffic between two relays as just one QUIC connection, and QUIC itself adds another layer of encryption. Also, QUIC sometimes merges packets from separate user's streams into one packet, which might help a little with privacy too

I'm not implying QUIC is designed for privacy, but I find it a good place to start.

Links (I haven't pushed recently, trying to only push with each major update):

- MONAD itself: https://github.com/SatsAndSports/MONAD

- Cashu Spilman Channels: https://github.com/SatsAndSports/cashu_spilman_channels

(my attempt to explain, might be wrong)

A decentralised mesh, that should scale to very many users, where a packet can be routed from A to B. Each packet is forwarded to one neighbour, without source routing

A "spanning tree" over all nodes is formed. The purpose of this tree is that, for any edge on the spanning tree, the edge divides the entire network logically into two sections ("split-horizon"). There is then a bloom filter on each side of that edge which records the set of nodes that are reachable *in that one of the two sections*

The Bloom filters gradually fill, as they learn which nodes are where. A naive Bloom filter system would eventually result in every node being recorded in every Bloom filter and would therefore be useless. The spanning tree provides (arbitrary) two-section splits to ensure that doesn't happen. For any given edge of the spanning tree, each npub should be in just one of them. (For me, this was the main idea that hooked me on FIPS)

The Bloom filters are the main thing used for routing, although of course various network statistics are used to bias routing towards the best performing peer

There's lots more to say. Every direct link between two direct peers is encrypted and authenticated, as is the multi-hop session that forms between two nodes that are communicating

So that gives us an encrypted and authenticated datagram service between two nodes (nodes are identified by npubs). FIPS doesn't care how the peers directly communicate with each other (Bluetooth, WiFi, UDP, Tor, carrier pigeon)

But it's unreliable. Hence it's quite like IP (as opposed to TCP). Therefore, in order that all our IP software can be used as-is, there is a localhost-only IPv6 adaptor (and associated local DNS resolver, that maps each npub to a deterministically-derived ipv6 address) which allows us to treat any FIPS node as an IPv6 address. You can then run your legacy stack (using TCP for reliability) on top of that. When I connect my web browser to a cashu mint, the web browser thinks it's connecting to IPv6, but my machine immediately intercepts it and it goes through the FIPS system and it pops out inside the mint's machine as an ipv6 packet

How do I pay per use?

Some payment is needed to encourage people to run this

I guess that's not in this protocol now

I'm glad there's another episode!

I've listening to all of them so far, and also the last 100 Bitcoin Optech podcasts, so I need more content to listen to while walking or cycling!