Documentation
PART 1 — Foundations of Hidden Networks
Module 2 —
2.3 Alternative Darknets:

2.3 Alternative Darknets:

While Tor is the most well-known anonymity network, it represents only one model of hidden network architecture.
Other darknets — I2P, Freenet, GNUnet, Yggdrasil, and Nym — use fundamentally different routing designs, anonymity concepts, and security assumptions.

This chapter explains the underlying mechanisms that make each network unique.

A. I2P (Invisible Internet Project) — Tunnels & Garlic Routing

I2P is a self-contained darknet focusing on internal anonymous services rather than clearnet access.
Its architecture relies on a tunnel-based routing system and a unique encryption approach called garlic routing.

1. I2P Unidirectional Tunnels

Unlike Tor, where traffic flows bidirectionally over a single circuit, I2P builds two independent tunnels:

  • Inbound Tunnel: carries data toward the user

  • Outbound Tunnel: carries data away from the user

Benefits

  • Breaks correlation between incoming and outgoing traffic

  • Limits the impact of a compromised router

  • Provides flexibility for performance tuning

Each tunnel is a series of routers that forward encrypted packets.

2. Garlic Routing (I2P’s Encryption Model)

Garlic routing extends onion routing by bundling multiple messages (“cloves”) into a single encrypted “garlic bulb.”

Advantages

  1. Anti-traffic-analysis: harder to isolate individual messages.

  2. Message aggregation: routing instructions and payloads can be packaged together.

  3. Decoy traffic: supports padding and nested messaging.

Garlic routing is considered more flexible than onion routing for peer-to-peer anonymity.

3. I2P Network Database (netDB)

I2P uses a distributed hash table (DHT) to store:

  • router information

  • tunnel build records

  • encrypted destination entries

This ensures:

  • decentralization

  • resilience

  • no directory authorities (unlike Tor)

B. Freenet — Distributed Data Store & “Insert/Fetch” Mechanism

Freenet is not a routing network like Tor or I2P.
It is a distributed, censorship-resistant storage system built around a key-based data retrieval model.

1. Key-Based Data Access

Freenet uses three key types:

  • CHK (Content Hash Key): ensures immutability

  • SSK (Signed Subspace Key): allows updatable content

  • USK (Updatable Subspace Key): supports pseudonymous updates

Data is retrieved by keys, not by location.

2. Data Insert / Data Fetch Model

Insert

  • User uploads data using a key.

  • Chunks split and distributed across nodes.

  • Replication occurs automatically.

Fetch

  • User requests a key.

  • Network routes request through probabilistic local decisions.

This ensures censorship-resistance and plausible deniability.

3. Location-Independent Storage

Users do not know:

  • where the data is stored

  • who stores it

  • how many copies exist

Nodes store encrypted chunks, making Freenet:

  • anonymous

  • fault-tolerant

  • self-healing

C. GNUnet — Peer Group Cryptography & Privacy-Preserving Naming

GNUnet is a framework for privacy-preserving, decentralized networking.
It emphasizes secure group communication, peer authentication, and anonymous services.

1. Peer Group Cryptography

GNUnet forms “peer groups” where nodes authenticate using:

  • public key infrastructure

  • secure channel establishment

  • routing within trusted peer subsets

This balances anonymity with authenticity.

2. GNU Name System (GNS)

Unlike DNS, GNS provides:

  • decentralized name resolution

  • censorship resistance

  • privacy-preserving queries

Names are derived from:

  • zones

  • public keys

  • delegation chains

This system avoids centralized control by ICANN or DNS root authorities.

3. Transport Plugins

GNUnet can run over:

  • TCP

  • UDP

  • HTTP tunnels

  • Bluetooth

  • WLAN

This flexibility allows it to survive censorship conditions where Tor or I2P may fail.

D. Yggdrasil — DHT-Based Global IPv6 Mesh

Yggdrasil is not a classical anonymity network — it is a cryptographically secure global mesh networking overlay that automatically assigns IPv6 addresses.

1. Public-Key-Based Addressing

Each node’s IPv6 address is derived from:

  • its cryptographic key

  • routing tree position

This ensures:

  • end-to-end encryption

  • secure cryptographic identity

2. Distributed Hash Table Routing

Nodes connect through a spanning-tree-based DHT.

Properties

  • efficient global pathfinding

  • dynamic rebalancing

  • robust connectivity

3. Purpose

Yggdrasil focuses on:

  • encrypted connectivity

  • decentralized internet infrastructure

  • mesh-based peer routing

It offers privacy, but not the anonymity guarantees of Tor or Nym.

E. Nym Mixnet — Layered Privacy & Metadata Resistance

Nym modernizes Chaumian mix networks for the contemporary internet age.

1. Mix Nodes Perform Batch-and-Shuffle

Each node:

  • collects packets

  • adds timing delays

  • shuffles order

  • forwards output

This destroys metadata such as:

  • timing

  • packet size

  • order

Mixnets are designed to resist global passive adversaries, something onion routing struggles with.

2. Sphinx Packet Format

Sphinx provides:

  • compact onion-style wrapping

  • replay protection

  • unlinkable routing

  • reduced overhead

Originally a theoretical design, now used in production (Nym, Loopix).

3. Layered Architecture

Nym architecture includes:

  • Gateway Layer — mixes ingress traffic

  • Mixnet Layer — multi-hop mixing for anonymity

  • Credential Layer — privacy-preserving authentication (ZK proofs)

  • Blockchain Layer — decentralized incentive system

It offers some of the strongest metadata protection available today.

 

docs