An overview of Nym network actors

---

There are four types of nodes that operate the Nym infrastructure: mixnodes, validators, gateways and service providers¹.
 
Externally, the Nym network interfaces with third-party service providers that can offer enhanced privacy to end users by making their services accessible via the Nym network. As a system, Nym is not envisioned to interface overtly with end users. Instead, Nym is a privacy infrastructure that operates at a deeper level of internet traffic. Services providers and applications can extend privacy to their end-users by building and operating via the Mixnet and credentials.

The larger and more diverse this user base, the better the anonymity provided to all users, and the more cost-effective the network becomes. But in order to start building this user base, node operators must populate the Nym network with nodes! Read on to start to find out what kinds of nodes make up the Nym network and which node you might want to be.

Mixnodes

Mixnodes are the backbone of Nym, and are organised in a three-layer network referred to as the mixnet. They anonymously relay identically-formatted encrypted data packets — called Sphinx packets — between themselves, before forwarding these packets on to the final recipient of the original message. After receiving Sphinx packets from either a gateway or another mixnode, they reorder these packets before sending them out and add a variable time delay between each send, making it harder to perform time-based correlation attacks and deanonymize any network users through network traffic analysis.

Mixnodes also maintain a steady amount of network traffic by sending Sphinx packets to other mixnodes that have no ‘real’ recipient, making it seem as if there are in fact a constant stream of user messages traveling through the Mixnet. This is known as cover traffic, and allows legitimate data packets to be ‘hidden in the crowd’ even when there are relatively few people actually using the mixnet².

Mixnodes are rewarded in NYM tokens for mixing packets according to quality of service (QoS) measurements taken by the validators³. This measurement involves testing Sphinx packets, which are routed through the various ports mixnet is assumed to have open. If these test packets pass through the mixnode to their destination, and the mixnode is responsive every time these measurements are taken (about once every 15 minutes), the mixnode will be seen as having a high QoS and be rewarded accordingly⁴.

Gateways

Gateways are quite literally the entrance to the mixnet that all user data must pass through before being forwarded to mixnodes.

Their primary purpose is to verify that users have paid NYMs to send bandwidth through the network, represented by bandwidth credentials produced by the validators (see below). Users top up their chosen gateway with bandwidth credentials, which are then reduced as they send bandwidth through the mixnet. These can then be periodically redeemed by gateways for NYM, as payment for their service.

Gateways also cache messages, acting as a mailbox for users that are offline. Users are free to select a single gateway to always use, or to split traffic across several gateways, run their own gateways, or any combination of these three.

Much like mixnodes, gateways will be rewarded according to the QoS that they provide.

Validators

Validators maintain the Nym Cosmos blockchain, which functions as a secure, public channel for broadcasting and recording network-wide information such as:

• public information and keys of nodes in the network topology (the list of nodes who have provided stake as a bond to join the network),
• network configuration parameters such as the currency and name of the blockchain,
• CosmWasm smart contracts,
• and a record of any transactions involving NYM or any form of credential being transferred or generated.

As well as maintaining and producing this decentralised source of truth for the network, validators collectively produce two different types of credentials for users: bandwidth credentials are created when a user sends NYM to the Nympool — the shared pool of tokens from which rewards are distributed — and act as a proof of deposit for gateways. And service credentials are specific to the service that they grant access to, and act as proof of a users’ right to access said service. Whilst these can include proof of deposit (like bandwidth credentials), they can also include zero-knowledge proofs of any verifiable information, such as a users’ being over 18, ability to legally drive, or vaccination status.

Service Providers

Service Providers are the final part of the Nym infrastructure, facilitating the application layer of the Nym network stack. Any applications built with Nym in mind will utilize a Service Provider of some sort (i.e. they will run a piece Service Provider binary code), and they can be built by anyone. There is only one pre-built Service Provider binary currently available in the Nym codebase — the Network Requester. This is a program that accepts a request for information located outside the network (e.g. checking a mail server) from a Nym user (or another service) via the mixnet. The requester makes this request, and then forwards any response from the external server (e.g. the new emails you have) to the user via the mixnet. Importantly, the Network Requester is not an open proxy as it has a domain whitelist, meaning it will only communicate with domains on this list. As such, you don’t have to worry about what it is being used for, which is a common problem with running an open proxy.

Service Providers earn service credentials by facilitating information both flowing out of the mixnet in an anonymised fashion (such as requests to a mail server), and information being utilized in some manner within the Nym network (such as being stored in a private cloud backup) where it is shielded from the rest of the web. These service credentials will be able to be periodically redeemed for NYM, incentivizing maintainers to run a plurality of services.

—

The Nym network is made up of these numerous actors, serving very different functions and operating together in order to make this global decentralised privacy system work. Gateways and Mixnodes make up the entrance to and backbone of the mixnet, Validators act as both its source of truth and for making credentials, and finally Service Providers are the applications (or interfaces to applications) built atop it. Each actor has specific incentives, performs specific functions and has specific powers and responsibilities. We will delve into these in more depth in blog posts to follow. In the mean time, if you want to look into the technical details of setting up any of these nodes, check out our documentation.

—

[1]: Whilst service providers are technically Nym clients that communicate with additional code to perform some function for users, it is most helpful to think of them as a separate type of node within the Nym network.

[2]: As the Nym whitepaper says: anonymity loves company!

[3]: More specifically, the validator API, more to come on this soon.

[4]: Check out the Milhon Testnet Network Explorer’s mixnode statistics for more on this.