About
Get NymVPN

Nym gateways: Gateways to privacy

Why you might want to run a Nym gateway

Author: Nym
7 mins read
0XIlWnHyiDWfjKmQJ

Why you might want to run a Nym gateway

The Nym mixnet is up and running, the reward system has been launched and now, to facilitate usage of the Nym privacy system, the mixnet needs gateways!

Gateways are entry points to the Nym mixnet. Without them, the mixnet is simply not accessible. And if there are too few of them, the system becomes vulnerable to DDoS attacks. Jump straight to the docs to learn how to run one.

In this blog post we will cover:

  • What gateways do in the overall Nym architecture
  • How you can get creative when running a gateway and provide additional privacy features
  • Incentives and grants to spin up your gateway

What do gateways do?

Gateways are the interface between users and the mixnet. They check that an application or user has the credentials to use the mixnet, they send traffic through the mixnet, and they receive and store traffic at the other end in case a receiving user is offline.

Gateways can also offer extra privacy features as a way to attract users. (More on that below…)

Checking credentials

Gateways are responsible for checking that a user has credentials to use the mixnet. For the next few months, the mixnet will be free to use and integrate as we fine-tune and optimise the network performance. This means gateways will initially not be charging user fees to allow time for integration and optimisation. Meanwhile, gateways will be supported through a Service Grants scheme announced later this week— join our Gateways Discord chan or sign up here to keep up to date!

Once usage fees are switched on, gateways will begin to receive a part of the fee after checking that the user (or the app they are using) purchased the required bandwidth credentials with their NYM tokens. Bandwidth credentials are a form of anonymous credentials using the decentralised Coconut signature scheme that prove payment of mixnet fees in a private manner. The gateway queries the blockchain to verify that the credentials have not already been ‘spent’ before forwarding traffic through to the mixnet.

Sending and receiving messages

A user can send messages through the Nym mixnet via the gateway. Currently there is no limit to usage, but once user fees are turned on, users will have purchased a data allowance represented by their bandwidth credential.

The Nym client on a user’s device encodes data into Sphinx packets with multiple layers of encryption and sends them over a secure channel (end-to-end encrypted) to the gateway that then forwards them on to the mixnet. At the other end, when a gateway receives packets from the mixnet, it removes the last layer of the Sphinx encryption, sending the message to its final destination. (This does not mean the gateway gets to see any plaintext though, as the content is still end-to-end encrypted by the original sender and is only decrypted by the receiving client.)

If a receiving user is offline when a message arrives, the gateway will store messages for later retrieval. When the user connects, all messages will be delivered. So it’s important that gateways be online consistently and not running on a mobile phone or a laptop.

The default gateway implementation included in the Nym platform code holds packets for later retrieval. For many applications (such as simple chat or file sharing), this means it is usable out of the box, as it provides a place that potentially offline clients can retrieve packets from.

In order to register a gateway, you will need to put up a registration deposit (a locked amount of NYM, which will be unlocked when you unregister the gateway) and publish in the blockchain a descriptor with keys and address, to be reachable for users. The registration deposit is required to discourage spurious registrations of gateways and prevent sybil attacks.

Running a personal gateway

Gateways serve an important function, making the mixnet publicly available, and are listed in the Nym explorer. If you are a more technically savvy user, you might want to run your own personal gateway, rather than relying on someone else’s. Running a personal gateway prevents you from having to trust a third-party gateway.

The downside, however, is that with just your own traffic flowing through your gateway, you don’t benefit from blending the bulk volume of your traffic with other gateway clients, potentially exposing your overall level of usage and your online/offline periods — anonymity loves company, after all.

Running a gateway for yourself AND for others affords by far the best privacy protection for everyone. Not only will your traffic be aggregated with others, but you will also be able to earn fees from providing this service when usage fees are turned on.

Broader use-cases / how you can add features

Gateways do not only act as an entry-point to the mixnet. They are also a user-facing service. To attract more users (and thereby more user fees in the future) you might want to offer additional privacy features. These features could include all manner of additional benefit to users, for example:

Censorship circumvention Making Nym available to people in parts of the world where Nym might be blocked. Multiple pluggable transport solutions have been proposed in the last years to circumvent censored access to Tor, which can be adapted to Nym. In the Nym infrastructure, gateways are the entities in a position to deploy censorship circumvention solutions and make Nym accessible to users in all regions. Gateways may also run different protocols to connect to the user machine, from Wireguard to various Shadowsocks variants.

Disguise Such censorship circumvention could include disguising traffic as a WhatsApp call, for example.

Anonymous mailbox services gateways can provide email services at an additional cost.

Nyms — establish a temporary nym with the gateway. The user and the gateway establish a shared secret and a nym (i.e., a temporary pseudonym). The data exchanged between the user and the gateway is encrypted with the shared secret, and the nym is used by the gateway as a temporary mailbox address where it can receive downstream data that is cached by the gateway. The cypherpunks called this a “nym server” in the early days of mixnets and anonymous re-mailers.

In fact, the more diverse the gateways, the better for everyone! Get creative. :)

Incentives and grants for gateways

The mixnet is currently free to use because over the first months we will be optimising the system, supporting app integrations and focusing on developer onboarding. This means there will be no user fees as income for gateways for the first months.

Instead, we are offering Service Grants for people wishing to run gateways along with service providers. These grants are specifically aimed at gateways and service providers that are needed at this stage of development.

The details of these grants will be announced later this week. Join the Discord gateway channel or sign up here.

Run a Nym gateway

Privacy loves company

Discord // Telegram // Element // Twitter

The internet is global and so is Nym: join the Nym Community wherever you are and help build the private internet today.

English // 中文 // Русский // Türkçe // Tiếng Việt // 日本 // Française // Español // Português // 한국인

Share

Table of Contents

VPN-screen.svg

INTRODUCING NYMVPN

Advanced privacy built for the age of AI

TRY FREE FOR 30 DAYS
Artboard 1.svg