BlockSphinxPlaintext
The payload structure that is encapsulated by the Sphinx body.

classes of traffic
We distinguish the following classes of traffic:

client
Software run by a user on their local device to participate in the mixnet. A client is not considered a node in the network for purposes of analysis of the core mnixnet protocols.

directory authority system
Refers to PKI schemes used by Mixminion and Tor.

entry mix, entry node
A mix node that has some additional features:

epoch
A fixed-time interval with a current default value of 20 minutes. A new PKI document containing public key material is published for each epoch and is valid only for that epoch. For more information, see Sphinx mix and provider key rotation.

family
Identifier of security domains or entities operating one or more mix nodes in the network. This is used to inform the path selection algorithm.

gateway
A mix node on the edge of the mixnet that is the first hop for messages coming from clients. The gateway authenticates client connections and queues reply messages (SURBs) for retrieval.

group
A finite set of elements and a binary operation that satisfy the properties of closure, associativity, invertability, and the presence of an identity element.

group element
An individual element of a group.

group generator
A group element capable of generating any other element of a group, via repeated applications of the generator and the group operation.

header
The packet header consisting of several components which convey the information necessary to verify packet integrity and to correctly process the packet.

KiB
Defined as 1024 8 bit octets.

layer
The layer value indicates which network topology layer a particular mix node resides in.

message
A variable-length sequence of octets sent anonymously through the network. Short messages are sent in a single packet; long messages are fragmented across multiple packets.

mix descriptor
A database record that describes a mixnet server component.

mix node
A cryptographic router that is used to compose a mixnet. Mix nodes use a cryptographic operation on messages being routed which provides bitwise unlinkability with respect to input versus output messages. Katzenpost is a decryption mixnet that uses the Sphinx cryptographic packet format.

mixnet
A mixnet, or mix network, is a network of mix servers that can be used to build various privacy-preserving protocols.

MSL
Maximum segment lifetime, currently set to 120 seconds.

nickname
A component nickname string that must be unique in the consensus document.

node
Clients are NOT considered nodes in the mix network. However, network protocols are often layered. In our design documents, we describe “mixnet hidden services” that can be operated by mixnet clients. Therefore if you are using the term “node” in some adherence to mathematical terminology, one could conceivably designate a client as a node. However, in discussion of our core mixnet protocol, it is inappropriate to refer to clients as nodes.

packet
A Sphinx packet, of fixed length for each class of traffic, carrying a message payload and metadata for routing. Packets are routed anonymously through the mixnet and cryptographically transformed at each hop.

payload
The fixed-length portion of a packet containing an encrypted message or part of a message, to be delivered anonymously.

PKI
Public key infrastructure.

SEDA
Staged Event Driven Architecture. 1. A highly parallelizable computation model. 2. A computational pipeline composed of multiple stages connected by queues utilizing active queue-management algorithms that can evict items from a queue based on dwell time or other criteria where each stage is a thread pool. 3. The only correct way to efficiently implement a software based router on general purpose computing hardware.

service node
A service node is a mix node with additional features:

SURB
Single use reply block. SURBs are used to achieve recipient anonymity, that is to say, SURBs function as a cryptographic delivery token that you can give to another client entity so that they can send you a message without them knowing your identity or location on the network. See SPHINXSPEC and SPHINX.

user
An agent using the Katzenpost system.

wire protocol
Refers to our PQ Noise-based protocol that currently uses TCP but in the near future will optionally use QUIC. This protocol has messages known as wire protocol commands, which are used for various mixnet functions such as sending or retrieving a message and dirauth voting. For more information, see our wire protocol specification.