R 5 N : Randomized Recursive Routing for Restricted-Route Networks Nathan S. Evans Technische Universität München Munich, Germany Email: evans@net.in.tum.de Christian Grothoff Technische Universität München Munich, Germany Email: grothoff@net.in.tum.de Abstract—This paper describes a new secure DHT routing algorithm for open, decentralized P2P networks operating in a restricted-route environment with malicious participants. We have implemented our routing algorithm and have evaluated its performance under various topologies and in the presence of malicious peers. For small-world topologies, our algorithm provides significantly better performance when compared to existing methods. I. I NTRODUCTION Distributed Hash Tables (DHTs) [13], [11] are a key data structure for the construction of completely decentralized ap- plications. DHTs are important because they generally provide a robust and efficient means to distribute the storage and retrieval of key-value pairs. In recent years, DHT designs have become increasingly efficient and robust under churn [9], [12], [14], [18] and Sybil attacks [10], [16], [19]. Other research has addressed implementation concerns, such as optimizing network perfor- mance. In practice, modern DHTs restrict participation to so- called super-nodes, excluding peers with limited connectivity from direct participation. The primary reason for this is that virtually all previous DHT routing algorithms (with the notable exception of Freenet [15]) are based on the fundamental assumption of universal connectivity between all participating nodes (or rely on unstable NAT traversal). This assumption means that modern DHTs cannot function properly in networks with limited connectivity (mobile, ad- hoc wireless, sensor, friend-to-friend, etc.). Following [15], we refer to these networks where peers are not free to directly connect to arbitrary other peers (and therefore route in the DHT) as restricted-route networks. We need to distinguish be- tween the network topology created by a peer-to-peer overlay and the underlying network infrastructure, so we use the term restricted-route underlay topology to describe the resultant restrictions imposed on the overlay routing algorithm. This paper introduces a new randomized DHT routing algorithm, R 5 N , which enables our DHT to operate effectively over restricted-route networks and also increases security and resilience to various attacks compared to existing algorithms. R 5 N only assumes that the topology is connected and, in particular, does not require or use a coordinate system for organizing peers. A primary goal of R 5 N is providing an open network where users can join or leave at any time without approval by a certificate authority or other trusted entity. The R 5 N design itself is relatively simple, essentially combining a random walk with recursive Kademlia-style [11] routing. Our design also includes topology augmentation using a combination of distance-vector and onion-routing, a novel replication strategy and an API to verify content integrity. Using distributed emulation, we demonstrate that this new algorithm has performance comparable to Kademlia if the un- derlay is unrestricted, and outperforms Kademlia and random walks for various restricted-route topologies. We also show that our algorithm has advantages in terms of availability and fault-tolerance, especially in the presence of malicious participants. Compared to Kademlia, we generally see a larger number of replicas and higher success rates for data retrieval. Our algorithm has been implemented and released as free software; the release includes the measurement tools and topology generators used for the experiments presented in this paper. II. RELATED WORK A DHT imposes structure upon the network underlay by connecting peers to a certain subset of all nodes in the network. The size and method of construction of the routing table is one of the key design choices that distinguish DHTs. For example, Kademlia [11] has routing tables of size O(log n) and can route requests to the proper destination with O(log n) steps. Another key design choice for a DHT is the routing or lookup behavior, which is categorized either as iterative or recursive [6]. In iterative routing, the initiator directly connects to each hop and retrieves information about the next hop until the initiator has a direct connection to the final destination. As a result, the initiator of a request has full control over which node(s) the request is forwarded to at each step — and can possibly tackle problems (such as node failures or malicious participants) during the propagation (for example, by choosing alternative paths). With recursive routing, the request is forwarded through the network from the first hop onwards according to the routing algorithm and the initiator is only involved again as the final destination of the response, if there is any. A key benefit of recursive routing is that the initiator does not have to be able