DHT Double Hashing Updates & Migration Plan

About this talk

Yiannis Psaras and Guillaume Michel present the migration plan for the IPFS DHT reader privacy upgrade, formerly known as double hashing and specified in IPIP-373. The scheme combines a CID-agnostic DHT lookup using a salted second hash, prefix-based requests that return multiple provider records to give k-anonymity, and provider record encryption keyed on the CID itself, so intermediate DHT servers can no longer link requesters to the content they fetch. Because this is a breaking protocol change, the talk focuses on coordinating a synchronized switch using a hard-coded IPNS key in a Kubo release that nodes poll periodically, with bootstrappers, content providers, DHT clients, and DHT servers each following defined behaviors during a transition period in which both old and new DHTs run side by side. The presenters discuss timeline targets through Q2 and Q3 of 2023, the role of IPNI and cid.contact as a fallback that may simplify the dual-stack period, and threat model limitations: the upgrade defeats passive traffic sniffing and bulk surveillance but does not hide lookups when the CID is already publicly known.