spartacus attack mitigation plugin for kad

Kad Spartacus

Spartacus attack mitigation extension for Kad.


Install with NPM.

npm install kad kad-spartacus --save

Integrate with your Kad project.

const kad = require('kad');
const spartacus = require('kad-spartacus');
const secret = spartacus.createPrivateKey();
const node = kad({ /* options */ });


The plugin will replace the identityof your KademliaNodewith the hash of your public ECDSA key and wrap the message (de)serializer to sign outgoing messages and verify incoming messages.


A Sybil variation is the Spartacus attack, where an attacker joins the network claiming to have the same identity as another member. As specified, Kademlia has no defense. In particular, a long-lived node can always steal a short-lived node's identity.

A well-known defense is to require nodes to get their assigned identity from a central server which is responsible for making sure that the distribution of identities are even. A weaker solution is the requirement that identities be derived from the node's network address or similar.

Kad Spartacus takes a different approach to these problems. By introducing cryptographic identities using ECDSA, nodes are required to prove that they own their identity by signing messages with their private EC key and including their public key in the message. The identity is derived from the public key, therefore any node's claimed identity can be verified by checking it against the included public key and verifying the signature.

Since the each node's identity is the RIPEMD160 hash of the SHA256 hash of the ECDSA public key, we can ensure that nodes are not capable of claiming a identity that does not belong to them. This is almost identical to how a bitcoin address is created. In fact, the identity can be converted into a bitcoin address by simply adding the network prefix and checksum, then encoding as base58.


Kad Spartacus - Spartacus attack mitigation for Kad Copyright (C) 2017 Gordon Hall

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see http://www.gnu.org/licenses/.







  • pikaday

    A refreshing JavaScript Datepicker — lightweight, no dependencies, modular CSS Pikaday ======== NP...

    2 年前
  • pickadate.js

    pickadate.js是什么 什么是pickadate.js,The mobilefriendly, responsive, and lightweight jQuery date & ...

    2 年前
  • pickadate

    The composable date & time picker. pickadate.js The composable date & time picker 🕰 (ht...

    1 个月前
  • kad-traverse

    nat traversal extension for kad Kad Traverse ============ Build Status(https://img.shields.io/trav...

    9 天前
  • kad-quasar

    publishsubscribe system for kad Kad Quasar ========== Build Status(https://img.shields.io/travis/k...

    9 天前
  • kad-logger-json

    newline separated json logger as a readable stream for kad Kad JSON Logger =============== Build S...

    9 天前
  • kad

    extensible implementation of the kademlia dht Kad(https://nodei.co/npm/kad.png?downloads=true) ====...

    9 天前
  • fuckadblock

    Detects ad blockers (AdBlock, ...) FuckAdBlock (v3.2.1) =========== You can detect nasty ad blo...

    2 年前
  • blockadblock

    Detects ad blockers (AdBlock, ...) BlockAdBlock (v3.2.1) =========== (FuckAdBlock(https://githu...

    2 年前
  • @types/pikaday

    TypeScript definitions for pikaday Installation Summary This package contains type definit...

    5 个月前


扫码加入 JavaScript 社区