FREENET- A Distributed and Anonymous Information Storage and Retrieval System

Networked computer systems are rapidly growing in importance as the medium of choice for the storage and exchange of information. However, current systems afford little privacy to their users, and typically store any given data item in only one or a few fixed places, creating a central point of failure. Because of a continued desire among individuals to protect the privacy of their authorship or readership of various types of sensitive information, and the undesirability of central points of failure which can be attacked by opponents wishing to remove data from the system or simply overloaded by too much interest, systems offering greater security and reliability are needed.

Freenet is being developed as a distributed information storage and retrieval system designed to address these concerns of privacy and availability. The system operates as a location-independent distributed file system across many individual computers that allow files to be inserted, stored, and requested anonymously. There are five main design goals:

" Anonymity for both producers and consumers of information
" Deniability for storers of information
" Resistance to attempts by third parties to deny access to information
" Efficient dynamic storage and routing of information
" Decentralization of all network functions

The system is designed to respond adaptively to usage patterns, transparently moving, replicating, and deleting files as necessary to provide efficient service without resorting to broadcast searches or centralized location indexes. It is not intended to guarantee permanent file storage, although it is hoped that a sufficient number of nodes will join with enough storage capacity that most files will be able to remain indefinitely. In addition, the system operates at the application layer and assumes the existence of a secure transport layer, although it is transport-independent. It does not seek to provide anonymity for general network usage, only for Freenet file transactions.

Freenet is currently being developed as a free software project on, and a preliminary implementation can be downloaded from It grew out of work originally done by the first author at the University of Edinburgh
We describe Freenet, an adaptive peer-to-peer network ap¬plication that permits the publication, replication, and retrieval of data while protecting the anonymity of both authors and readers. Freenet op¬erates as a network of identical nodes that collectively pool their storage space to store data files and cooperate to route requests to the most likely physical location of data. No broadcast search or centralized loca¬tion index is employed. Files are referred to in a location-independent manner, and are dynamically replicated in locations near requestors and deleted from locations where there is no interest. It is infeasible to dis¬cover the true origin or destination of a file passing through the network, and difficult for a node operator to determine or be held responsible for the actual physical contents of her own node.

Presented By:
Ian Clarke1, Oskar Sandberg2, Brandon Wiley3, and Theodore W. Hong4
1 Uprizer, Inc., 1007 Montana Avenue #323, Santa Monica, CA 90403, USA
2 Department of Numerical Analysis and Computer Science, Royal Institute of Technology, SE-100 44 Stockholm, Sweden
3 College of Communication, University of Texas at Austin, Austin, TX 78712, USA
4 Department of Computing, Imperial College of Science, Technology and Medicine,
180 Queen's Gate, London SW7 2BZ, United Kingdom

read original article from

1 Introduction
Networked computer systems are rapidly growing in importance as the medium of choice for the storage and exchange of information. However, current systems afford little privacy to their users, and typically store any given data item in only one or a few fixed places, creating a central point of failure. Because of a continued desire among individuals to protect the privacy of their authorship or readership of various types of sensitive information[28], and the undesirability of central points of failure which can be attacked by opponents wishing to re¬move data from the systemfll, 27] or simply overloaded by too much interest[1], systems offering greater security and reliability are needed.
We are developing Freenet, a distributed information storage and retrieval system designed to address these concerns of privacy and availability. The system operates as a location-independent distributed file system across many individual computers that allows files to be inserted, stored, and requested anonymously. There are five main design goals:
- Anonymity for both producers and consumers of information
- Deniability for storers of information
- Resistance to attempts by third parties to deny access to information
- Efficient dynamic storage and routing of information
- Decentralization of all network functions
The system is designed to respond adaptively to usage patterns, transparently moving, replicating, and deleting files as necessary to provide efficient service without resorting to broadcast searches or centralized location indexes. It is not intended to guarantee permanent file storage, although it is hoped that a sufficient number of nodes will join with enough storage capacity that most files will be able to remain indefinitely. In addition, the system operates at the application layer and assumes the existence of a secure transport layer, although it is transport-independent. It does not seek to provide anonymity for general network usage, only for Freenet file transactions.
Freenet is currently being developed as a free software project on Sourceforge, and a preliminary implementation can be downloaded from http://free-netproject . It grew out of work originally done by the first author at the University of Edinburgh[12].

2 Related work

Several strands of related work in this area can be distinguished. Anonymous point-to-point channels based on Chaum's mix-net scheme[8] have been imple¬mented for email by the Mixmaster remailer[13] and for general TCP/IP traffic by onion routing[19] and Freedom[32]. Such channels are not in themselves easily suited to one-to-many publication, however, and are best viewed as a comple¬ment to Freenet since they do not provide file access and storage.
Anonymity for consumers of information in the web context is provided by browser proxy services such as the Anonymizer[6], although they provide no pro¬tection for producers of information and do not protect consumers against logs kept by the services themselves. Private information retrieval schemes[10] pro¬vide much stronger guarantees for information consumers, but only to the extent of hiding which piece of information was retrieved from a particular server. In many cases, the fact of contacting a particular server in itself can reveal much about the information retrieved, which can only be counteracted by having ev¬ery server hold all information (naturally this scales poorly). The closest work to our own is Reiter and Rubin's Crowds system[25], which uses a similar method of proxying requests for consumers, although Crowds does not itself store in¬formation and does not protect information producers. Berthold et al. propose Web MIXes[7], a stronger system that uses message padding and reordering and dummy messages to increase security, but again does not protect information producers.
The Rewebber[26] provides a measure of anonymity for producers of web in¬formation by means of an encrypted URL service that is essentially the inverse of an anonymizing browser proxy, but has the same difficulty of providing no protection against the operator of the service itself. TAZ[18] extends this idea by using chains of nested encrypted URLs that successively point to different rewebber servers to be contacted, although this is vulnerable to traffic analysis using replay. Both rely on a single server as the ultimate source of informa¬tion. Publius[30] enhances availability by distributing files as redundant shares among n webservers, only k of which are needed to reconstruct a file; however, since the identity of the servers themselves is not anonymized, an attacker might remove information by forcing the closure of n-k+1 servers. The Eternity pro¬posal^] seeks to archive information permanently and anonymously, although it lacks specifics on how to efficiently locate stored files, making it more akin to an anonymous backup service. Free Haven[14] is an interesting anonymous pub¬lication system that uses a trust network and file trading mechanism to provide greater server accountability while maintaining anonymity.[l5] demonstrated the concept of pooling computer re¬sources among multiple users on a large scale for CPU cycles; other systems which do the same for disk space are Napster[24] and Gnutella[17], although the former relies on a central server to locate files and the latter employs an inefficient broadcast search. Neither one replicates files. Intermemory[9] and India[16] are cooperative distributed fileserver systems intended for long-term archival storage along the lines of Eternity, in which files are split into redundant shares and dis¬tributed among many participants. Akamai[2] provides a service that replicates files at locations near information consumers, but is not suitable for producers who are individuals (as opposed to corporations). None of these systems attempt to provide anonymity.

3 Architecture

Freenet is implemented as an adaptive peer-to-peer network of nodes that query one another to store and retrieve data files, which are named by location-independent keys. Each node maintains its own local datastore which it makes available to the network for reading and writing, as well as a dynamic routing table containing addresses of other nodes and the keys that they are thought to hold. It is intended that most users of the system will run nodes, both to provide security guarantees against inadvertently using a hostile foreign node and to increase the storage capacity available to the network as a whole.
The system can be regarded as a cooperative distributed filesystem incorpo¬rating location independence and transparent lazy replication. Just as systems such as[15] enable ordinary users to share unused CPU cycles on their machines, Freenet enables users to share unused disk space. However, where uses those CPU cycles for its own purposes, Freenet is directly useful to users themselves, acting as an extension to their own hard drives.
The basic model is that requests for keys are passed along from node to node through a chain of proxy requests in which each node makes a local decision about where to send the request next, in the style of IP (Internet Protocol) rout¬ing. Depending on the key requested, routes will vary. The routing algorithms for storing and retrieving data described in the following sections are designed to adaptively adjust routes over time to provide efficient performance while us¬ing only local, rather than global, knowledge. This is necessary since nodes only have knowledge of their immediate upstream and downstream neighbors in the proxy chain, to maintain privacy.
Each request is given a hops-to-live limit, analogous to IP's time-to-live, which is decremented at each node to prevent infinite chains. Each request is also assigned a pseudo-unique random identifier, so that nodes can prevent loops by rejecting requests they have seen before. When this happens, the immediately-preceding node simply chooses a different node to forward to. This process con¬tinues until the request is either satisfied or exceeds its hops-to-live limit. Then the success or failure result is passed back up the chain to the sending node.
No node is privileged over any other node, so no hierarchy or central point of failure exists. Joining the network is simply a matter of first discovering the address of one or more existing nodes through out-of-band means, then starting to send messages.

3.1 Keys and searching
Files in Freenet are identified by binary file keys obtained by applying a hash function. Currently we use the 160-bit SHA-1[4] function as our hash. Three different types of file keys are used, which vary in purpose and in the specifics of how they are constructed.
The simplest type of file key is the keyword-signed key (KSK), which is derived from a short descriptive text string chosen by the user when storing a file in the network. For example, a user inserting a treatise on warfare might assign it the description, text/philosophy/sun-tzu/axt-of-war. This string is used as input to deterministically generate a public/private key pair. The public half is then hashed to yield the file key.
The private half of the asymmetric key pair is used to sign the file, providing a minimal integrity check that a retrieved file matches its file key. Note however that an attacker can use a dictionary attack against this signature by compiling a list of descriptive strings. The file is also encrypted using the descriptive string itself key, for reasons to be explained in section 3.4.
To allow others to retrieve the file, the user need only publish the descriptive string. This makes keyword-signed keys easy to remember and communicate to others. However, they form a flat global namespace, which is problematic. Noth¬ing prevents two users from independently choosing the same descriptive string for different files, for example, or from engaging in "key-squatting"”inserting junk files under popular descriptions.
These problems are addressed by the signed-sub space key (SSK), which en¬ables personal namespaces. A user creates a namespace by randomly generating a public/private key pair which will serve to identify her namespace. To insert a file, she chooses a short descriptive text string as before. The public namespace key and the descriptive string are hashed independently, XOR'ed together, and then hashed again to yield the file key.
As with the keyword-signed key, the private half of the asymmetric key pair is used to sign the file. This signature, generated from a random key pair, is more secure than the signatures used for keyword-signed keys. The file is also encrypted by the descriptive string as before.
To allow others to retrieve the file, the user publishes the descriptive string together with her subspace's public key. Storing data requires the private key, however, so only the owner of a subspace can add files to it.
The owner now has the ability to manage her own namespace. For example, she could simulate a hierarchical structure by creating directory-like files contain¬ing hypertext pointers to other files. A directory under the key text/philosophy could contain a list of keys such as text/philosophy/sun-tzu/art-of-war, text/philosophy/confucius/analects,and text/philosophy/nozick/anar-chy-state-utopia, using appropriate syntax interpretable by a client. Directo¬ries can also recursively point to other directories.
The third type of key is the content-hash key (CHK), which is useful for implementing updating and splitting. A content-hash key is simply derived by directly hashing the contents of the corresponding file. This gives every file a pseudo-unique file key. Files are also encrypted by a randomly-generated en¬cryption key. To allow others to retrieve the file, the user publishes the content-hash key itself together with the decryption key. Note that the decryption key is never stored with the file but is only published with the file key, for reasons to be explained in section 3.4.
Content-hash keys are most useful in conjunction with signed-subspace keys using an indirection mechanism. To store an updatable file, a user first inserts it under its content-hash key. She then inserts an indirect file under a signed-subspace key whose contents are the content-hash key. This enables others to retrieve the file in two steps, given the signed-subspace key.
To update a file, the owner first inserts a new version under its content-hash key, which should be different from the old version's content hash. She then inserts a new indirect file under the original signed-subspace key pointing to the updated version. When the insert reaches a node which possesses the old version, a key collision will occur. The node will check the signature on the new version, verify that it is both valid and more recent, and replace the old version. Thus the signed-subspace key will lead to the most recent version of the file, while old versions can continue to be accessed directly by content-hash key if desired. (If not requested, however, these old versions will eventually be removed from the network”see section 3.4.) This mechanism can be used to manage directories as well as regular files.
Content-hash keys can also be used for splitting files into multiple parts. For large files, splitting can be desirable because of storage and bandwidth limita¬tions. Splitting even medium-sized files into standard-sized parts (e.g. 2„¢ kilo¬bytes) also has advantages in combating traffic analysis. This is easily accom¬plished by inserting each part separately under a content-hash key, and creating an indirect file (or multiple levels of indirect files) to point to the individual parts.
All of this still leaves the problem of finding keys in the first place. The most straightforward way to add a search capability to Freenet is to run a hypertext spider such as those used to search the web. While an attractive solution in many ways, this conflicts with the design goal of avoiding centralization. A possible alternative is to create a special class of lightweight indirect files. When a real file is inserted, the author could also insert a number of indirect files each containing a pointer to the real file, named according to search keywords chosen by her. These indirect files would differ from normal files in that multiple files with the same key (i.e. search keyword) would be permitted to exist, and requests for such keys would keep going until a specified number of results were accumulated instead of stopping at the first file found. Managing the likely large volume of such indirect files is an open problem.
An alternative mechanism is to encourage individuals to create their own compilations of favorite keys and publicize the keys of these compilations. This is an approach also in common use on the world-wide web.

3.2 Retrieving data
To retrieve a file, a user must first obtain or calculate its binary file key. She then sends a request message to her own node specifying that key and a hops-to-live value. When a node receives a request, it first checks its own store for the data and returns it if found, together with a note saying it was the source of the data. If not found, it looks up the nearest key in its routing table to the key requested and forwards the request to the corresponding node. If that request is ultimately successful and returns with the data, the node will pass the data back to the upstream requestor, cache the file in its own datastore, and create a new entry in its routing table associating the actual data source with the requested key. A subsequent request for the same key will be immediately satisfied from the local cache; a request for a "similar" key (determined by lexicographic distance) will be forwarded to the previously successful data source. Because maintaining a table of data sources is a potential security concern, any node along the way can unilaterally decide to change the reply message to claim itself or another arbitrarily-chosen node as the data source.
If a node cannot forward a request to its preferred downstream node because the target is down or a loop would be created, the node having the second-nearest key will be tried, then the third-nearest, and so on. If a node runs out of candidates to try, it reports failure back to its upstream neighbor, which will then try its second choice, etc. In this way, a request operates as a steepest-ascent hill-climbing search with backtracking. If the hops-to-live limit is exceeded, a
failure result is propagated back to the original requestor without any further nodes being tried. Nodes may unilaterally curtail excessive hops-to-live values to reduce network load. They may also forget about pending requests after a period of time to keep message memory free.
Figure 1 depicts a typical sequence of request messages. The user initiates a request at node a. Node a forwards the request to node 6, which forwards it to node c. Node c is unable to contact any other nodes and returns a backtrack¬ing "request failed" message to b. Node b then tries its second choice, e, which forwards the request to /. Node / forwards the request to 6, which detects the loop and returns a backtracking failure message. Node / is unable to contact any other nodes and backtracks one step further back to e. Node e forwards the request to its second choice, d, which has the data. The data is returned from d via e and b back to o, which sends it back to the user. The data is also cached on e, b, and a.
This mechanism has a number of effects. Most importantly, we hypothesize that the quality of the routing should improve over time, for two reasons. First, nodes should come to specialize in locating sets of similar keys. If a node is listed in routing tables under a particular key, it will tend to receive mostly requests for keys similar to that key. It is therefore likely to gain more "experience" in answering those queries and become better informed in its routing tables about which other nodes carry those keys. Second, nodes should become similarly spe¬cialized in storing clusters of files having similar keys. Because forwarding a request successfully will result in the node itself gaining a copy of the requested file, and most requests will be for similar keys, the node will mostly acquire files with similar keys. Taken together, these two effects should improve the efficiency of future requests in a self-reinforcing cycle, as nodes build up routing tables and datastores focusing on particular sets of keys, which will be precisely those keys that they are asked about.
In addition, the request mechanism will cause popular data to be transpar¬ently replicated by the system and mirrored closer to requestors. For example, if a file that is originally located in London is requested in Berkeley, it will become cached locally and provide faster response to subsequent Berkeley requests. It also becomes copied onto each computer along the way, providing redundancy if the London node fails or is shut down. (Note that "along the way" is determined by key closeness and does not necessarily have geographic relevance.)
Finally, as nodes process requests, they create new routing table entries for previously-unknown nodes that supply files, increasing connectivity. This helps new nodes to discover more of the network (although it does not help the rest of the network to discover them; for that, the announcement mechanism described in section 3.5 is necessary). Note that direct links to data sources are created, bypassing the intermediate nodes used. Thus, nodes that successfully supply data will gain routing table entries and be contacted more often than nodes that do not.
Since keys are derived from hashes, lexicographic closeness of keys does not imply any closeness of the original descriptive strings and presumably, no close¬ness of subject matter of the corresponding files. This lack of semantic closeness is not important, however, as the routing algorithm is based on knowing here keys are located, not where subjects are located. That is, supposing a string such as text/philosophy/sun-tzu/art-of-war yields a file key AH5JK2, requests for this file can be routed more effectively by creating clusters containing AH5JK1, AH5JK2, and AH5JK3, not by creating clusters for works of philosophy. Indeed, the use of hashes is desirable precisely because philosophical works will be scat¬tered across the network, lessening the chances that failure of a single node will make all philosophy unavailable. The same is true for personal subspaces”files belonging to the same subspace will be scattered across different nodes.

3.3 Storing data
Inserts follow a parallel strategy to requests. To insert a file, a user first calculates a binary file key for it, using one of the procedures described in section 3.1. She then sends an insert message to her own node specifying the proposed key and a hops-to-live value (this will determine the number of nodes to store it on). When a node receives an insert proposal, it first checks its own store to see if the key is already taken. If the key is found, the node returns the pre-existing file as if a request had been made for it. The user will thus know that a collision was encountered and can try again using a different key. If the key is not found, the node looks up the nearest key in its routing table to the key proposed and forwards the insert to the corresponding node. If that insert causes a collision and returns with the data, the node will pass the data back to the upstream inserter and again behave as if a request had been made (i.e. cache the file locally and create a routing table entry for the data source).
If the hops-to-live limit is reached without a key collision being detected, an "all clear" result will be propagated back to the original inserter. Note that for inserts, this is a successful result, in contrast to situation for requests. The user then sends the data to insert, which will be propagated along the path established by the initial query and stored in each node along the way. Each node will also create an entry in its routing table associating the inserter (as the data source) with the new key. To avoid the obvious security problem, any node along the way can unilaterally decide to change the insert message to claim itself or another arbitrarily-chosen node as the data source.
If a node cannot forward an insert to its preferred downstream node because the target is down or a loop would be created, the insert backtracks to the second-nearest key, then the third-nearest, and so on in the same way as for requests. If the backtracking returns all the way back to the original inserter, it indicates that fewer nodes than asked for could be contacted. As with requests, nodes may curtail excessive hops-to-live values and/or forget about pending inserts after a period of time.
This mechanism has three effects. First, newly inserted files are selectively placed on nodes already possessing files with similar keys. This reinforces the clustering of keys set up by the request mechanism. Second, new nodes can use inserts as a supplementary means of announcing their existence to the rest of the network. Third, attempts by attackers to supplant existing files by inserting junk files under existing keys are likely to simply spread the real files further, since the originals are propagated on collision. (Note, however, that this is mostly only relevant to keyword-signed keys, as the other types of keys are more strongly verifiable.)

3.4 Managing data
All information storage systems must deal with the problem of finite storage capacity. Individual Freenet node operators can configure the amount of storage to dedicate to their datastores. Node storage is managed as an LRU (Least Recently Used) cache[29] in which data items are kept sorted in decreasing order by time of most recent request (or time of insert, if an item has never been requested). When a new file arrives (from either a new insert or a successful request) which would cause the datastore to exceed the designated size, the least recently used files are evicted in order until there is room. The resulting impact on availability is mitigated by the fact that the routing table entries created when the evicted files first arrived will remain for a time, potentially allowing the node to later get new copies from the original data sources. (Routing table entries are also eventually deleted in a similar fashion as the table fills up, although they will be retained longer since they are smaller.)
Strictly speaking, the datastore is not a cache, since the set of datastores is all the storage that there is. That is, there is no "permanent" copy which is being replicated in a cache. Once all the nodes have decided, collectively speaking, to drop a particular file, it will no longer be available to the network. In this respect, Freenet differs from systems such as Eternity and Free Haven which seek to provide guarantees of file lifetimes.
The expiration mechanism has an advantageous aspect, however, in that it allows outdated documents to fade away naturally after being superseded by newer documents. If an outdated document is still used and considered valuable for historical reasons, it will stay alive precisely as long as it continues to be requested.
For political or legal reasons, it may be desirable for node operators not to explicitly know the contents of their datastores. This is why all stored files are encrypted. The encryption procedures used are not intended to secure the file” that would be impossible since a requestor (potentially anyone) must be capable of decrypting the file once retrieved. Rather, the objective is that the node operator can plausibly deny any knowledge of the contents of her datastore, since all she knows a priori is the file key, not the encryption key. The encryption keys for keyword-signed and signed-subspace data can only be obtained by reversing a hash, and the encryption keys for content-hash data are completely unrelated. With effort, of course, a dictionary attack will reveal which keys are present”as it must in order for requests to work at all”but the burden such an effort would require is intended to provide a measure of cover for node operators.

3.5 Adding nodes

A new node can join the network by discovering the address of one or more existing nodes through out-of-band means, then starting to send messages. As mentioned previously, the request mechanism naturally enables new nodes to learn about more of the network over time. However, in order for existing nodes to discover them, new nodes must somehow announce their presence. This process is complicated by two somewhat conflicting requirements. On one hand, to promote efficient routing, we would like all the existing nodes to be consistent in deciding which keys to send a new node (i.e. what key to assign it in their routing tables). On the other hand, it would cause a security problem if any one node could choose the routing key, which rules out the most straightforward way of achieving consistency.
We use a cryptographic protocol to satisfy both of these requirements. A new node joining the network chooses a random seed and sends an announcement message containing its address and the hash of that seed to some existing node. When a node receives a new-node announcement, it generates a random seed, XOR's that with the hash it received and hashes the result again to create a com¬mitment. It then forwards the new hash to some node chosen randomly from its routing table. This process continues until the hops-to-live of the announcement runs out. The last node to receive the announcement just generates a seed. Now all nodes in the chain reveal their seeds and the key for the new node is assigned as the XOR of all the seeds. Checking the commitments enables each node to confirm that everyone revealed their seeds truthfully. This yields a consistent random key which cannot be influenced by a malicious participant. Each node then adds an entry for the new node in its routing table under that key.
4 Protocol details

The Freenet protocol is packet-oriented and uses self-contained messages. Each message includes a transaction ID so that nodes can track the state of inserts and requests. This design is intended to permit flexibility in the choice of transport mechanisms for messages, whether they be TCP, UDP, or other technologies such as packet radio. For efficiency, nodes using a persistent channel such as a TCP connection may also send multiple messages over the same connection. Node addresses consist of a transport method plus a transport-specific identifier such as an IP address and port number, e.g. tcp/ Nodes which change addresses frequently may also use virtual addresses stored under address-resolution keys (ARK's), which are signed-subspace keys updated to contain the current real address.
A Freenet transaction begins with a Request.Handshake message from one node to another, specifying the desired return address of the sending node. (The sender's return address may be impossible to determine automatically from the transport layer, or the sender may wish to receive replies at a different address from that used to send the message.) If the remote node is active and responding to requests, it will reply with a Reply.Handshake specifying the protocol version number that it understands. Handshakes are remembered for a few hours, and subsequent transactions between the same nodes during this time may omit this step.
All messages contain a randomly-generated 64-bit transaction ID, a hops-to-live limit, and a depth counter. Although the ID cannot be guaranteed to be unique, the likelihood of a collision occurring during the transaction lifetime among the limited set of nodes that it sees is extremely low. Hops-to-live is set by the originator of a message and is decremented at each hop to prevent messages being forwarded indefinitely. To reduce the information that an attacker can obtain from the hops-to-live value, messages do not automatically terminate after hops-to-live reaches 1 but are forwarded on with finite probability (with hops-to-live again 1). Depth is incremented at each hop and is used by a replying node to set hops-to-live high enough to reach a requestor. Requestors should initialize it to a small random value to obscure their location. As with hops-to-live, a depth of 1 is not automatically incremented but is passed unchanged with finite probability.
To request data, the sending node sends a Request .Data message specifying a transaction ID, initial hops-to-live and depth, and a search key. The remote node will check its datastore for the key and if not found, will forward the request to another node as described in section 3.2. Using the chosen hops-to-live limit, the sending node starts a timer for the expected amount of time it should take to contact that many nodes, after which it will assume failure. While the request is being processed, the remote node may periodically send back Reply.Restart messages indicating that messages were stalled waiting on network timeouts, so that the sending node knows to extend its timer.
If the request is ultimately successful, the remote node will reply with a Send.Data message containing the data requested and the address of the node which supplied it (possibly faked). If the request is ultimately unsuccessful and its hops-to-live are completely used up trying to satisfy it, the remote node will reply with a Reply.NotFound. The sending node will then decrement the hops-to-live of the Send.Data (or Reply.NotFound) and pass it along upstream, unless it is the actual originator of the request. Both of these messages terminate the transaction and release any resources held. However, if there are still hops-to-live remaining, usually because the request ran into a dead end where no viable non-looping paths could be found, the remote node will reply with a Request.Continue giving the number of hops-to-live left. The sending node will then try to contact the next-most likely node from its routing table. It will also send a Reply.Restart upstream.
To insert data, the sending node sends a Request.Insert message specifying a randomly-generated transaction ID, an initial hops-to-live and depth, and a proposed key. The remote node will check its datastore for the key and if not found, forward the insert to another node as described in section 3.3. Timers and Reply.Restart messages are also used in the same way as for requests.
If the insert ultimately results in a key collision, the remote node will re¬ply with either a Send.Data message containing the existing data or a Re¬ply.NotFound (if existing data was not actually found, but routing table ref¬erences to it were). If the insert does not encounter a collision, yet runs out of nodes with nonzero hops-to-live remaining, the remote node will reply with a Request.Continue. In this case, Request.Continue is a failure result meaning that not as many nodes could be contacted as asked for. These messages will be passed along upstream as in the request case. Both messages terminate the transaction and release any resources held. However, if the insert expires with¬out encountering a collision, the remote node will reply with a Reply.Insert, indicating that the insert can go ahead. The sending node will pass along the Reply.Insert upstream and wait for its predecessor to send a Send.Insert con¬taining the data. When it receives the data, it will store it locally and forward the Send.Insert downstream, concluding the transaction.
