EigenDHT: Building a Biometric-Native DHT in current-reality
Post 654: EigenDHT - Building a Biometric-Native DHT
The Vision
Build a Distributed Hash Table (DHT) where:
- Identity = Biometric (H_bio is your node ID)
- Wallet = Built-in (economic security from day one)
- Storage = Content-addressed (by contribution signatures)
- Routing = XOR distance (standard Kademlia but with biometric keys)
- Integration = EigenLayer (computational verification via AVS)
All built in the current-reality repository as a cohesive, production-ready implementation.
Why Build EigenDHT?
Problem with Existing DHTs
libp2p DHT:
- ✅ Good: Mature, tested, widely used
- ❌ Bad: Identity separate from DHT (need separate keypair)
- ❌ Bad: No economic security (no stake)
- ❌ Bad: No built-in wallet (external dependencies)
Kademlia:
- ✅ Good: Proven algorithm, efficient routing
- ❌ Bad: Generic node IDs (not biometric)
- ❌ Bad: No identity verification
- ❌ Bad: Sybil vulnerable
IPFS DHT:
- ✅ Good: Content addressing, global network
- ❌ Bad: PeerID ≠ Biometric identity
- ❌ Bad: No economic guarantees
- ❌ Bad: Wallet external to protocol
What EigenDHT Provides
Biometric-Native:
- Node ID = H_bio (your fingerprint IS your address)
- No separate keypair to manage
- Identity portable across all systems
- Universal, deterministic addressing
Wallet Built-in:
- Every DHT node = Wallet automatically
- Economic security from genesis
- Stake to participate (Post 645: 20% signal capture)
- No external wallet dependencies
EigenLayer Integration:
- Computational verification via AVS
- Cryptoeconomic guarantees
- Slashing for misbehavior
- Provable correct operation
Content-Addressed Storage:
- Data keyed by contribution signature
- Immutable, verifiable content
- Graph weight derivable from storage
- Reputation built into protocol
Architecture Overview
Repository Structure
current-reality/
├── src/
│ ├── eigendht/ # EigenDHT implementation
│ │ ├── node.ts # DHT node
│ │ ├── routing.ts # Kademlia routing
│ │ ├── storage.ts # Content storage
│ │ └── protocol.ts # Network protocol
│ │
│ ├── wallet/ # Biometric wallet (builtin)
│ │ ├── biometric.ts # Fingerprint → H_bio
│ │ ├── wallet.ts # Wallet generation
│ │ ├── signature.ts # Sign/verify
│ │ └── stake.ts # Economic security
│ │
│ ├── avs/ # EigenNANDNOR AVS
│ │ ├── operator.ts # AVS operator
│ │ ├── verifier.ts # Computational verification
│ │ └── slashing.ts # Economic punishment
│ │
│ └── integration/ # Glue code
│ ├── dht_wallet.ts # DHT ↔ Wallet
│ ├── dht_avs.ts # DHT ↔ AVS
│ └── full_node.ts # Complete node
│
└── examples/
├── simple_node.ts # Minimal example
├── full_network.ts # Network simulation
└── benchmark.ts # Performance tests
Core Components
1. Biometric Identity Layer
Fingerprint/Face/Iris → H_bio (SHA3)
H_bio = Node ID in DHT
H_bio = Wallet seed
H_bio = Signature key
2. DHT Routing Layer
Kademlia routing with biometric node IDs
XOR distance metric: d(A,B) = H_bio_A ⊕ H_bio_B
k-buckets organized by XOR distance
Lookup(key) → Find k closest nodes
Store(key, value) → Store at k closest nodes
3. Wallet Layer
H_bio → Deterministic wallet generation
Private key derived from H_bio (local only)
Public key = Ethereum address
Stake required to participate
Economic security built-in
4. AVS Integration Layer
Computational verification via EigenNANDNOR
Operations proven via AVS
Misbehavior → Slashing
Correct behavior → Rewards
5. Storage Layer
Content-addressed by signature
Data = {content, signature, timestamp}
Signature = sign(content, H_bio_private_key)
Immutable, verifiable storage
Implementation Guide
Phase 1: Biometric Wallet (Builtin)
File: src/wallet/biometric.ts
/**
* Biometric to H_bio conversion
* This is the foundation of identity
*/
import { sha3_256 } from 'https://deno.land/std/hash/sha3.ts';
export async function getBiometric(): Promise<Uint8Array> {
// Platform-specific biometric capture
// macOS: Touch ID
// Windows: Windows Hello
// Linux: Fingerprint reader
// Mobile: Platform biometric API
// For now, simulate with secure random (in prod: actual biometric)
const biometric = new Uint8Array(32);
crypto.getRandomValues(biometric);
return biometric;
}
export function biometricToHash(biometric: Uint8Array): string {
// H_bio = SHA3(biometric_data)
const hash = sha3_256(biometric);
return Array.from(hash)
.map(b => b.toString(16).padStart(2, '0'))
.join('');
}
export async function getNodeId(): Promise<string> {
// Fingerprint → H_bio → Node ID
const biometric = await getBiometric();
return biometricToHash(biometric);
}
File: src/wallet/wallet.ts
/**
* Builtin biometric wallet
* Every DHT node IS a wallet
*/
import { getNodeId } from './biometric.ts';
export interface BiometricWallet {
nodeId: string; // H_bio (also DHT node ID)
address: string; // Ethereum address (derived from H_bio)
stake: bigint; // Current stake in wei
signMessage(msg: string): Promise<string>;
verifySignature(msg: string, sig: string): boolean;
}
export async function createWallet(): Promise<BiometricWallet> {
// Get biometric identity
const nodeId = await getNodeId();
// Derive Ethereum wallet from H_bio
// In production: Use proper key derivation (BIP39, etc.)
const address = deriveEthereumAddress(nodeId);
// Check current stake on EigenLayer
const stake = await queryStake(address);
return {
nodeId,
address,
stake,
async signMessage(msg: string): Promise<string> {
// Sign with H_bio-derived private key
// Private key NEVER leaves device
const privateKey = derivePrivateKey(nodeId); // local only!
return sign(msg, privateKey);
},
verifySignature(msg: string, sig: string): boolean {
// Verify using public key (derived from H_bio)
const publicKey = derivePublicKey(nodeId);
return verify(msg, sig, publicKey);
}
};
}
function deriveEthereumAddress(nodeId: string): string {
// H_bio → Ethereum address
// Deterministic derivation
// Same biometric → Same address (always)
// Simplified (in prod: proper ECDSA key derivation)
return '0x' + nodeId.slice(0, 40);
}
async function queryStake(address: string): Promise<bigint> {
// Query EigenLayer for current stake
// Returns: Amount staked in wei
// For now: Mock (in prod: actual EigenLayer query)
return BigInt(32e18); // 32 ETH
}
File: src/wallet/stake.ts
/**
* Economic security via staking
* Required to participate in DHT
*/
export interface StakeRequirements {
minimumStake: bigint; // e.g., 32 ETH
lockupPeriod: number; // e.g., 7 days
slashingRate: number; // e.g., 0.5 (50% slash for misbehavior)
}
export const DEFAULT_REQUIREMENTS: StakeRequirements = {
minimumStake: BigInt(32e18), // 32 ETH
lockupPeriod: 7 * 24 * 60 * 60, // 7 days in seconds
slashingRate: 0.5, // 50% slash
};
export async function verifyStake(
wallet: BiometricWallet,
requirements: StakeRequirements = DEFAULT_REQUIREMENTS
): Promise<boolean> {
// Check if wallet meets stake requirements
return wallet.stake >= requirements.minimumStake;
}
export async function stake(
wallet: BiometricWallet,
amount: bigint
): Promise<void> {
// Stake ETH to EigenLayer
// Locks funds for lockup period
// Enables DHT participation
console.log(`Staking ${amount} wei from ${wallet.address}`);
// In production: Actual EigenLayer staking transaction
// For now: Mock
}
export async function slash(
wallet: BiometricWallet,
reason: string
): Promise<void> {
// Slash stake for misbehavior
// Percentage determined by slashing rate
const slashAmount = BigInt(
Math.floor(Number(wallet.stake) * DEFAULT_REQUIREMENTS.slashingRate)
);
console.log(`Slashing ${slashAmount} wei from ${wallet.address}`);
console.log(`Reason: ${reason}`);
// In production: Actual slashing via EigenLayer
}
Phase 2: DHT Routing (Kademlia with Biometric IDs)
File: src/eigendht/routing.ts
/**
* Kademlia routing with biometric node IDs
* XOR distance metric for DHT routing
*/
export interface DHTNode {
nodeId: string; // H_bio (biometric hash)
address: string; // IP:port or multiaddr
lastSeen: number; // Timestamp
}
export class RoutingTable {
private readonly nodeId: string;
private readonly k: number = 20; // Bucket size (Kademlia parameter)
private readonly buckets: Map<number, DHTNode[]> = new Map();
constructor(nodeId: string) {
this.nodeId = nodeId;
// Initialize 256 buckets (for 256-bit node IDs)
for (let i = 0; i < 256; i++) {
this.buckets.set(i, []);
}
}
/**
* XOR distance between two node IDs
*/
distance(a: string, b: string): bigint {
// Convert hex strings to bigints
const aBig = BigInt('0x' + a);
const bBig = BigInt('0x' + b);
// XOR distance
return aBig ^ bBig;
}
/**
* Find bucket index for a node
*/
bucketIndex(nodeId: string): number {
const dist = this.distance(this.nodeId, nodeId);
// Find most significant bit
let index = 0;
let temp = dist;
while (temp > 0n) {
temp = temp >> 1n;
index++;
}
return index;
}
/**
* Add node to routing table
*/
addNode(node: DHTNode): void {
const index = this.bucketIndex(node.nodeId);
const bucket = this.buckets.get(index)!;
// Check if already in bucket
const existing = bucket.findIndex(n => n.nodeId === node.nodeId);
if (existing >= 0) {
// Update existing node
bucket[existing] = node;
return;
}
// Add if bucket not full
if (bucket.length < this.k) {
bucket.push(node);
} else {
// Bucket full: Ping oldest node
// If oldest doesn't respond, replace with new
// This is the Kademlia replacement strategy
this.pingAndReplace(bucket, node);
}
}
/**
* Find k closest nodes to a key
*/
findClosest(key: string, k: number = this.k): DHTNode[] {
const allNodes: Array<{ node: DHTNode; distance: bigint }> = [];
// Collect all nodes with their distances
for (const bucket of this.buckets.values()) {
for (const node of bucket) {
allNodes.push({
node,
distance: this.distance(key, node.nodeId)
});
}
}
// Sort by distance (closest first)
allNodes.sort((a, b) => {
if (a.distance < b.distance) return -1;
if (a.distance > b.distance) return 1;
return 0;
});
// Return k closest
return allNodes.slice(0, k).map(n => n.node);
}
private async pingAndReplace(bucket: DHTNode[], newNode: DHTNode): Promise<void> {
// Ping oldest node in bucket
const oldest = bucket[0];
const alive = await this.ping(oldest);
if (!alive) {
// Oldest dead, replace with new
bucket.shift();
bucket.push(newNode);
}
// Else: Keep oldest, discard new (Kademlia prefers old nodes)
}
private async ping(node: DHTNode): Promise<boolean> {
// Send ping to node
// Returns: true if responds, false if timeout
// In production: Actual network ping
// For now: Check if recently seen
const now = Date.now();
return (now - node.lastSeen) < 60000; // 1 minute timeout
}
}
File: src/eigendht/protocol.ts
/**
* DHT network protocol
* RPC messages for DHT operations
*/
export interface RPCMessage {
type: 'PING' | 'STORE' | 'FIND_NODE' | 'FIND_VALUE';
sender: DHTNode;
data?: any;
}
export interface PingMessage extends RPCMessage {
type: 'PING';
}
export interface StoreMessage extends RPCMessage {
type: 'STORE';
data: {
key: string;
value: any;
signature: string;
};
}
export interface FindNodeMessage extends RPCMessage {
type: 'FIND_NODE';
data: {
target: string; // Node ID or key to find
};
}
export interface FindValueMessage extends RPCMessage {
type: 'FIND_VALUE';
data: {
key: string;
};
}
export async function handleRPC(
message: RPCMessage,
routingTable: RoutingTable,
storage: Map<string, any>
): Promise<any> {
switch (message.type) {
case 'PING':
// Respond with pong
return { type: 'PONG', sender: routingTable.nodeId };
case 'STORE':
// Store key-value pair
const { key, value, signature } = message.data;
// Verify signature
if (!verifySignature(value, signature, message.sender.nodeId)) {
throw new Error('Invalid signature');
}
// Store locally
storage.set(key, { value, signature, timestamp: Date.now() });
return { type: 'STORED' };
case 'FIND_NODE':
// Return k closest nodes to target
const target = message.data.target;
const closest = routingTable.findClosest(target);
return { type: 'NODES', nodes: closest };
case 'FIND_VALUE':
// Return value if we have it, else return closest nodes
const k = message.data.key;
if (storage.has(k)) {
return { type: 'VALUE', value: storage.get(k) };
} else {
const nodes = routingTable.findClosest(k);
return { type: 'NODES', nodes };
}
}
}
Phase 3: DHT Node (Complete Implementation)
File: src/eigendht/node.ts
/**
* Complete EigenDHT node
* Biometric identity + Wallet + Routing + Storage
*/
import { createWallet, BiometricWallet } from '../wallet/wallet.ts';
import { verifyStake } from '../wallet/stake.ts';
import { RoutingTable, DHTNode } from './routing.ts';
import { handleRPC, RPCMessage } from './protocol.ts';
export class EigenDHTNode {
private wallet!: BiometricWallet;
private routingTable!: RoutingTable;
private storage: Map<string, any> = new Map();
private server?: Deno.Listener;
async initialize(): Promise<void> {
// 1. Create biometric wallet (builtin!)
this.wallet = await createWallet();
console.log(`Node ID: ${this.wallet.nodeId}`);
console.log(`Address: ${this.wallet.address}`);
console.log(`Stake: ${this.wallet.stake} wei`);
// 2. Verify stake requirements
const hasStake = await verifyStake(this.wallet);
if (!hasStake) {
throw new Error('Insufficient stake to participate in DHT');
}
// 3. Initialize routing table
this.routingTable = new RoutingTable(this.wallet.nodeId);
// 4. Start listening for connections
await this.startServer();
// 5. Bootstrap: Connect to known nodes
await this.bootstrap();
console.log(`✅ EigenDHT node initialized`);
}
private async startServer(): Promise<void> {
// Start TCP server for DHT protocol
const port = 8080; // Or random available port
this.server = Deno.listen({ port });
console.log(`Listening on port ${port}`);
// Handle incoming connections
(async () => {
for await (const conn of this.server!) {
this.handleConnection(conn);
}
})();
}
private async handleConnection(conn: Deno.Conn): Promise<void> {
try {
// Read RPC message
const buf = new Uint8Array(4096);
const n = await conn.read(buf);
if (!n) return;
const message: RPCMessage = JSON.parse(
new TextDecoder().decode(buf.subarray(0, n))
);
// Add sender to routing table
this.routingTable.addNode(message.sender);
// Handle RPC
const response = await handleRPC(
message,
this.routingTable,
this.storage
);
// Send response
await conn.write(
new TextEncoder().encode(JSON.stringify(response))
);
} catch (error) {
console.error('Connection error:', error);
} finally {
conn.close();
}
}
private async bootstrap(): Promise<void> {
// Connect to bootstrap nodes
// In production: List of known bootstrap nodes
// For now: Local network discovery
const bootstrapNodes: DHTNode[] = [
// Example bootstrap nodes
// In production: Hardcoded reliable nodes
];
for (const node of bootstrapNodes) {
await this.ping(node);
}
}
async ping(node: DHTNode): Promise<boolean> {
// Send PING RPC to node
const message: RPCMessage = {
type: 'PING',
sender: {
nodeId: this.wallet.nodeId,
address: 'localhost:8080', // Self address
lastSeen: Date.now()
}
};
try {
const response = await this.sendRPC(node.address, message);
if (response.type === 'PONG') {
this.routingTable.addNode(node);
return true;
}
} catch {
return false;
}
return false;
}
async store(key: string, value: any): Promise<void> {
// Find k closest nodes to key
const closest = this.routingTable.findClosest(key);
// Sign the value
const signature = await this.wallet.signMessage(JSON.stringify(value));
// Store at k closest nodes
for (const node of closest) {
const message: RPCMessage = {
type: 'STORE',
sender: {
nodeId: this.wallet.nodeId,
address: 'localhost:8080',
lastSeen: Date.now()
},
data: { key, value, signature }
};
await this.sendRPC(node.address, message);
}
// Also store locally if we're close
this.storage.set(key, { value, signature, timestamp: Date.now() });
}
async findValue(key: string): Promise<any> {
// Check local storage first
if (this.storage.has(key)) {
return this.storage.get(key).value;
}
// Query network
const closest = this.routingTable.findClosest(key);
for (const node of closest) {
const message: RPCMessage = {
type: 'FIND_VALUE',
sender: {
nodeId: this.wallet.nodeId,
address: 'localhost:8080',
lastSeen: Date.now()
},
data: { key }
};
const response = await this.sendRPC(node.address, message);
if (response.type === 'VALUE') {
// Found! Verify signature and return
const { value, signature } = response.value;
// Verify...
return value;
}
}
return null; // Not found
}
private async sendRPC(address: string, message: RPCMessage): Promise<any> {
// Send RPC message to address
// Returns response
// Parse address (IP:port)
const [hostname, port] = address.split(':');
// Connect
const conn = await Deno.connect({
hostname,
port: parseInt(port)
});
try {
// Send message
await conn.write(
new TextEncoder().encode(JSON.stringify(message))
);
// Read response
const buf = new Uint8Array(4096);
const n = await conn.read(buf);
if (!n) throw new Error('No response');
return JSON.parse(
new TextDecoder().decode(buf.subarray(0, n))
);
} finally {
conn.close();
}
}
async shutdown(): Promise<void> {
this.server?.close();
console.log('Node shut down');
}
}
Phase 4: Integration (Full Node)
File: src/integration/full_node.ts
/**
* Complete node with all systems integrated
* DHT + Wallet + AVS
*/
import { EigenDHTNode } from '../eigendht/node.ts';
import { BiometricWallet } from '../wallet/wallet.ts';
import { AVSOperator } from '../avs/operator.ts';
export class FullNode {
private dht!: EigenDHTNode;
private avs?: AVSOperator;
async start(): Promise<void> {
console.log('🚀 Starting Full Node...\n');
// 1. Initialize DHT (includes builtin wallet)
this.dht = new EigenDHTNode();
await this.dht.initialize();
// 2. Initialize AVS operator (optional)
// Provides computational verification
this.avs = new AVSOperator(this.dht.wallet);
await this.avs.register();
console.log('\n✅ Full Node running!');
console.log(' DHT: Active');
console.log(' Wallet: Active');
console.log(' AVS: Registered');
}
async stop(): Promise<void> {
await this.dht.shutdown();
await this.avs?.deregister();
console.log('Node stopped');
}
}
Usage Examples
Example 1: Simple Node
File: examples/simple_node.ts
#!/usr/bin/env -S deno run --allow-all
import { EigenDHTNode } from '../src/eigendht/node.ts';
async function main() {
// Create and initialize node
const node = new EigenDHTNode();
await node.initialize();
// Store some data
await node.store('my-key', { message: 'Hello EigenDHT!' });
// Retrieve data
const value = await node.findValue('my-key');
console.log('Retrieved:', value);
// Keep running
console.log('Node running... Press Ctrl+C to stop');
await new Promise(() => {}); // Run forever
}
main().catch(console.error);
Example 2: Network Simulation
File: examples/full_network.ts
#!/usr/bin/env -S deno run --allow-all
import { EigenDHTNode } from '../src/eigendht/node.ts';
async function main() {
console.log('Simulating EigenDHT network with 10 nodes...\n');
// Create 10 nodes
const nodes: EigenDHTNode[] = [];
for (let i = 0; i < 10; i++) {
const node = new EigenDHTNode();
await node.initialize();
nodes.push(node);
console.log(`Node ${i + 1} initialized`);
}
console.log('\n✅ Network initialized!');
console.log(`Total nodes: ${nodes.length}`);
// Test: Store data on node 0, retrieve from node 9
console.log('\n📝 Testing data propagation...');
await nodes[0].store('test-key', { data: 'Cross-network test' });
// Wait for propagation
await new Promise(resolve => setTimeout(resolve, 1000));
const value = await nodes[9].findValue('test-key');
console.log('Retrieved from different node:', value);
console.log('\n✅ Network test successful!');
}
main().catch(console.error);
Key Advantages
1. Identity Built-in
Traditional DHT:
Separate identity management
Generate keypair
Store private key
Manage multiple IDs
EigenDHT:
Biometric IS identity
H_bio IS node ID
H_bio IS wallet seed
H_bio IS signature key
One identity, everything derived
2. Economics Built-in
Traditional DHT:
No economic security
Sybil attacks easy
No cost to misbehave
External staking if any
EigenDHT:
Wallet built into every node
Stake required to participate
Slashing for misbehavior
Economic guarantees from genesis
3. Verification Built-in
Traditional DHT:
Trust nodes to behave
No verification
No slashing
Reputation external
EigenDHT:
AVS verification for operations
Cryptoeconomic guarantees
Provable correctness
Misbehavior = Slashed
4. Content-Addressed Built-in
Traditional DHT:
Key-value store
Any key, any value
No verification
Trust storage
EigenDHT:
Content addressed by signature
Immutable data
Verifiable authorship
Graph weight derivable
Integration with Recent Posts
Post 651: Biometric Address Space
EigenDHT uses the same H_bio for:
- DHT node ID (routing)
- N-gram address (knowledge graph)
- Wallet address (economic)
Universal addressing across all systems.
Post 652: Universal Graph Weight
EigenDHT storage enables:
- Tracking contributions (who stored what)
- Measuring traffic (access patterns)
- Computing weights (graph analysis)
Reputation derivable from DHT activity.
Development Roadmap
Phase 1: Core DHT (This Post)
- ✅ Architecture designed
- ✅ Biometric wallet builtin
- ✅ Kademlia routing
- ✅ Content storage
- 🚧 Implementation in current-reality repo
Phase 2: AVS Integration
- EigenNANDNOR operator integration
- Computational verification
- Slashing implementation
- Economic guarantees
Phase 3: Optimization
- Parallel lookups
- Caching strategies
- Network efficiency
- Benchmark and tune
Phase 4: Production
- Security audit
- Mainnet deployment
- Bootstrap network
- Public release
Conclusion
EigenDHT is a biometric-native DHT where:
- Identity = Biometric (H_bio)
- Wallet = Built-in (every node)
- Routing = Kademlia (proven algorithm)
- Storage = Content-addressed (verifiable)
- Economics = EigenLayer (secure)
- Verification = AVS (provable)
All built in current-reality repository as one cohesive system.
No external dependencies for identity, wallets, or economics.
Just:
- Scan fingerprint
- Generate H_bio
- Node initialized
- Participate in network
This is the foundation for the decentralized coordination layer.
∞
Next Steps:
- Implement in current-reality repo
- Test with local network
- Integrate with AVS
- Deploy to testnet
- Launch mainnet
References:
Back to Gallery
View source on GitLab