Boson Network
Boson Network is the open-source, production-grade deployment of the Carrier v2 technology stack. Built by the same team that created Carrier v1 and v2, Boson packages the DHT, relay, and gateway components into a cohesive infrastructure layer purpose-built for the PC2 (Personal Cloud Computer) ecosystem.
Relationship to Carrier
Boson is not a separate protocol; it is Carrier v2 technology deployed and optimized for production use in the PC2 ecosystem. The core DHT, Active Proxy, and cryptographic layers are the same. Boson adds operational infrastructure (bootstrap clusters, web gateways, username resolution) that turns the raw protocol into a ready-to-use network.
| Layer | Carrier v2 | Boson Network |
|---|---|---|
| DHT protocol | Custom Kademlia | Same |
| Relay | Active Proxy addon | Same, deployed on super nodes |
| Web access | Not included | Web Gateway (HTTPS termination, subdomain routing) |
| Identity | Ed25519 node keys | Same, plus did:boson: DID scheme and username registration |
| Deployment target | Library / SDK | Managed infrastructure (super nodes + home nodes) |
Three Core Services
Boson super nodes run three services that together make the network operational:
1. DHT Bootstrap Nodes
Port: 39001/UDP
Bootstrap nodes are the entry point for every new node joining the network. They provide:
- Peer discovery: New nodes contact bootstrap nodes to populate their routing tables via iterative
FIND_NODElookups. - Node registry: Bootstrap nodes maintain awareness of the network's active participants.
- Username resolution: Human-readable usernames can be resolved to node IDs through the DHT's value storage.
2. Active Proxy
Port: 8090/TCP
The Active Proxy service relays traffic for nodes that cannot accept inbound connections due to NAT:
- NAT traversal relay: Home nodes behind residential NAT establish a persistent upstream TCP connection to the proxy. External traffic is forwarded through this link.
- Encrypted session relay: All relayed traffic is CryptoBox (NaCl) encrypted end-to-end. The proxy forwards ciphertext and cannot read payloads.
- Node-ID-based routing: The proxy matches incoming downstream connections to the correct upstream link using the target node's Ed25519 public key.
3. Web Gateway
Ports: 80/TCP (HTTP), 443/TCP (HTTPS)
The Web Gateway bridges standard web browsers to the Boson network:
- HTTPS termination: Handles TLS certificates so that end users access services over standard HTTPS.
- Subdomain routing: Each registered node gets a subdomain (e.g.,
username.ela.city). The gateway maps incoming HTTP requests to the correct Active Proxy upstream connection. - Standard web access: Users interact with PC2 services through a normal browser; no special client software required.
Boson in the PC2 Architecture
PC2 uses Boson as its connectivity backbone:
┌─────────────────────────────────────────────────────────┐
│ Internet / Browser │
│ https://username.ela.city │
└──────────────────────┬──────────────────────────────────┘
│ HTTPS
┌──────────────────────▼──────────────────────────────────┐
│ Super Node │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ DHT Bootstrap│ │ Active Proxy │ │ Web Gateway │ │
│ │ :39001/UDP │ │ :8090/TCP │ │ :80/:443 │ │
│ └──────────────┘ └──────────────┘ └──────┬───────┘ │
└──────────────────────────────────────────────┼──────────┘
│ TCP relay (CryptoBox encrypted)
┌──────────────────────▼──────────────────────────────────┐
│ Home Node (behind NAT) │
│ ┌──────────────────────────────────────────────────┐ │
│ │ PC2 Services (apps, storage, personal cloud) │ │
│ └──────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────┘
Super nodes run all three Boson services on public infrastructure. They are the fixed, publicly-reachable anchors in the network.
Home nodes are user-owned machines (often behind residential NAT) that run PC2 services. They connect to super nodes via Active Proxy, making them reachable from the public internet without requiring port forwarding or a static IP.
Identity Flow
Setting up a Boson identity follows a deterministic sequence:
1. Generate Ed25519 keypair
│
▼
2. Derive Node ID = Base58(PublicKey)
│
▼
3. Create DID = "did:boson:" + NodeID
│
▼
4. Store keypair + DID in local identity.json
│
▼
5. Register human-readable username with gateway
| Step | Detail |
|---|---|
| Key generation | Standard Ed25519 keypair (32-byte seed → 32-byte public key + 64-byte secret key). |
| Node ID | The public key encoded as a Base58 string. This is the node's permanent network address. |
| DID | Formatted as did:boson:<NodeID>. This DID can be resolved within the Boson network to locate the node. |
| Local storage | The keypair and derived identifiers are persisted in identity.json on the node's filesystem. |
| Username registration | The node registers a human-readable name (e.g., alice) with the Web Gateway, creating a mapping from alice.ela.city to the node's ID. |
NAT Traversal Flow
The NAT traversal sequence makes a home node behind NAT reachable from the public internet:
Home Node Super Node Client
│ │ │
│ 1. AUTH packet │ │
│ (Ed25519 signature) │ │
│───────────────────────────►│ │
│ │ │
│ 2. Port allocation │ │
│◄───────────────────────────│ │
│ │ │
│ 3. PING every 30s │ │
│───────────────────────────►│ │
│ │ │
│ │ 4. Client HTTP request │
│ │◄───────────────────────────│
│ │ │
│ 5. Relayed request │ │
│◄───────────────────────────│ │
│ │ │
│ 6. Response │ │
│───────────────────────────►│ │
│ │ │
│ │ 7. Relayed response │
│ │───────────────────────────►│
│ │ │
Step-by-Step
- AUTH: The home node opens a TCP connection to the super node and sends an AUTH packet containing its Ed25519 public key and a signature proving ownership of the corresponding private key.
- Port allocation: The super node verifies the signature, allocates a relay slot, and confirms the upstream connection is established.
- Keepalive: The home node sends a PING packet every 30 seconds to keep the TCP connection alive through NAT devices that would otherwise time out idle connections.
- Client request: An external client (browser, API consumer) sends an HTTP request to the super node's Web Gateway, addressed to the home node's subdomain.
- Relay downstream: The super node matches the request to the home node's upstream connection and forwards the request through the Active Proxy relay.
- Response: The home node processes the request and sends the response back through the same TCP connection.
- Relay upstream: The super node forwards the response to the waiting client.
All traffic between the home node and super node is CryptoBox (NaCl) encrypted. The super node relays ciphertext and cannot inspect payload content.
Service Ports Summary
| Service | Protocol | Port | Purpose |
|---|---|---|---|
| DHT Bootstrap | UDP | 39001 | Peer discovery, routing table population, username resolution |
| Active Proxy | TCP | 8090 | NAT traversal relay for home nodes |
| Web Gateway | TCP | 80 | HTTP ingress |
| Web Gateway | TCP | 443 | HTTPS ingress (TLS termination) |