RACE is a distributed system developed to provide resilient, secure, anonymous messaging. You can think of RACE in terms of a network two types of nodes: clients and servers. The clients are devices run by individual users who want to anonymously message one another; the servers are run by volunteer users or organizations that provide the infrastructure to enable anonymous client messaging. In a typical messaging app (e.g. Signal) clients connect to a single conceptual "server" (typically load-balanced) which directly routes messages to other clients. This means the server knows the to and from of every message (its metadata), even if use of end-to-end encryption prevents seeing the actual message content. In contrast, RACE has an entire network of independent servers that use special multi-party computation (MPC) algorithms to route messages without individual servers learning the metadata. The specific goals of the original RACE program were to enable up to 20% of the servers to be malicious and colluding (i.e. a single adversary running a bloc of servers) without any client messaging metadata being leaked. There are multiple ways to achieve this, and there are actually two distinctly different designs of message routing implemented: Prism and Carma.
RACE is designed to not just operate in permissive network environments (i.e. places that also allow free access to services like Tor and Signal) but also censored network environments, such as the residential networks of many repressive regimes. The anonymous routing described above provides one layer of protection by preventing an adversary from deanonymizing users by just compromising (or maliciously operating) a small number of RACE servers. However, a censoring network could still easily fingerprint and block RACE traffic if it used standard TCP connections or if the IP address of its servers was known (as happens with Tor). Thus, RACE has a layer of resilient network communication channels to enable it to operate wholly within and/or span across a censoring network. These channels are built to be impossible or impractical for an adversary to detect and block connections between RACE nodes. See the RACE channels page for more details about the channels.
In addition to resilience and anonymity, RACE was designed and tested to scale to thousands of clients to enable a significant userbase built on volunteer server infrastructure. The two anonymous routing protocols use different network topologies, but both have been tested with up to 5K clients and 500 servers. Both approaches have also built in resilience mechanisms to handle individual servers or entire chunks of the server network being taken offline, which could occur either because of the volunteer nature of the servers or due to adversarial action.
RACE was built as a modular plugin-based application for linux and Android environments. For ease of testing (see RACE Quickstart) RACE servers and linux-clients are packaged as dockerized applications with all dependencies pre-installed. For the Android client we have a RACE APK that can be manually installed and is built on Android API-level 29 and currently tested on Android 10 and 11 devices. More information can be found in the developer docs.
RACE is built using a plugin-based architecture. There are three "arms" of RACE functionality provided by different types of plugins:
- Network-manager plugins manage the overlay network topology and handle routing messages between nodes (these are the anonymous routing algorithms Carma and Prism)
- Comms plugins provide the resilient network channels used to keep RACE undetectable and/or unblockable in hostile network environments (see the RACE channels page)
- The App provides an external interface for RACE, e.g. client-to-client messaging or alternate uses (see #additional-uses)
RACE's initial goal was to provide private user-to-user messaging of a few kilobytes with a few minutes latency in a manner that could be scaled to thousands of users, operate on a network of volunteer servers, and exist entirely within a censored network environment. However, there are many variations on that goal that the RACE software is flexible enough to readily adapt to. E.g. rather than providing natural language messaging, the RACE app could provide a proxy interface to change arbitrary proxy-supporting applications into anonymously served applications. Separately, a global user and volunteer base could result in a RACE network that mixes censored and permissive network environments, where clients and servers in the latter can use standard network protocols (e.g. simple TCP sockets) for communications with greater performance. The plugin-based architecture of RACE is designed to maximize its flexiblity and minimize the effort necessary to adapt and refine its use for specific cases.
Owing to RACE's modular nature, many of its pieces were developed by separate teams and are alternative/complementary implementations of functionality (e.g. different communication channels, different routing algorithms). This is a list of the other RACE source code repositories for these subprojects:
- RACE Core (SDK and functional example implementations of each plugin in each supported language)
- Network Manager Plugins Implementations
- Comms Plugin Implementations (also see RACE Channels
- Artifact Manager Plugin Implementations
- Race-in-the-Box
- Docker Images and Dependency Building