As briefly explained on the intro, in addition to sending messages through tunnels (via tunnels), I2P uses a technique called "garlic routing" - layered encryption of messages, passing through routers selected by the original sender. This is similar to the way Mixmaster (see network comparisons) sends messages - taking a message, encrypting it to the recipient's public key, taking that encrypted message and encrypting it (along with instructions specifying the next hop), and then taking that resulting encrypted message and so on, until it has one layer of encryption per hop along the path. The only significant difference between that technique and I2P's garlic routing is that at each layer, any number of messages can be contained, instead of just a single message.
In addition to the cloves, each unwrapped garlic message contains a sender specified amount of padding data, allowing the sender to take active countermeasures against traffic analysis.
I2P uses garlic routing in three places:
There are also significant ways that this technique can be used to improve the performance of the network, exploiting transport latency/throughput tradeoffs, and branching data through redundant paths to increase reliability.
The encryption of each layer in the garlic message uses the ElGamal/AES+SessionTag algorithm, which avoids the cost of a full 2048bit ElGamal encryption for subsequent messages (using instead a random previously specified SessionTag plus 256bit AES encryption).
The term garlic routing was first coined by Michael Freedman in Roger Dingledine's Free Haven Master's thesis (June 2000), which was derived from Onion Routing. The main difference from the method described by Freedman with I2P's garlic routing is that the path is unidirectional - there is no "turning point" as seen in onion routing or mixmaster reply blocks, which greatly simplifies the algorithm and allows for more flexible and reliable delivery.{% endblock %}