This is what you need to know about messaging, and a (truly) secure protocol.

Intro

Messengers are on pretty much everyone’s smartphone these days. Privacy leakages from messengers, other communication tools (emails, various social media) and data storages (cloud based, on-site servers etc) have become epidemic. Another huge concern is collection of private (also meta) data for various marketing purposes. Quite a few users are concerned about disclosure of private data to authorities. In the latter case we are not advocating any crime or wrongdoing, this is rather about a major discomfort of well-behaving individuals related to the good old ‘big brother is watching you’ issue.

Instead of discussing who, on which basis and how (technically) may infringe on privacy or freedom of correspondence, we are shedding some light on the technical side of messaging, and, in the end, are proposing a solution that might be robust enough to cut most of such discussion out.

There is an array of messengers out there, some are more, the other are less focused on security. Let’s sum up key limitations that we have to deal with when using various products.

(A) Centralized Messengers

These include WhatsApp, Telegram, Facebook messenger, Signal, Threema, GMail, ProtonMail. All communication and personal data storage is channeled through the company’s servers. This results in that -

1. most of the companies providing you with messaging service have access (at least technically) to your correspondence or data,
2. even if end-to-end encryption is used, user is not able to figure out how the product works and what potential weaknesses it has, as long as most of the applications are closed-source,
3. where an end-to-end encryption is used and a user is looking to synchronize their data on various devices, no 100% secure method for such synchronization would be available, and
4. any such solution is weak in the face of infrastructure failures or blocking.

(B) Federated Messengers

Most widely used solutions are Matrix, Jabber, email clients. Federated architecture is a slightly more secure approach, as any user or community can launch their own server and manage security of their data. But a number of issues are still outstanding.

1. Despite the federated architecture, the risk of servers hacking is still high, for one, we refer to a recent Matrix case.
2. End-to-end encryption, by default, is not built into the protocol, usually a PGP/GPG add-ons are used.
3. It is a fairly complicated task to add contacts given that the network is split into federated segments.

(C) Decentralized Messaging

Decentralized solution is based on the equality of network participants and suggests a radically higher level of security. All access related data (seed phrase) is stored on the client only and can be easily transferred between devices.

There is a number of projects out there, however, we are not aware of any commercially viable products yet.

(D) CDM Protocol

Now let’s take a look at the cure. Chainify Decentralized Messaging Protocol (CDM Protocol) effectively combines functionality of blockchain and IPFS. High-level functionality includes:

1. module based architecture — any protocol components (including underlying blockchain, encryption algorithms, structure of private and public keys and other) can be replaced based on specific needs,
2. blockchain nodes (we currently use Waves),
3. IPFS nodes,
4. blockchain parser,
5. cryptographic modules and primitives,
6. client apps.

Key components description:

Cryptographic modules and primitives

• shared key generation based on Diffie-Hellman method
• AES symmetric encryption
• Curve25519 based public and private keys

Client application

• encryption and decryption of messages
• display and dispatch of messages

Blockchain node

• Waves blockchain
• transaction broadcast with message hash
• obtaining current state of blockchain

IPFS node

• record of files containing message and ancillary data

Blockchain Parser

• monitoring transactions that are marked by a specific token (based on ad hoc configuration); in our case this is Chainify (CNFY) token

Database

• database is used for transactions caching; this is an optional component that can be realized in the client application

CDM Protocol architecture and interaction scheme:

CDM Protocol architecture

1. Each of Alice and Bob creates their public/private key pairs.
2. Alice generates a random (CEK) key and encrypts a message with that key. Then she encrypts such random key with a key that is common with Bob and that was generated using Diffie-Hellman method, the result is attached to the encrypted message. A hash of the CEK and hash of the message itself are attached as well. The cumulative result is sent to IPFS.
3. Alice broadcasts the transaction to blockchain, the attachment of which contains hash of the file that was sent to IPFS at the previous step.
4. The ‘parser’ monitors blockchain and stores all transactions related to CNFY tokens’ transfers to a database together with all encrypted messages recorded to IPFS. The latter step is optional and can be implemented, for example, on the message recipients’ client.
5. Bob fetches from the database (via Chainify API) all the messages referred to his public key, decrypts them and validates the signature and integrity of the message by checking the hash (which defeats the ‘man-in-the-middle’ attack).

We encourage you to try out this technology. Please go ahead with installation of the messenger (we called it Nolik) and play with it. Below are the instructions to help you (it’s quite easy!).

Installation and use manual for Nolik messenger:

1.Install Waves Keeper plug-in. You can download the version that matches your browser here.

2. Create password:

3. Create new account (or import an existing one):

4. Compose and type in your account name. This is your public name that everyone will see:

5. Login with Waves Keeper here.

6. Insert / type in the public key of your addressee, or click “Saved messages” if you want to send a (test) message to yourself, or click “Nolik Team” if you want to message us:

7. Type up your message and send it by pressing Command + Enter [for Mac], or Windows + Enter [for PC]:

Enjoy!