Get Ready for BlockStamp Communicator, a New Blockchain-Powered Secure Messaging App
We’re putting the finishing touches on BlockStamp Communicator, a new secure messaging app we’ve been working on for the last few months.
We’re aiming to launch within the next couple of weeks.
In the meantime, this article provides some background as to how the app works and why it’s a big deal!
But first, a quick caveat about secure messaging in general:
It can be tricky to discuss — let alone recommend — secure digital communication tools.
Don’t take our word for it. Just read the Electronic Freedom Foundation’s take on the issue.
After trying to simplify the analysis of various secure messaging apps, the EFF cautioned that this is a highly complex subject and no tool is going to be a “magic bullet.”
In addition to technical considerations, there are also human factors involved here. For example, a tool may have great technical security features but if it is tough (or just plain annoying) to use for whatever reason, people will probably wind up relying on less secure but easier-to-use alternatives.
All that being said, when we launch you’ll see that BlockStamp Communicator is in fact quite easy to use. More on that in a future article!
And we’ve used the BlockStamp blockchain to solve one of the key technical headaches the EFF identified for secure messengers.
BlockStamp Communicator has achieved the first stretch goal on the EFF’s secure communications “wishlist.”
In an article from about 1.5 years ago, the EFF suggested that hiding metadata concerning “who is talking to whom” is a must-have feature for the secure messaging apps of the future. Here’s the full excerpt:
That’s important because if an adversary can somehow identify that person A is messaging person B — even if the message content is not yet known — then there is a chink in the armor, so to speak.
Knowing who is talking to whom gives that adversary a target.
And once that adversary has a target, it’s just a question of how many resources he can devote to compromising that target. And if that adversary has unlimited resources then it’s pretty clear where this story ends up!
This EFF article mentions a few other potential risks with backdoors (more of a problem for closed source apps, BlockStamp Communicator is open source) and some common messaging app features that aren’t yet supported by BlockStamp Communicator. But this metadata challenge is obviously the priority here.
BlockStamp Communicator messages have no metadata to hide.
That’s because the BlockStamp blockchain is a “live drop” sitting between BlockStamp Communicator message senders and receivers.
We’re calling it a “live drop” because it is a new spin on the dead drop espionage tradecraft concept you might be familiar with from spy movies etc. Foldering is a digital version of the idea using the draft folder of an email account, for example.
The problem with using such a dead drop / folder is that if it is being monitored you blow your cover when you access it. For example, only a spy would be picking up that piece of paper under that rock next to that specific park bench!
And even if an adversary can’t immediately read the message you’ve picked up, you’ve now become a target to be compromised.
Now imagine that there is a drop that many people are accessing, i.e. it is “live.” Obviously, accessing it will not blow your cover or distinguish you somehow — because so many other people are accessing it too.
The BlockStamp blockchain serves as such a “live drop” for BlockStamp Communicator messages. Here’s how it works:
- Sending a BlockStamp Communicator message essentially consists of putting plain text data into the BlockStamp blockchain. While it is fairly easy for a well-resourced adversary to identify that you’re putting data into the blockchain, the data will be encrypted locally within the app with the recipient’s public RSA key (see below for more info). Also, remember that there are plenty of other reasons apart from secure messaging that you might be interacting with the blockchain, e.g. timestamping files, sending BST, etc.
- On the message recipient’s side, the BlockStamp Communicator app attempts to decrypt everything on the blockchain. These attempts are made locally in the recipient’s app. The decryption is successful only on messages that were encrypted with the recipient’s public key. Then the recipient sees only these successfully decrypted messages in the local BlockStamp Communicator app.
That means an adversary can see
- a sender’s network activity with the BlockStamp blockchain,
- a recipient’s network activity with the BlockStamp blockchain, and
- that some data (specifically, encrypted gobbledygook) is stored on the BlockStamp blockchain.
But the adversary cannot see
- whose public key the sender’s BlockStamp Communicator app used to encrypt the data or
- the content of the encrypted message or
- whose BlockStamp Communicator app was able to decrypt the message.
The identities of the sender and receiver are therefore protected along with the actual message content itself.
With this approach, all you have to worry about is encryption, aka the “easy part.”
Here’s what that EFF article had to say about encryption:
In this context, we’d say that “easy” means “easy to make easy for users” :)
In other words, while the cryptography tech itself may be quite sophisticated, it is fairly easy for a good developer to make it an intuitive feature of a messaging app.
Consider, for example, how easy it is to start an encrypted chat in a popular messaging app like WhatsApp. Usually, you just need to hit one button and you’re set.
Similarly, the BlockStamp Communicator automatically handles the encryption for you. All messages are encrypted with the RSA cryptosystem, which is based on public keys and private keys. To send a recipient a message, all you need to do is enter their public RSA key — which serves as an address — and send it off.
A quick note on terminology: with BlockStamp Communicator, the recipient’s public RSA key serves as an address for practical purposes. But it isn’t actually an address in the strict sense that you may know from using email, for example, when the message goes across the network between sender and receiver. A BlockStamp Communicator address is more like the first digit in a two-digit combination lock. As outlined above, the recipient’s BlockStamp Communicator app will attempt to decrypt everything on the BlockStamp blockchain with the recipient’s private RSA key, which is like the second digit in the two-digit combination lock. When the two digits line up, open sesame!
Practically speaking, that means the main technical security risk you would need to worry about with BlockStamp Communicator is not such a big risk after all, i.e. that an adversary could crack RSA encryption.
In our opinion, that’s not something realistic to worry about. RSA is well-documented and proven. And as the EFF noted, the encryption engine is not what people should be worried about here. You’d probably be better off worrying about more creative attacks, like from Lisbeth Salander hacking your entire system with Asphyxia :)
In conclusion: this new app offers a simple but innovative approach to solving a key secure messaging challenge identified by the EFF. And as long as you’re confident in RSA encryption (and you should be), you can be confident in using BlockStamp Communicator.
Watch this space for a detailed user guide when we launch! Should be within the next couple weeks. Get ready!
Make sure you’re part of the BlockStamp social community and feel free to ask any questions there!
About BlockStamp:
BlockStamp is a Bitcoin blockchain fork hosting an ecosystem of fair play apps, including a true-odds multiplayer crypto gambling platform, a decentralized marketplace listing optimizer, and a private messenger with sword-in-the-stone encryption (launching soon).
