xmtp / proto Goto Github PK
View Code? Open in Web Editor NEWShared Protocol Buffers and their associated generated code
License: MIT License
Shared Protocol Buffers and their associated generated code
License: MIT License
Let's first look at the message structure in V2
payload = encoded content,
header = {topic, timestamp}
digest = Hash(header || payload)
packet = {payload, sender address, sender's signature using prekey (digest)}
encrypted = encrypt(packet, shared_key, header)
packet = {encrypted, header}
The primary question we want to address in this issue is
Does the message sender need to sign the digest of the header and payload?
By including a signature on header+payload, the sender is attesting to the message contents and context (because it's used as AAD in the encryption). In addition, the attestation is verifiable by both the intended recipients and parties external to the communication.
Each function in the message structure defined above results in different properties
We focus on the last property here
Say Alice and Bob are communicating via a secure pairwise channel
The shared key they establish for communication is called a DAKE (Deniable Authenticated Key Exchange) iff
There are two types of deniability depending on the role of the Judge in 2 above
In this version, Judy is not observing actively observing the key establishment session.
In this version, Alice colludes with Judy to frame Bob. This is similar to Alice wearing a wire.
A protocol is said to have deniability properties if a simulator can produce a communication transcript similar to the transcript for true interaction between the parties. The defendant could deny it in this case by arguing that the transcript is fabricated.
Without deniability every message is on-the-record. This is potentially harmful to the senders as the messages can be used against them (now or in the future). For example, a whistleblower using a non-deniable communication system will have their identity leaked. Deniability is a complex issue requiring legal, social sciences, and cryptography inputs.
Most of the existing secure message services have deniable communications by default. In Signal protocol, it can be shown that X3DH is an instance of DAKE. It follows that the communications are deniable too. The same holds for OTR and HMQV protocols.
As mentioned earlier, deniability is easy and default in most of the pairwise communication protocols including Signal, OTR, etc. Things get more complicated in a group messaging scenario.
Most of the existing deployments of group messaging sacrifice scalability to support deniability. Signal App uses pairwise channels that have linear message complexity to achieve authentication+deniability. Multiparty OTR (mpOTR) has similar complexity to achieve deniability. Tree-based methods (ART + TreeKEM) sacrifice the deniability property to achieve sublinear (log n) message complexity. More recently, Epochal Signatures have been proposed that can be integrated with tree-based methods to achieve deniability.
Epochal signatures: https://eprint.iacr.org/2020/1138
OTR: https://otr.cypherpunks.ca/otr-wpes.pdf
Deniability of Signal protocol: https://eprint.iacr.org/2021/642.pdf
Deniable Email: https://eprint.iacr.org/2019/390.pdf
Time deniable signatures : https://eprint.iacr.org/2022/1018
PublicKey signature is I think the only case where we don't capture the signed bytes. Consequently signature verification requires remarshaling the key contents (without the signature), which we know can be fraught with non-determinism in protobuf. We may want to consider replacing the current PublicKey definition
message PublicKey {
// The key bytes
message Secp256k1Uncompressed {
// uncompressed point with prefix (0x04) [ P || X || Y ], 65 bytes
bytes bytes = 1;
}
uint64 timestamp = 1;
optional Signature signature = 2;
oneof union {
Secp256k1Uncompressed secp256k1_uncompressed = 3;
}
}
With something like this
message PublicKey {
// The key bytes
message Secp256k1Uncompressed {
// uncompressed point with prefix (0x04) [ P || X || Y ], 65 bytes
bytes bytes = 1;
}
uint64 timestamp = 1;
oneof union {
Secp256k1Uncompressed secp256k1_uncompressed = 3;
}
}
message SignedPublicKey {
bytes key_bytes = 1; // embeds a PublicKey
Signature signature = 2;
}
Upside:
Downside:
Thoughts?
This change is complete when it has been implemented in all our SDKs:
While using the JS or React SDK the app functions as expected, but I receive a recurring error in the console regarding a missing file. The error is as follows:
This was originally reported by @fabriguespe here: xmtp/xmtp-js#489
No response
Use the JS or React SDK in a browser with source maps enabled
Developers are experiencing an issue where there are duplicate conversations for a single ConversationId. This leads to messages being lost as they are split into different topics.
The root cause is:
TopicKey = hkdf(symmetric_aes_key)
, TopicName = Encrypt(symmetric_aes_key, {participants, conversationId})
listConversations
should be updated to remove duplicate entries with the same conversationId.
Full recommendation can be found in this RAPID.
This change is complete when it has been implemented in all our SDKs:
xmtp-js
: xmtp/xmtp-js#316xmtp-ios
: xmtp/xmtp-ios#86xmtp-android
: xmtp/xmtp-android#60xmtp-flutter
: xmtp/xmtp-flutter#62Edit: michaelx11
xmtp-proto
generation step and reference them in libxmtp-core
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.