Difference between revisions of "End-to-End Encrypted Messaging in xx Messenger"

End-to-End Encrypted Messaging

in xx Messenger

End-to-End Encrypted (E2EE) messaging provides secure and private text messaging where only the sender and receiver can read the contents of their messages. Where [cMix] protects metadata (the who, what, when, and where of your communications), the E2EE between clients on the xx network provides the additional guarantee that no third party can decipher the data they process and store. End-to-End encryption protects the contents of users’ messages from cMix nodes, their internet service providers, the cell phone company, and any other telecommunications devices or malicious actors on the internet. We call these E2EE links authenticated channels.

In the xx Messenger, we provide E2EE messaging that is also secure against quantum computers. We accomplish this with a key exchange algorithm that uses post-quantum cryptography combined with a known-secure regular key exchange algorithm, ensuring that an attacker wishing to break the protocol must break both to be successful. The xx network uses the Supersingular Isogeny Diffie–Helman (SIDH) algorithm for post-quantum key exchange and the classic Diffie–Helman (DH) algorithm for regular key exchange.

To create an authenticated channel for E2EE messaging, the xx Messenger needs the xx contact (public cryptographic identity key). Users can get these keys in one of two ways:

1. Exchange QR codes with another user.
2. Look up another user with User Discovery using the search function.

After acquiring the other users’ xx contact, the xx Messenger sends an authentication request message containing the SIDH and DH public keys required to initiate the key exchange. The recipient responds with their own SIDH and DH public keys, and the original sender sends a final confirmation message.

After receiving the other user’s SIDH and DH public keys, the xx Messenger computes the shared SIDH and shared DH secrets. It then combines these secrets with a hash algorithm (BLAKE2B) to form the E2E Session Base Key, finalizing the creation of the authenticated channel. Each user can now use the authenticated channel to send E2EE messages.

To provide forward secrecy and post-compromise security, the E2E Session Base Key is periodically rekeyed, sometimes known as ratcheting. The sender on each side of the connection controls how often a rekey occurs. To initiate a rekey, the client sends new SIDH and DH public keys using the existing authenticated channel. When the recipient responds, the sender can generate a new E2E Session Base Key to create a new version of the authenticated channel, which is functionally identical to the previous authenticated channel but with a different key. These rekeys require an additional message, so they are only sent periodically on an as-needed basis.

Each message in the xx Messenger is encrypted with XChaCha20 symmetric encryption with a keyed hash message authentication code HMAC-SHA256. The key used for encryption is derived from the E2E Session Base Key. In addition, a fingerprint, which only the recipient can use, is included in the message to allow the recipient to look up the same encryption key for that message.

Cryptographic Primitives Summary

Resources

• Sending E2E Messages
• User Key Exchange
• E2E Manager and Storage Implementation
• E2E Cryptographic Library
• Diffie Hellman Cryptographic Library
• Hashing Cryptographic Library
• Cloudflare's SIDH Implementation (in Go)