Difference between revisions of "End-to-End Encrypted Messaging in xx Messenger"

From xx network wiki
Jump to navigation Jump to search
(Created page with " End-to-End Encrypted Messaging in xx Messenger End-to-End Encrypted (E2EE) messaging provides secure and private text messaging where only the sender and receiver can read...")
 
m
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
[https://en.wikipedia.org/wiki/End-to-end_encryption End-to-End Encrypted (E2EE)] messaging is a way to securely and privately communicate with connections—only the sender and receiver can read the contents of their messages. While [[What is cMix|cMix]] protects your metadata (the who, what, when, and where of your communications), the E2EE between clients on the xx network provides the additional guarantee that no third party can decipher data that is processed and stored. End-to-end encryption keeps your message content private from third parties, including cMix nodes, nodes’ internet service providers, cell phone companies, and any other telecommunications devices or malicious actors on the internet–your data belongs to you, and only you. We call these E2EE links authenticated channels.


In xx messenger, we provide E2EE messaging that is protected against threats from quantum computers. We accomplish this by using a key exchange algorithm that uses [https://en.wikipedia.org/wiki/Post-quantum_cryptography post-quantum cryptography] combined with a known-secure regular key exchange algorithm, ensuring that an attacker trying to break the protocol must break both to be successful. The xx network uses the [https://sike.org/files/SIDH-spec.pdf Supersingular Isogeny Diffie–Helman] (SIDH) algorithm for post-quantum key exchange and the classic [https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange Diffie–Helman] (DH) algorithm for regular key exchange.


End-to-End Encrypted Messaging
To create an authenticated channel for E2EE messaging, the xx messenger needs the xx contact (public cryptographic identity key) to establish encryption. Users can obtain these keys in one of two ways:


in xx Messenger
# Exchanging QR codes with another user
# Looking up another user with the User Discovery search function


End-to-End Encrypted (E2EE) messaging provides secure and private text messaging where only the sender and receiver can read the contents of their messages. Where [cMix] protects metadata (the who, what, when, and where of your communications), the E2EE between clients on the xx network provides the additional guarantee that no third party can decipher the data they process and store. End-to-End encryption protects the contents of users’ messages from cMix nodes, their internet service providers, the cell phone company, and any other telecommunications devices or malicious actors on the internet. We call these E2EE links authenticated channels.
After acquiring the other users’ xx contact, the xx messenger sends an authentication request message containing the SIDH and DH public keys needed to initiate the key exchange. The recipient responds with their own SIDH and DH public keys, and the original sender sends a final confirmation message.


In the xx Messenger, we provide E2EE messaging that is also secure against quantum computers. We accomplish this with a key exchange algorithm that uses post-quantum cryptography combined with a known-secure regular key exchange algorithm, ensuring that an attacker wishing to break the protocol must break both to be successful. The xx network uses the Supersingular Isogeny Diffie–Helman (SIDH) algorithm for post-quantum key exchange and the classic Diffie–Helman (DH) algorithm for regular key exchange.
After receiving the other user’s SIDH and DH public keys, xx messenger computes the shared SIDH and shared DH secrets. It then combines these secrets with a hash algorithm (BLAKE2B) to form the E2E Session Base Key. This step finalizes the authenticated channel creation–each user can now send E2EE messages.


To create an authenticated channel for E2EE messaging, the xx Messenger needs the xx contact (public cryptographic identity key). Users can get these keys in one of two ways:
To provide [https://en.wikipedia.org/wiki/Forward_secrecy forward secrecy] and [https://eprint.iacr.org/2016/221.pdf post-compromise security], the E2E Session Base Key is periodically re-keyed in a process sometimes known as [http://cryptowiki.net/index.php?title=Ratcheted_encryption ratcheting]. The sender on each side of the connection controls how often a re-key occurs. To initiate a re-key, the client sends new SIDH and DH public keys using the authenticated channel already in place. When the recipient responds, the sender can generate a new E2E Session Base Key to create a new version of the authenticated channel, which is functionally identical to the previous authenticated channel but a different key. These rekeys require an additional message, so they are only sent on an as-needed basis.


# Exchange QR codes with another user.
Each message in the xx messenger is encrypted with [https://cr.yp.to/chacha/chacha-20080128.pdf XChaCha20 symmetric encryption] with a keyed hash [https://en.wikipedia.org/wiki/Message_authentication_code message authentication code] [https://datatracker.ietf.org/doc/html/rfc2104 HMAC-SHA256]. The key used for encryption is derived from the E2E Session Base Key. In addition, a fingerprint, which only the recipient can use, is included in the message to allow the recipient to look up the same encryption key for that message.
# Look up another user with User Discovery using the search function.


After acquiring the other users’ xx contact, the xx Messenger sends an authentication request message containing the SIDH and DH public keys required to initiate the key exchange. The recipient responds with their own SIDH and DH public keys, and the original sender sends a final confirmation message.
== Cryptographic Primitives Summary ==


After receiving the other user’s SIDH and DH public keys, the xx Messenger computes the shared SIDH and shared DH secrets. It then combines these secrets with a hash algorithm (BLAKE2B) to form the E2E Session Base Key, finalizing the creation of the authenticated channel. Each user can now use the authenticated channel to send E2EE messages.
To provide forward secrecy and post-compromise security, the E2E Session Base Key is periodically rekeyed, sometimes known as ratcheting. The sender on each side of the connection controls how often a rekey occurs. To initiate a rekey, the client sends new SIDH and DH public keys using the existing authenticated channel. When the recipient responds, the sender can generate a new E2E Session Base Key to create a new version of the authenticated channel, which is functionally identical to the previous authenticated channel but with a different key. These rekeys require an additional message, so they are only sent periodically on an as-needed basis.
Each message in the xx Messenger is encrypted with XChaCha20 symmetric encryption with a keyed hash message authentication code HMAC-SHA256. The key used for encryption is derived from the E2E Session Base Key. In addition, a fingerprint, which only the recipient can use, is included in the message to allow the recipient to look up the same encryption key for that message.
== Cryptographic Primitives Summary ==
{| class="wikitable"
{| class="wikitable"
|Algorithm
!style="text-align:left;"| Algorithm  
|Length
!style="text-align:left;"| Length
|Description
!style="text-align:left;"| Description
|-
|-
|ChaCha20
| ChaCha20
|256 bits
| 256 bits
|Messages and payloads are encrypted by ChaCha20.
| Messages and payloads are encrypted by ChaCha20.
|-
|-
|BLAKE2B
| BLAKE2B
|256 bits
| 256 bits
|Used as part of key generation, key expansion, identity generation, and identification codes. Used to combine Diffie–Helman and SIDH keys after key integration.
| Used as part of key generation, key expansion, identity generation, and identification codes. Used to combine Diffie–Helman and SIDH keys after key integration.
|-
|-
|SHA256
| SHA256
|256 bits
| 256 bits
|Message HMACs
| Message HMACs
|-
|-
|Diffie–Helmen
| Diffie–Helmen
|3072 bits
| 3072 bits
|Discrete log-based component of key negotiation.
| Discrete log-based component of key negotiation.
|-
|-
|SIDH
| SIDH
|3024 bits
| 3024 bits
|Quantum resistant component of key negotiation.
| Quantum-resistant component of key negotiation.
|}
|}


== Resources ==
== Resources ==


* Sending E2E Messages
* [https://git.xx.network/elixxir/client/-/blob/release/network/message/sendE2E.go Sending E2E Messages]
* User Key Exchange
* [https://git.xx.network/elixxir/client/-/tree/release/keyExchange User Key Exchange]
* E2E Manager and Storage Implementation
* [https://git.xx.network/elixxir/client/-/tree/release/storage/e2e E2E Manager and Storage Implementation]
* E2E Cryptographic Library
* [https://git.xx.network/elixxir/crypto/-/tree/release/e2e E2E Cryptographic Library]
* Diffie Hellman Cryptographic Library  
* [https://git.xx.network/elixxir/crypto/-/tree/release/diffieHellman Diffie Hellman Cryptographic Library]
* Hashing Cryptographic Library  
* [https://git.xx.network/elixxir/crypto/-/tree/release/hash Hashing Cryptographic Library]
* Cloudflare's SIDH Implementation (in Go)
* [https://github.com/cloudflarearchive/sidh Cloudflare's SIDH Implementation (in Go)]

Latest revision as of 22:20, 20 January 2022

End-to-End Encrypted (E2EE) messaging is a way to securely and privately communicate with connections—only the sender and receiver can read the contents of their messages. While cMix protects your metadata (the who, what, when, and where of your communications), the E2EE between clients on the xx network provides the additional guarantee that no third party can decipher data that is processed and stored. End-to-end encryption keeps your message content private from third parties, including cMix nodes, nodes’ internet service providers, cell phone companies, and any other telecommunications devices or malicious actors on the internet–your data belongs to you, and only you. We call these E2EE links authenticated channels.

In xx messenger, we provide E2EE messaging that is protected against threats from quantum computers. We accomplish this by using a key exchange algorithm that uses post-quantum cryptography combined with a known-secure regular key exchange algorithm, ensuring that an attacker trying to break the protocol must break both to be successful. The xx network uses the Supersingular Isogeny Diffie–Helman (SIDH) algorithm for post-quantum key exchange and the classic Diffie–Helman (DH) algorithm for regular key exchange.

To create an authenticated channel for E2EE messaging, the xx messenger needs the xx contact (public cryptographic identity key) to establish encryption. Users can obtain these keys in one of two ways:

  1. Exchanging QR codes with another user
  2. Looking up another user with the User Discovery search function

After acquiring the other users’ xx contact, the xx messenger sends an authentication request message containing the SIDH and DH public keys needed to initiate the key exchange. The recipient responds with their own SIDH and DH public keys, and the original sender sends a final confirmation message.

After receiving the other user’s SIDH and DH public keys, xx messenger computes the shared SIDH and shared DH secrets. It then combines these secrets with a hash algorithm (BLAKE2B) to form the E2E Session Base Key. This step finalizes the authenticated channel creation–each user can now send E2EE messages.

To provide forward secrecy and post-compromise security, the E2E Session Base Key is periodically re-keyed in a process sometimes known as ratcheting. The sender on each side of the connection controls how often a re-key occurs. To initiate a re-key, the client sends new SIDH and DH public keys using the authenticated channel already in place. When the recipient responds, the sender can generate a new E2E Session Base Key to create a new version of the authenticated channel, which is functionally identical to the previous authenticated channel but a different key. These rekeys require an additional message, so they are only sent on an as-needed basis.

Each message in the xx messenger is encrypted with XChaCha20 symmetric encryption with a keyed hash message authentication code HMAC-SHA256. The key used for encryption is derived from the E2E Session Base Key. In addition, a fingerprint, which only the recipient can use, is included in the message to allow the recipient to look up the same encryption key for that message.

Cryptographic Primitives Summary

Algorithm Length Description
ChaCha20 256 bits Messages and payloads are encrypted by ChaCha20.
BLAKE2B 256 bits Used as part of key generation, key expansion, identity generation, and identification codes. Used to combine Diffie–Helman and SIDH keys after key integration.
SHA256 256 bits Message HMACs
Diffie–Helmen 3072 bits Discrete log-based component of key negotiation.
SIDH 3024 bits Quantum-resistant component of key negotiation.

Resources