Difference between revisions of "ID Collisions and Notifications"

From xx network wiki
Jump to navigation Jump to search
(Created page with " Normally, user IDs have a property of one ID per user. This allows the users to be strongly identified - based upon an ID you know which user is which. When sending message...")
 
m
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Typically, user IDs are unique identifiers and have the property of being matched to one user. This allows the users to be strongly identified, based upon an ID alone, making it easy to tell which user is which.


When sending messages to users, the xx network intentionally has users share their IDs to receive messages–the sender ID details are removed when the message is sent through the xx network.


Normally, user IDs have a property of one ID per user. This allows the users to be strongly identified - based upon an ID you know which user is which.
The goal here is to hide the identification details of which user receives a message and prevent a special type of tagging attack possible within the cMix protocol. You can read about the tagging attack in [https://docs.xx.network/cMix_Tagging_Attack_Analysis_and_Mitigation.pdf cMix Tagging Attack].


When sending messages to users, the xx network intentionally has users share IDs to receive messages (the sender ID is stripped off when sent through the xx network).  
All users have a unique reception ID where they receive messages. When you add a user as a contact, one can see their ID and use it at any time to calculate their Ephemeral ID for a specific moment. Ephemeral IDs rotate once per day, at a random time unique to the recipient.


The goal is twofold - to hide exactly which user receives a message, and to thwart a special type of tagging attack possible within the cMix protocol. You can read about the tagging attack [here](link ben’s paper on the topic).  
Ephemeral IDs are calculated within a small bit space that is designed to allocate at any given time roughly half as many IDs as the number of users in the network. This ensures that users will be receiving messages meant for other users to guarantee further privacy. However, due to [[End-to-End Encrypted Messaging in xx Messenger|end-to-end encryption]], users cannot read these messages or access any data about the sender or recipient.


All users have a unique reception ID - an ID they receive messages at. When you add them as a contact, you learn the ID and can use it to at any time calculate their Ephemeral ID for their specific time. Ephemeral IDs rotate once per day, at a random time unique to the recipient.
At launch, and at any point where usage drops below a few hundred thousand users, the number of users will be insufficient for this system to function, requiring alternate protections.


Ephemeral IDs are calculated within a small bit space - designed such that there are roughly half as many IDs at any given time than the number of users using the network. This ensures that most of the time, you will be receiving messages meant for other users and they are receiving yours. Of course due to [end to end encryption], you are unable to read their messages or know who it is from or for.  
== Notifications ==


At launch, and if usage drops below a few hundred thousand users, the number of users will be insufficient for this system to function.  
The notifications system relies on shared ephemeral IDs to keep notifications private. When a user registers for notifications, a server run by the xx network team tracks when their current ephemeral ID receives a message and sends a notification. Then their phone processes the notification to detect if the message is actually for the user and will notify if it is. This bot, as well as the notifications provider (currently available for Apple and Google operating systems), do not know when a message is for you due to ID collisions, ensuring message content is private.


== Notifications ==
== Cryptographic Primitives Summary ==
The notifications system relies on these shared ephemeral IDs in order to keep your notifications private. When you register for notifications, a server run by the xx network team tracks when your current ephemeral ID receives a message, sending you a notification. Your phone processes the notification to detect if the message is actually for you, and will notify you if it is.  This bot, as well as your notifications provider (currently only Apple and Google) do not know when a message is for you due to ID collisions, keeping you private.


== Cryptographic Primitives Summary ==
{| class="wikitable"
{| class="wikitable"
|Primitive
!style="text-align:left;"| Algorithm
|Length
!style="text-align:left;"| Length
|Description
!style="text-align:left;"| Description
|-
|-
|Ephemeral ID
| Ephemeral ID
|64 bits (max)
| 64 bits (max)
|Weak identification of a user of the network. Designed such that collisions are probable.
| Weak identification of a network user. Designed such that collisions are probable.
|-
|-
|User ID
| User ID
|264 bits
| 264 bits
|Strong identification of a user of the network. Designed such that one’s user ID is unique under the Birthday Paradox.
| Strong identification of a network user. Designed such that one’s user ID is unique under the [https://en.wikipedia.org/wiki/Birthday_problem Birthday Paradox].
|-
|-
|BLAKE2B
| BLAKE2B
|256 bits
| 256 bits
|Used for ID generation (ephemeral and user IDs).
| Used for ID generation (ephemeral and user IDs).
|}
|}


== Resources ==
== Resources ==


* ID Primitives Library
* [https://git.xx.network/xx_network/primitives/-/tree/release/id ID Primitives Library]
* ID Generation  
* [https://git.xx.network/xx_network/crypto/-/tree/release/xx ID Generation]
* Ephemeral ID Library
* [https://git.xx.network/xx_network/primitives/-/tree/release/id/ephemeral Ephemeral ID Library]
* Notifications Ephemeral ID Logic  
* [https://git.xx.network/elixxir/notifications-bot/-/tree/release/notifications Notifications Ephemeral ID Logic]
* User-side Ephemeral ID Logic
* [https://git.xx.network/elixxir/client/-/tree/release/storage/reception User-side Ephemeral ID Logic]

Latest revision as of 22:21, 20 January 2022

Typically, user IDs are unique identifiers and have the property of being matched to one user. This allows the users to be strongly identified, based upon an ID alone, making it easy to tell which user is which.

When sending messages to users, the xx network intentionally has users share their IDs to receive messages–the sender ID details are removed when the message is sent through the xx network.

The goal here is to hide the identification details of which user receives a message and prevent a special type of tagging attack possible within the cMix protocol. You can read about the tagging attack in cMix Tagging Attack.

All users have a unique reception ID where they receive messages. When you add a user as a contact, one can see their ID and use it at any time to calculate their Ephemeral ID for a specific moment. Ephemeral IDs rotate once per day, at a random time unique to the recipient.

Ephemeral IDs are calculated within a small bit space that is designed to allocate at any given time roughly half as many IDs as the number of users in the network. This ensures that users will be receiving messages meant for other users to guarantee further privacy. However, due to end-to-end encryption, users cannot read these messages or access any data about the sender or recipient.

At launch, and at any point where usage drops below a few hundred thousand users, the number of users will be insufficient for this system to function, requiring alternate protections.

Notifications

The notifications system relies on shared ephemeral IDs to keep notifications private. When a user registers for notifications, a server run by the xx network team tracks when their current ephemeral ID receives a message and sends a notification. Then their phone processes the notification to detect if the message is actually for the user and will notify if it is. This bot, as well as the notifications provider (currently available for Apple and Google operating systems), do not know when a message is for you due to ID collisions, ensuring message content is private.

Cryptographic Primitives Summary

Algorithm Length Description
Ephemeral ID 64 bits (max) Weak identification of a network user. Designed such that collisions are probable.
User ID 264 bits Strong identification of a network user. Designed such that one’s user ID is unique under the Birthday Paradox.
BLAKE2B 256 bits Used for ID generation (ephemeral and user IDs).

Resources