Difference between revisions of "ID Collisions and Notifications"

From xx network wiki
Jump to navigation Jump to search
m
m
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
= User Discovery =
Typically, user IDs are unique identifiers and have the property of being matched to one user. This allows the users to be strongly identified, based upon an ID alone, making it easy to tell which user is which.


User Discovery (UD) is an xx network service that helps users connect with others by searching via username, email, or phone number. When a user makes their xx messenger account, they create a username and have the option to include other identifiable information in their profile. Other xx messenger users can then use this information to search for users in UD and start communicating.
When sending messages to users, the xx network intentionally has users share their IDs to receive messages–the sender ID details are removed when the message is sent through the xx network.


User Discovery links each piece of profile data with a user’s xx messenger contact, which is a cryptographically generated ID and a public key. When a user searches in UD, the search results display the xx contact details needed to initiate end-to-end encrypted secure communications. Privacy is always guaranteed; users can choose to accept or decline communications from contacts discovered via a UD search.
The goal here is to hide the identification details of which user receives a message and prevent a special type of tagging attack possible within the cMix protocol. You can read about the tagging attack in [https://docs.xx.network/cMix_Tagging_Attack_Analysis_and_Mitigation.pdf cMix Tagging Attack].


User Discovery runs as a client on the xx network. It’s server is maintained by the xx network team. Long term plans are to fully decentralize this service onto the xx network blockchain.
All users have a unique reception ID where they receive messages. When you add a user as a contact, one can see their ID and use it at any time to calculate their Ephemeral ID for a specific moment. Ephemeral IDs rotate once per day, at a random time unique to the recipient.


== User Registration ==
Ephemeral IDs are calculated within a small bit space that is designed to allocate at any given time roughly half as many IDs as the number of users in the network. This ensures that users will be receiving messages meant for other users to guarantee further privacy. However, due to [[End-to-End Encrypted Messaging in xx Messenger|end-to-end encryption]], users cannot read these messages or access any data about the sender or recipient.


During the xx messenger app installation process, users select a unique username that is registered in UD. This registration is completed securely via [https://en.wikipedia.org/wiki/Internet_protocol_suite <span class="underline">TCP/IP</span>] rather than [https://xxnetwork.wiki/What_is_cMix%3F <span class="underline">cMix</span>].
At launch, and at any point where usage drops below a few hundred thousand users, the number of users will be insufficient for this system to function, requiring alternate protections.


After registering their username, xx messenger generates cryptographic information that will be used to identify the user uniquely. This information includes:
== Notifications ==


* An RSA key pair defining a cryptographic identity (known as an ID)
The notifications system relies on shared ephemeral IDs to keep notifications private. When a user registers for notifications, a server run by the xx network team tracks when their current ephemeral ID receives a message and sends a notification. Then their phone processes the notification to detect if the message is actually for the user and will notify if it is. This bot, as well as the notifications provider (currently available for Apple and Google operating systems), do not know when a message is for you due to ID collisions, ensuring message content is private.
* A discrete log Diffie–Helman public key for future key exchanges (3072-bit, in [https://datatracker.ietf.org/doc/html/rfc3526#section-4 <span class="underline">RFC3526</span>])
* An authorization signature from the network
 
Upon receiving their cryptographic information (i.e., by signing the [https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange <span class="underline">Diffie–Hellman</span>] public key with the [https://en.wikipedia.org/wiki/RSA_(cryptosystem) <span class="underline">RSA</span>] key), users upload their username and information to the User Discovery server to complete registration. As a final step in the registration process, xx messenger ensures the username is unique and the information passes all cryptographic checks.
 
=== Registering Further Information ===
 
Users can choose to build out their profile by adding and registering their email address or phone number. Users sign a registration request with their RSA key to send the request for connection, which completes checks before being passed to [https://www.twilio.com <span class="underline">Twilio</span>], a third-party service that will complete the verification process. Once the user confirms their verification code, a salted hash ([https://en.wikipedia.org/wiki/BLAKE_(hash_function) <span class="underline">Blake2b</span>]) of their email or phone number is stored in the database. xx messenger protects users’ personal information and never stores unencrypted plain text on any servers.
 
== Searching for Users ==
 
xx messenger allows users to easily find their connections by searching for their username, email, or phone number. When a user fills in search criteria, xx messenger first salts and hashes the data and then sends it over the [https://xxnetwork.wiki/Anonymous_Data_Retrieval_Protocol <span class="underline">anonymous data retrieval protocol</span>], which utilizes [https://xxnetwork.wiki/What_is_cMix%3F <span class="underline">cMix</span>] and a unique, on-the-fly negotiation format request to search for the user without ever revealing who is searching or who is being searched. When received, the User Discovery server searches for the salted hash in its database. If a match is found, the relevant user’s cryptographic data is returned, allowing the requesting user to form an [https://xxnetwork.wiki/End-to-End_Encrypted_Messaging_in_xx_Messenger <span class="underline">end-to-end</span>] relationship.
 
== Deletion ==
 
A user can delete a piece of their data or their entire registered account at any time. However, this will not remove existing relationships formed based on that data. To fully remove user data and relationships, xx messenger requires a signed statement that will allow the app to completely remove data from the database.


== Cryptographic Primitives Summary ==
== Cryptographic Primitives Summary ==


{| class="wikitable"
{| class="wikitable"
! Algorithm
!style="text-align:left;"| Algorithm  
! Length
!style="text-align:left;"| Length
! Description
!style="text-align:left;"| Description
|-
| Ephemeral ID
| 64 bits (max)
| Weak identification of a network user. Designed such that collisions are probable.
|-
|-
| RSA
| User ID
| 4096 bits
| 264 bits
| Used as the signature algorithm for signing a fact or a key.
| Strong identification of a network user. Designed such that one’s user ID is unique under the [https://en.wikipedia.org/wiki/Birthday_problem Birthday Paradox].
|-
|-
| Blake2b
| BLAKE2B
| 256 bits
| 256 bits
| Algorithm used for hashing facts. It is a faster hashing algorithm that matches or exceeds the security of SHA-3.
| Used for ID generation (ephemeral and user IDs).
|-
| Diffie–Hellman
| 3072 bits
| Discrete log-based component of key negotiation.
|}
|}


== Resources ==
== Resources ==


* [https://git.xx.network/elixxir/client/-/tree/release/ud <span class="underline">User-side Code</span>]
* [https://git.xx.network/xx_network/primitives/-/tree/release/id ID Primitives Library]
* [https://git.xx.network/elixxir/user-discovery-bot <span class="underline">UD-Side Code</span>]
* [https://git.xx.network/xx_network/crypto/-/tree/release/xx ID Generation]
* [https://git.xx.network/elixxir/primitives/-/tree/release/fact <span class="underline">Fact Implementation</span>]
* [https://git.xx.network/xx_network/primitives/-/tree/release/id/ephemeral Ephemeral ID Library]
* [https://git.xx.network/elixxir/crypto/-/tree/release/factID <span class="underline">Fact Cryptographic Library</span>]
* [https://git.xx.network/elixxir/notifications-bot/-/tree/release/notifications Notifications Ephemeral ID Logic]
* [https://git.xx.network/xx_network/primitives/-/tree/release/id <span class="underline">Cryptographic ID Implementation</span>]
* [https://git.xx.network/elixxir/client/-/tree/release/storage/reception User-side Ephemeral ID Logic]
* [https://git.xx.network/xx_network/crypto/-/tree/release/signature/rsa <span class="underline">RSA Signature</span>]

Latest revision as of 22:21, 20 January 2022

Typically, user IDs are unique identifiers and have the property of being matched to one user. This allows the users to be strongly identified, based upon an ID alone, making it easy to tell which user is which.

When sending messages to users, the xx network intentionally has users share their IDs to receive messages–the sender ID details are removed when the message is sent through the xx network.

The goal here is to hide the identification details of which user receives a message and prevent a special type of tagging attack possible within the cMix protocol. You can read about the tagging attack in cMix Tagging Attack.

All users have a unique reception ID where they receive messages. When you add a user as a contact, one can see their ID and use it at any time to calculate their Ephemeral ID for a specific moment. Ephemeral IDs rotate once per day, at a random time unique to the recipient.

Ephemeral IDs are calculated within a small bit space that is designed to allocate at any given time roughly half as many IDs as the number of users in the network. This ensures that users will be receiving messages meant for other users to guarantee further privacy. However, due to end-to-end encryption, users cannot read these messages or access any data about the sender or recipient.

At launch, and at any point where usage drops below a few hundred thousand users, the number of users will be insufficient for this system to function, requiring alternate protections.

Notifications

The notifications system relies on shared ephemeral IDs to keep notifications private. When a user registers for notifications, a server run by the xx network team tracks when their current ephemeral ID receives a message and sends a notification. Then their phone processes the notification to detect if the message is actually for the user and will notify if it is. This bot, as well as the notifications provider (currently available for Apple and Google operating systems), do not know when a message is for you due to ID collisions, ensuring message content is private.

Cryptographic Primitives Summary

Algorithm Length Description
Ephemeral ID 64 bits (max) Weak identification of a network user. Designed such that collisions are probable.
User ID 264 bits Strong identification of a network user. Designed such that one’s user ID is unique under the Birthday Paradox.
BLAKE2B 256 bits Used for ID generation (ephemeral and user IDs).

Resources