Difference between revisions of "User Discovery"

From xx network wiki
Jump to navigation Jump to search
m (Protected "User Discovery" ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite)))
m
Line 1: Line 1:
User Discovery (UD) is an xx network service that helps users connect with others by searching via username, email, or phone number. When a user makes their xx messenger account, they create a username and have the option to include other identifiable information in their profile. Other xx messenger users can then use this information to search for users in UD and start communicating.


User Discovery links each piece of profile data with a user’s xx messenger contact, which is a cryptographically generated ID and a public key. When a user searches in UD, the search results display the xx contact details needed to initiate end-to-end encrypted secure communications. Privacy is always guaranteed; users can choose to accept or decline communications from contacts discovered via a UD search.


User Discovery (UD) is an xx network service that users can use to look up and connect with other users via their username, email, or phone number. When a user creates an account, they must register a username with UD and may optionally register other personally identifiable information. Then, others can use this data to look up that user and initiate communication.
User Discovery runs as a client on the xx network. It’s server is maintained by the xx network team. Long term plans are to fully decentralize this service onto the xx network blockchain.
 
User Discovery links each piece of data with a user’s xx contact, a cryptographically generated ID, and a public key. When a user searches for another user’s fact in UD, it provides the xx contact that can be used to initiate end-to-end encrypted secure communications; the xx contact can choose to accept or decline this communication.


== User Registration ==
== User Registration ==
While installing and setting the xx Messenger app, a user selects a unique username by registering it with UD. This registration is done over regular TCP/IP, not [cMix].
During the xx messenger app installation process, users select a unique username that is registered in UD. This registration is completed securely via TCP/IP rather than [cMix].


The user generates cryptographic information that will be used to determine their identity. This information includes:
After registering their username, xx messenger generates cryptographic information that will be used to identify the user uniquely. This information includes:


* An RSA key pair defining a cryptographic identity (known as an ID)
* An RSA key pair defining a cryptographic identity (known as an ID)
* a discrete log Diffie–Helman public key for future key exchanges (3072-bit, in <nowiki>https://datatracker.ietf.org/doc/html/rfc3526#section-4</nowiki>)
* A discrete log Diffie–Helman public key for future key exchanges (3072-bit, in [https://datatracker.ietf.org/doc/html/rfc3526#section-4 RFC3526])
* Authorization signature from the network
* An authorization signature from the network


The user sends all this info (signing the Diffie–Hellman public key with the RSA key), including a new username, to the User Discovery Server to register.
Upon receiving their cryptographic information (i.e., by signing the Diffie–Hellman public key with the RSA key), users upload their username and information to the User Discovery server to complete registration. As a final step in the registration process, xx messenger ensures the username is unique and the information passes all cryptographic checks.
 
Assuming the username is unique and all cryptographic checks pass, the user is registered with the passed identity.


=== Registering Further Information ===
=== Registering Further Information ===
A user has the optional ability to register an email address or a phone number by sending a registration request signed by their RSA key. Then, assuming checks pass, the data is passed to Twilio, a third-party service that sends the user a verification code. Once the user returns the verification code and it is authenticated, a salted hash (Blake2b) of the email or phone number is stored in the database—no personal information is kept in unencrypted plain text on any servers.
Users can choose to build out their profile by adding and registering their email address or phone number. Users sign a registration request with their RSA key to send the request for connection, which completes checks before being passed to Twilio, a third-party service that will complete the verification process. Once the user confirms their verification code, a salted hash (Blake2b) of their email or phone number is stored in the database. xx messenger protects users’ personal information and never stores unencrypted plain text on any servers.


== Searching for Users ==
== Searching for Users ==
A user can search for another by username, email, or phone number. To do so, the xx Messenger salts and hashes the data and then sends it over the [anonymous data retrieval protocol], which utilizes [cMix] and a special, on-the-fly negotiation format request to search for the user without revealing who is searched.
xx messenger allows users to easily find their connections by searching for their username, email, or phone number. When a user fills in search criteria, xx messenger first salts and hashes the data and then sends it over the [anonymous data retrieval protocol], which utilizes [cMix] and a unique, on-the-fly negotiation format request to search for the user without ever revealing who is searching or who is being searched. When received, the User Discovery server searches for the salted hash in its database. If a match is found, the relevant user’s cryptographic data is returned, allowing the requesting user to form an [end-to-end] relationship.
 
When received, the User Discovery server searches the salted hash in its database. If a collision is found, the related user’s cryptographic data is returned, allowing the requesting user to form an [end-to-end] relationship with them.


== Deletion ==
== Deletion ==
A user can delete a piece of data or their entire registration at any time. However, this will not remove existing relationships formed based on that data. To do so, the xx Messenger submits a signed statement, at which point the passed operation will be executed and removed from the database.
A user can delete a piece of their data or their entire registered account at any time. However, this will not remove existing relationships formed based on that data. To fully remove user data and relationships, xx messenger requires a signed statement that will allow the app to completely remove data from the database.


== Cryptographic Primitives Summary ==
== Cryptographic Primitives Summary ==
Line 41: Line 37:
|Blake2b
|Blake2b
|256 bits
|256 bits
|Algorithm used for hashing facts. It is a faster hashing algorithm but at least as secure as SHA-3.
|Algorithm used for hashing facts. It is a faster hashing algorithm that matches or exceeds the security of SHA-3.
|-
|-
|Diffie–Hellman
|Diffie–Hellman

Revision as of 20:24, 20 January 2022

User Discovery (UD) is an xx network service that helps users connect with others by searching via username, email, or phone number. When a user makes their xx messenger account, they create a username and have the option to include other identifiable information in their profile. Other xx messenger users can then use this information to search for users in UD and start communicating.

User Discovery links each piece of profile data with a user’s xx messenger contact, which is a cryptographically generated ID and a public key. When a user searches in UD, the search results display the xx contact details needed to initiate end-to-end encrypted secure communications. Privacy is always guaranteed; users can choose to accept or decline communications from contacts discovered via a UD search.

User Discovery runs as a client on the xx network. It’s server is maintained by the xx network team. Long term plans are to fully decentralize this service onto the xx network blockchain.

User Registration

During the xx messenger app installation process, users select a unique username that is registered in UD. This registration is completed securely via TCP/IP rather than [cMix].

After registering their username, xx messenger generates cryptographic information that will be used to identify the user uniquely. This information includes:

  • An RSA key pair defining a cryptographic identity (known as an ID)
  • A discrete log Diffie–Helman public key for future key exchanges (3072-bit, in RFC3526)
  • An authorization signature from the network

Upon receiving their cryptographic information (i.e., by signing the Diffie–Hellman public key with the RSA key), users upload their username and information to the User Discovery server to complete registration. As a final step in the registration process, xx messenger ensures the username is unique and the information passes all cryptographic checks.

Registering Further Information

Users can choose to build out their profile by adding and registering their email address or phone number. Users sign a registration request with their RSA key to send the request for connection, which completes checks before being passed to Twilio, a third-party service that will complete the verification process. Once the user confirms their verification code, a salted hash (Blake2b) of their email or phone number is stored in the database. xx messenger protects users’ personal information and never stores unencrypted plain text on any servers.

Searching for Users

xx messenger allows users to easily find their connections by searching for their username, email, or phone number. When a user fills in search criteria, xx messenger first salts and hashes the data and then sends it over the [anonymous data retrieval protocol], which utilizes [cMix] and a unique, on-the-fly negotiation format request to search for the user without ever revealing who is searching or who is being searched. When received, the User Discovery server searches for the salted hash in its database. If a match is found, the relevant user’s cryptographic data is returned, allowing the requesting user to form an [end-to-end] relationship.

Deletion

A user can delete a piece of their data or their entire registered account at any time. However, this will not remove existing relationships formed based on that data. To fully remove user data and relationships, xx messenger requires a signed statement that will allow the app to completely remove data from the database.

Cryptographic Primitives Summary

Algorithm Length Description
RSA 4096 bits Used as the signature algorithm for signing a fact or a key.
Blake2b 256 bits Algorithm used for hashing facts. It is a faster hashing algorithm that matches or exceeds the security of SHA-3.
Diffie–Hellman 3072 bits Discrete log-based component of key negotiation.

Resources

  • User-side Code
  • UD-Side Code
  • Fact Implementation
  • Fact Cryptographic Library
  • Cryptographic ID Implementation
  • RSA Signature