User Discovery

From xx network wiki
Revision as of 19:20, 22 January 2022 by Jono (talk | contribs)
Jump to navigation Jump to search
This is a team contributed page

User Discovery

User Discovery (UD) is an xx network service that helps users connect with others by searching via username, email, or phone number. When a user makes their xx messenger account, they create a username and have the option to include other identifiable information in their profile. Other xx messenger users can then use this information to search for users in UD and start communicating.

User Discovery links each piece of profile data with a user’s xx messenger contact, which is a cryptographically generated ID and a public key. When a user searches in UD, the search results display the xx contact details needed to initiate end-to-end encrypted secure communications. Privacy is always guaranteed; users can choose to accept or decline communications from contacts discovered via a UD search.

User Discovery runs as a client on the xx network. It’s server is maintained by the xx network team. Long term plans are to fully decentralize this service onto the xx network blockchain.

User Registration

During the xx messenger app installation process, users select a unique username that is registered in UD. This registration is completed securely via TCP/IP rather than cMix.

After registering their username, xx messenger generates cryptographic information that will be used to identify the user uniquely. This information includes:

  • An RSA key pair defining a cryptographic identity (known as an ID)
  • A discrete log Diffie–Helman public key for future key exchanges (3072-bit, in RFC3526)
  • An authorization signature from the network

Upon receiving their cryptographic information (i.e., by signing the Diffie–Hellman public key with the RSA key), users upload their username and information to the User Discovery server to complete registration. As a final step in the registration process, xx messenger ensures the username is unique and the information passes all cryptographic checks.

Registering Further Information

Users can choose to build out their profile by adding and registering their email address or phone number. Users sign a registration request with their RSA key to send the request for connection, which completes checks before being passed to Twilio, a third-party service that will complete the verification process. Once the user confirms their verification code, a salted hash (Blake2b) of their email or phone number is stored in the database. xx messenger protects users’ personal information and never stores unencrypted plain text on any servers.

Searching for Users

xx messenger allows users to easily find their connections by searching for their username, email, or phone number. When a user fills in search criteria, xx messenger first salts and hashes the data and then sends it over the anonymous data retrieval protocol, which utilizes cMix and a unique, on-the-fly negotiation format request to search for the user without ever revealing who is searching or who is being searched. When received, the User Discovery server searches for the salted hash in its database. If a match is found, the relevant user’s cryptographic data is returned, allowing the requesting user to form an end-to-end relationship.

Deletion

A user can delete a piece of their data or their entire registered account at any time. However, this will not remove existing relationships formed based on that data. To fully remove user data and relationships, xx messenger requires a signed statement that will allow the app to completely remove data from the database.

Cryptographic Primitives Summary

Algorithm Length Description
RSA 4096 bits Used as the signature algorithm for signing a fact or a key.
Blake2b 256 bits Algorithm used for hashing facts. It is a faster hashing algorithm that matches or exceeds the security of SHA-3.
Diffie–Hellman 3072 bits Discrete log-based component of key negotiation.

Resources