Posts

GNUnet Messenger API: September 2025

Hey, a few days ago GNUnet 0.25.0 got released with the latest changes to the CORE layer and containing the new PILS service reducing the risk of being tracked while using GNUnet over a wider area. The MESSENGER service might still have some issues working properly with these changes but I will let you know here when I implemented necessary changes to utilize the new PILS service. This will be necessary because the MESSENGER service actually requires to track peers collaborating in message exchange to some degree. It won’t be necessary to link peer identities to individual chat room members. At the same time switching networks on abstract level like walking around with your mobile device or switching from physical connection to WiFi shouldn’t cause issues, message loss or heavy disconnections. So it will be fun to tackle this! However I’m very optimistic GNUnet is going in the right direction with all this work on its fundamental layers. There are still issues underlying in the TR...
Read more

GNUnet Messenger API: July 2025

Image
Hi there, unfortunately I didn’t make it to write a blog post last month. I was quite busy closing open ends of other projects while there were quite some bugs and issues to be solved in the Messenger service of GNUnet . On the bright side this means I have a lot to talk about this month. Most critical issues could be solved already, test cases of libgnunetchat pass again with all latest changes and the end-to-end encrypted chats seem to work as intended. I am still encountering some issues that messages do not get received immediately from chats or the chats can behave somewhat inconsistent. However it’s likely some condition caused by parallel events or a very specific order of events that’s difficult to reproduce. But these issues only seem to appear on reopening old chats from a previous session. The current sessions simply seem to work properly. Invitations do now respond to input feedback all the time and chat types get visualized depending on actual bits in a chat room’s key....
Read more

GNUnet Messenger API: May 2025

Hi again, to decrease complexity in the account system and key management I decided against separating identity keys from chat accounts and epoch keys for forward secrecy will instead be stored locally using GNS . The keys will be encrypted additionally using a key derived from the private identity key. So only the ownert of this key with storage access will be able to access those epoch and group keys to further access encrypted messages of certain epochs in the message graph. With those changes I could get rid of bigger API changes in the Messenger service . Key management is completely automatized now, once you provide a private key to the client API. So that makes further implementation a lot easier and it shouldn’t hurt confidentiality. As next step I want to improve the key exchange in regard to implement perfect forward secrecy. So that in case your long-term identity key gets into hands of an attacker, it’s still impossible to retrieve old epoch keys and access messages exch...
Read more

GNUnet Messenger API: March 2025

Hello again, since last month I tried to optimize the mechanism of forward secrecy further and indeed I was able to reduce the amount of messages required for a whole key exchange in a new epoch. So rather than scaling N scare if N is the amount of epoch members, it seems to scale linear now. That is quite an improvement but there’s still room for more adjustments. For example I realized recently that the current implementation is not providing perfect forward secrecy yet. That means if your long-term private key (the identity key to sign messages) gets compromised, an attacker might still be able to access messages from older epochs by request its keys from others. So to mitigate this, it will require changes that restrict requests of older epoch keys much more. Additionally deriving epoch keys via KDF could be adjusted to make it much more difficult to brute-force any epoch key from messages with HMAC using keys from the KDF. Once that’s done, there’s still work to do for allow...
Read more

GNUnet Messenger API: February 2025

Image
Hi again, My progress on the forward secrecy in the Messenger service of GNUnet is coming to a state where I have proper testing and results. You can find the current state of tests and benchmarks in a development branch of libgnunetchat which utilize a new ping tool for the Messenger service. The tool sends a TEXT message into a selected chat room and waits for other clients using the same tool but acting as receiver to send a TAG message back choosing the TEXT message as target. As a result the sender will measure and print out the delay between sending and receiving the response. Like that it’s possible to measure latency added via the implemented forward secrecy as well as its key exchange mechanism. The results so far are a mixed bag to be honest. Good news is that latency and general cost by symmetric encryption is negligible once the key for an epoch is exchanged. However bad news is that the amount of messages required for a proper key exchange as well as group formation...
Read more

GNUnet Messenger API: January 2025

Hello there, so I got some news for you again regarding my progress on the GNUnet Messenger service as well as the applications. Because there has been a GNUnet release last month which made libgnunetchat and the messenger applications using it incompatible, I needed to implement some changes, fixes and announced a new release . The forward secrecy I’m implementing in the Messenger service of GNUnet is still on development branch though. It will take some time until those changes are ready for release. But I got quite a bit of progress. The members of a chat actually start building groups, exchanging keys to form a tree structure as suggested in my last post from December . If any member of such a group is missing an epoch key, they will delay depending on their position inside their group the appeal for the missing key to then authorize the whole group after gaining access. This way ideally just one member will send an appeal, receive access, send an authorization and the rest of ...
Read more

Development in 2024

Hey everyone, welcome to my yearly recap of the year 2024. What happened? What did I work on? Well, quite a lot actually. So let’s start with the biggest project and continue from there. The GNUnet Messenger got funding from NLnet again as I mentioned in the end of last year. The new goal was to improve usability and add new features. What features are we talking about exactly? My concept was to achieve feature parity with most popular messaging apps but sticking to a decentralized context. For example I wanted to add profile pictures. But we can’t simply upload image files to a profile picture server/provider and poll from there for any new contact we get. So the solution required a bit of hacking around in the back-end. I used reclaimID from GNUnet to allow users sharing personal information with selected contacts of their choice and profile pictures may be such personal information for example. That means we can upload encrypted image files to a decentralized file sharing ser...
Read more