GNUnet Messenger API: November 2024

Hey again,

It has been a few months since I last posted here since I finished my major project of the video and audio chat in the GNUnet Messenger application. I took a short break and now I’m working on a completely different part in the service again. So not a lot of visual progress but technical details to brag about.

The plan is to finally implement proper forward secrecy into the Messenger service in GNUnet. So a theoretical attacker can not access or read messages posted prior to their event joining a group chat. This is ensured by encrypting the content of messages with a key that changes every time, a client joins or leaves a chat. Additionally because chains of events can diverge in the Messenger service a merge event of two message chains that use different keys will also cause a new key generation and exchange.

The big problem I’m trying to solve is how to make this most efficient without relying or trusting a central entity. Because the whole service is designed from ground up to be utilized in a decentralized way without such a central entity. Which is why the first problem to address when generating and exchanging a new key needs to be done: “Who will generate the key?” And the answer is of course: “Everyone but hopefully not everyone at the same time because we don’t want to end up with a ton of keys but ideally one.”

So the protocol needs to address who generates the key and when, reducing conflicts and concurrency without putting more trust on one entity than any other. Additionally it is important to setup a way to retrieve or exchange the key but only with the parties that should get access to it, nobody else. Last problem is to reduce traffic as much as possible, so every time a bot, spammer or attacker joins a chat, we don’t start a whole new excessive round of key exchange operations that might never end. Because obviously this can also be an attack vector to starve or at least slow down operations.

So far I’m having fun implementing my ideas and concepts. But I want to be sure they are not completely awful and have bare minimum of testing before I present them here. This will actually be part of my studies. So results are intended to be more scientific than my typical projects which start as idea, go into experimental phase and potentially end up working to some degree. Ideally it may be comparable in many properties to the MLS protocol.

I’ve definitely figured that it makes sense for the service to finally differentiate between public and private chats. Because all those key exchanges to have forward secrecy might not scale well enough for public chats. Also I doubt it would have real benefits in public chats where anyone can join at any time. But at least the private chats will heavily benefit from the added security. I also try to take post compromise secrecy into account which is a concept intended to not leak all future information once there has been a temporary breach. It does require clients to notice or suspect a leak though for functioning from what I understand. So that’s kind of difficult to implement if you take into account that not all users will understand the implications of a data leak, its effects and such.

But the goal is to think of all users, I assume. On the bright side: If the whole thing works for groups of any size, it will work in private chats with only one other contact too.

Kind regards,
Jacki

Read original article

Popular posts from this blog

GNUnet Messenger API: March

Image
Hi again, Last time I had big hopes to make enough progress for a first release. But I think I’m gonna delay that a bit (maybe still this month but we will see) even though I could actually complete the things, I anticipated. However here is finally the long promised video of it running on the Pinephone Pro because there’s still much to show. The back-end of the messenger-gtk application called libgnunetchat now uses the GNUnet Name Store service to manage your chats instead of using a local directory and some configuration files for each chat as before. This means that it is now possible to start the application from any directory and it will properly sync the chats depending on the account/identity selected. Next big feature is that it is possible to generate so called lobbies. Lobbies are empty chat rooms which will be shared in form of a GNS record under a newly generated zone instead of your own identity zone. This has multiple reasons: Technically your own key could ...
Read more

GNUnet Messenger API: February

Image
Hi there, At the beginning of the month I didn’t think to make that much progress. But now I get the feeling that the GUI client could come to an end next month. Why do I have this feeling? It’s looking really good already, not gonna lie. So as stated in my last update in January, loading older messages needs to be implemented as well as switching accounts during runtime. Now it is. Getting older messages still needs some tweaking to not load all older messages but it’s good enough for now. image of messenger-gtk account selection Switching accounts was more difficult to implement because I had to go back looking into the Messenger service of GNUnet itself, fixing that the service will run as user to make use of the same EGOs as the client side library in multi-user setups. The client side library ( libgnunetchat ) now exposes each of your EGOs as account with name and own directory to store the files and configurations used by the applications. Another benefit of this is tha...
Read more

GNUnet Messenger API: September

Image
Hey, this is the last post under the topic “GNUnet Messenger API”. As mentioned last time I only had a few remaining things to implement in the messenger-cli application. So that is pretty much what I did with some small caveats. The only thing not working as planned is file sharing. Let me explain this: You can already write a file path to your text input and it will send the file. When a file gets received, you can select the message, hit ENTER and download the file. However depending on your GNUnet setup uploading a file might not work. This seems to depend on user access permissions of your selected files. The best work-around I know is to use a single-user installation for GNUnet. But I hope that this can be solved properly, so users don’t have to mess with configurations. More information about this issue can be found here . The second missing part is that you can technically download the file and progress of that will be visualized. However there’s still no opt...
Read more