Secret messages (PoC)

I’ve been thinking of some use cases where it could be useful to be able to send secret messages on-chain (and off-chain) in such a way that only the intended recipient could decrypt the message.

Cryptography isn’t exactly my area of expertise but I’m interested in the possibilities cryptography can offer us so I dipped my toes in and made a simple proof-of-concept implementation of sending encrypted on-chain messages using the Sodium cryptography library. This PoC allows you to send an encrypted message to a NoM address that can only be decrypted by the address’ owner.

Since NoM uses the Ed25519 signature scheme we can convert a keypair into X25519 and then encrypt a message for a public key so that the message can only be decrypted with the corresponding private key.
This allows us to send an encrypted message to a recipient who can decrypt the message using their keypair.

The modified CLI wallet can be found here: GitHub - vilkris4/znn_cli_dart at secret_messages

The wallet requires the libsodium library to work.

On Windows it’s easiest to download the pre-built DLL and copy it to the CLI’s folder: Installation - Libsodium documentation (I used libsodium-1.0.18-stable-msvc.zip)
On Mac you can use Homebrew to install libsodium: libsodium — Homebrew Formulae

Example

I added two commands to the wallet: sendEncryptedMessage and decryptMessage

An example of sending an encrypted message to address z1qrgnzs4jh2yfldarepysqgsukgdmwmqw5v0t7c:

.\znn-cli.exe sendEncryptedMessage z1qrgnzs4jh2yfldarepysqgsukgdmwmqw5v0t7c “This is top secret information.”

An example of the recipient decrypting the message:

.\znn-cli.exe decryptMessage CTZYfOLO1j4ZeMhL4MEgnJ1FRbpcBfpPDwRWE/rvyA9gL0AAmAI91jcWY/IhkH/ExeTUW76Zs8fLr8/6bk3NNHN98b/Pl+YzSoaNc9BgDw==

Output:

This is top secret information.

In this example the recipient has to get the encrypted message from the explorer by viewing the transaction that has the message and then copying the contents of the data property into the terminal:

It’s worth noting that these encrypted messages can be sent off-chain as well but for this PoC I wanted to make it on-chain.

If someone wants to try it out, DM me your address and I can send you an encrypted message.

6 Likes

I’m going to try this out. How does the recipient know they received a message? Does it show as received 0 ZNN?

Great, let me know if you need help. There’s no “standard” for sending these messages so specifically informing the user of a new encrypted message isn’t really possible now. The messages are sent with 0 value and with the empty token standard zts1qqqqqqqqqqqqqqqqtq587y.

1 Like

I wasn’t aware that you could send an AccountBlock with emptyTokenStandard.
Thank you for sharing!

Vilkris, do you have a plan for these new functions?
I suspect there is low usage of znn-cli within the community; did you want to make this more accessible to users?

It seems any address can generate/send these messages… I fear this functionality will be abused.

Not really any immediate plans. Like I mentioned on Discord these could be used to allow delegators access to services for example but that needs work to turn it into a reality. I’m thinking that some type of messaging system in Syrius would be very nice but I’m not sure if this approach would be the best for that.

You mean like spam messages? Yeah that could cause some headache.

1 Like

I think we should really look into a Dart based implementation of the Signal protocol. Afaik Mr. Kaine proposed an off-chain messaging layer based on it. Mixin desktop app uses it and I also found this social media app using it. I’ll need to check what Mr. Kaine was proposing a while back. I see that there is a Rust based implementation that’s actively maintained by Signal.

Also I don’t think on-chain messages are a good idea right now.

Further reading:

2 Likes

Thanks for the links. I’ll do some reading on the protocol.

3 Likes

I found a very nice explanation of the Signal Protocol worth reading @vilkris

I think leveraging a robust messaging protocol that has stood the test of time and uses state-of-the-art cryptography can extend the capabilities of NoM greatly in the future.

2 Likes

I was researching state of the art peer to peer protocols and I found Citadel Protocol: “A post-quantum signal-like protocol that makes developing hyper-secure client-to-server and p2p applications easy”.

The guy developing it seems interested in accessing funds to cover R&D costs. Maybe we could tell him about AZ and funding an implementation of a blockchain peer-to-peer layer for Zenon.

4 Likes

Nice find. Definitely something worth looking into. @mehowbrainz Any thoughts on what would be the best way to approach such a person?

2 Likes

this looks pretty interesting. I was trying to figure out what LUSNA is exactly. I don’t see a website for it.

Maybe LUSNA is the “platform” and Citadel-Protocol is the protocol for the platform.

I think we just email him. I’m happy to do that from my work email so it does not look like some scam. I could introduce the project and refer him to this link to start a discussion. I might consider funding this in USD and take the AZ awards myself if he does not want crypto. Looks like he wants cash. But you never know. LMK if you guys want me to do this. @mehowbrainz could do it too.

2 Likes

Worst case is we get elliptical curve security if we follow this recommendation.

Check out the network architecture. Wonder if this can be run on our public nodes, rather than rely on one server.

“Authentication to a central node is required before making peer-to-peer connections. There is both device-dependent auth as well as credentialed authentication backed by the argon2id hashing algorithm.”

I could send him an email. Would need some help from technical minds here to writeup a the technical aspects of the pitch. I can fill the rest.

Topic moved to ╰ Funding | Staging

@vilkris look at this Signal Dart library.