September 2023 update
Published on September 5, 2023 by Andre Staltz
This time I bring you a small Manyverse release, and progress report on how private messaging will work in the new protocol.
Manyverse version 0.2309.4 has one small feature added by Andrew Chou:
- 🎉 Feature: show compose button on hashtag search
Make sure to update! About private messaging in the upcoming PPPPP, it wasn't as easy as I anticipated. I was reminded of something Dominic and Keks said when designing private groups: "[...] interactions between hard problems in cryptography and hard problems in distributed systems." I went through a couple of alternatives, and it seemed like every time I found a design that works, a deal breaker problem was uncovered. Gladly, in the end we have a design that works, but let me tell the story first.
We need to accommodate the following requirements:
- - Private messages between two accounts, without revealing content nor recipient
- - Private groups where members can be added and removed, and where messages are encrypted to all members, without revealing content nor group members
- - Outsiders should be able to replicate encrypted messages, if they want to altruistically help the improve gossip availability
For private messages, we would use the same "private-box" design as SSB uses, but with an increased capacity for more recipients. This led to a discussion on the performance downside of supporting more recipients. In the end, we ended up scraping that plan because envelope-spec (the new SSB design for private messaging that never went into the main net) already neatly supports that use case, with a maximum of 16 recipients.
Since our requirements include private groups – including member exclusion which is a milestone in our NGI Assure grant project – I included Mix Irving in the discussion, to check whether PPPPP accounts, tangles, and feeds would could accommodate private groups. The image below is a screenshot of a whiteboard session we had together.
The toughest requirement was making sure that group members are not publicly revealing themselves and their association with the group whenever they publish in the group. The solution in the end was to embed an encrypted message inside a public message. The outer message signed by the opaque "group account" and the inner message signed by the group member. You can read the whole description in this GitHub issue.
This was all done on paper without much code to show, because we can't use envelope-spec directly since it has some SSB-specific assumptions. But the plan is to implement a tweaked variant of envelope-spec (like how I tweaked secret-handshake).
Next steps? Delve into garbage collection, replication management, and then start implementing the full protocol in code. I'm excited to see how this will turn out!