By Taylor Gerring
[caption id="attachment_1201" align="alignright" width="320"] Image credit: flickr
It’s the question that’s been on my mind lately as news continues to unfold about the vast expanse of the United States’ spy programs. Email was never designed for the modern internet- made obvious each day our collective spam folders swell in size. There have been attempts at patching the system with things like SPF
, but they're band-aids on a bullet wound.
What we need is a whole new solution. We need an upending replacement protocol designed for the modern internet. Using lessons learned from Bitcoin, BitMessage was designed to address security and identity in the communication space, just as Bitcoin does with money. The big question is, “can it?” Let’s take a look…
What is BitMessage?
At a high level, BitMessage is an encrypted messaging protocol. But what makes BitMessage different from solutions such as PGP
is the principal of “Everyone Gets Everything”, or EGE. It’s because of EGE that BitMessage can not only mask message content, but also users themselves. Unlike email or instant messages which have definitive start and end points, no one can discover the intended recipient of a BitMessage, nor if it was received or read.
Part of what makes Bitcoin possible is the idea that your private keys “unlock” a transaction’s output script. BitMessage works the same way, but instead of the recipient being explicitly stated, you simply try to decrypt all messages and hope you succeed. If you fail, the message simply isn’t destined for you. EGE really is that basic, but in practice there are other factors that need to be addressed. As it turns out, those detractors have a legitimate cause for concern.
Before we get into that, let's talk about what BitMessage does and how it can be used. At its core, BitMessage allows users to send encrypted messages to each other. There are plenty of other places to get into the nitty gritty of the implementation, so I'll spare you the details.
But beyond basic private messaging, the BitMessage protocol allows for several other ways of interacting with identities. The first is a Broadcast, which works exactly as the name suggests. Users discover the channel password (which is the basis for the channel address) out-of-band, such as on a forum or through word of mouth. Anyone subscribed to the broadcast channel will receive all messages sent through that Broadcast address. Some example uses of broadcasts include news updates and blogging.
The other major functionality heralded by BitMessage is Channels, or "chans". These are similar to open, anonymous chat rooms. The identity of the sender is completely masked because everyone is using the same public key. It's like an open mailing list with no knowledge of the sender or receivers–—anarchy at its finest.
At its core, BitMessage strives to protect your identity. This is the ideal it holds in highest regard above all others, evidenced by the Passive Operating Mode section in the original whitepaper. One important aspect of encryption system is Perfect Forward Secrecy
. Because BitMessage doesn’t address PFS, the best current solution for preventing a future compromise from revealing all your communications is to encourage key rotation.
The problem is that although BitMessage is secure, it’s also completely public. And because anyone can maintain their own history of all messages ever seen, it’s conceivable that your keys could be compromised or the encryption could be broken such that all your prior communications would be totally compromised. This is understandably a huge concern. Ideally, BitMessage clients could manage this themselves where each conversation or message uses a different key pair, ensuring each message is totally independent of one another. This use of temporary addresses is known as ephemeral addresses and some implementation of this could accomplish the goal of Perfect Forward Secrecy one day.
If there are no central servers, how does BitMessage store messages? The answer is the same with other P2P servers: the peers handle the load. In the case of BitMessage, the network has a default 2 day retention policy. If the sender hasn’t received an acknowledgement of from the receiver, it’s up to the sender to re-compute the proof of work and re-broadcast the message. Having this hardcoded retention period obviously won’t fit all use cases and there are ideas floating around on how to implement a Time-To-Live component of messages. How this would affect the protocol and client is completely up in the air.
How could BitMessage possibly accomplish Everyone Gets Everything? There’s no way this could scale to handle the volume of email today. There are several protocol answer to this, including a spam-discouraging proof-of-work system, but the main approach BitMessage takes is to leverage streams.
Streams are a way for the BitMessage network to self-segregate when the volume of messages becomes too much. At that point, clients can create two child streams. This provides the foundation for a tree-like structure, which makes locating a particular stream fairly straightforward. The problem with the current EGE stream approach is that if you want to receive messages from addresses on other streams, you have to be a part of that stream yourself. There is no message passing between streams, so this has led to a whole list of new list of stream possibilities, each with it’s own discussion thread.
With no shortage of proposals, some aren’t waiting for BitMessage to adapt and instead are forging a new path by outlining a competing system. BitMask is one of those projects. In a whitepaper published on September 6, 2013, recent MIT graduate Tommy Anderson laid out in detail how he envisions “BitMessage 2.0”.
Starting with analysis of flaws in Ripple and then moving on to BitMessage, Tommy felt that BitMessage as an experiment had performed wonderfully, but its flaws were obvious. Instead of trying to patch it into compliance, a rewrite offered the rare opportunity to start from scratch. He calls the project BitMask and he thinks it’s what the community is looking for.
Remember EGE? BitMask is different in that all messages are made available to the network, but instead of everyone getting everything, everyone has access to everything. In order to mask your message requests, clients would request messages at random intervals, much like googling for random phrases to mask that embarrassing “Miley Cyrus twerk” search. This has the added benefit of verifying peers are not acting maliciously by ensuring the peering agreements about message storage aren’t being violated.
Additionally, ephemeral addresses are made a central part of the system by ensuring each message contains the next address. This provides Perfect Forward Secrecy such that if a private key is compromised, no other messages are compromised. And because they’re only used once, the client can throw them away for plausible deniability.
Among other features, BitMask removes proof-of-work requirements by leveraging bandwidth contracts between peers to limit spamming. So instead of being a slave to POW, the peers make an agreement amongst themselves, defaulting to the lower amount. It’s a fresh, perhaps libertarian, approach to a problem that plagues the lives of netizens daily.
But BitMask isn’t perfect. Bootstrapping is an area that this author would like to see improved. Many protocols rely on some hard-coded nodes to connect with in order to join the rest of the network. Having any central authority or trusted node goes against the ideals of the project, so research to decentralize and narrow trust are already under way.
Too many questions, not enough answers
Although Bitcoin is approaching 5 years of existence, it’s easy to lose sight of the fact that BitMessage is an inspiration from Bitcoin and published nary a year ago. The idea is laudable but ultimately incomplete in its current state. Through continuing feedback, the community seems to have identified the most painful points that need attention, but with a brand new implementation on the horizon, it might be in everyone’s best interest to start over with lessons learned.
Before BitMessage replaces anything, the community will need to work towards a more refined protocol and user experience. In the meantime, all eyes are on the secure messaging space with the field wide open for any new idea to capture the mindshare of crypto-nerds everywhere.