search

spacebarchat / server

Spacebar server - A reimplementation of the Discord.com backend, built with Typescript and love
https://spacebar.chat
GNU Affero General Public License v3.0
1.46k stars 252 forks source link

End to end encrypted channels #322

Open erkinalp opened 3 years ago

erkinalp commented 3 years ago

Encryption settings event

This is the event stored to store the encryption settings in the guild or channel.

{
  "id": event_id, // ID of the channel security settings event
  "guild_id": guild_id, // ID of the guild
  "channel_id": channel_id, 
  // ID of the channel (0: guild-wide default, 1: guild-wide with no per-channel override, all other values: actual channel IDs)
  "encryption_permission_mask": encryption_permissions, // a bitmask related to encryption-related permission
  "allowed_algorithms": array_of_algorithms, // array of allowed end-to-end encrpytion algorithm
  "current_algorithm": algo, // currently used encryption algorithm
  "used_since_message": message_id // the first message that uses this algorithm
}

The encryption permissions mask would look sth like this: 1<<0: enable end-to-end encryption 1<<1: enable double-ratchet encryption 1<<2: enable homomorphic encryption 1<<3: change allowed algorithms 1<<4: create encrypted threads within text channel 1<<5: defer valid-since time 1<<6: change currently used algorithm Those fields will inherit from guilds when unset, except used_since_message, which will be set by system when first message using that algorithm in the channel is sent and not allowed to be overridden. Encryption settings events should appear in the timeline as messages with a type of ENCRYPTION (type 50). The channel and guild objects will refer to encryption settings events using a encryption property, whose value is the ID of the encryption settings event. The server should not allow encryption settings events to be removed, as that would cause downgrade attacks.

Key exchange procedure

Security invariant

Once encryption is enabled you cannot disable it any more.

SamuelScheit commented 3 years ago

https://github.com/jitsi/megolm.js could be useful for implementing E2EE. And this is another suite for end-to-end message encryption, which implements IETF MLS standard: https://gitlab.matrix.org/matrix-org/mls-ts signal protocol

Pantyhose-X commented 1 year ago

fully homomorphic encryption https://github.com/google/fully-homomorphic-encryption Post-Quantum Cryptography https://csrc.nist.gov/Projects/post-quantum-cryptography/round-4-submissions https://github.com/open-quantum-safe/liboqs C library for prototyping and experimenting with quantum-resistant cryptography https://github.com/cloudflare/circl CIRCL: Cloudflare Interoperable Reusable Cryptographic Library https://github.com/open-quantum-safe/oqs-provider OpenSSL 3 post-quantum A Novel Image Encryption Scheme Based on Collatz Conjecture Encryption or decryption is done on the client side before uploading to the server. Encrypted audio dataset based on the Collatz conjecture A Novel Cryptographic Scheme based on the Collatz Conjecture