Protocol upgrade for new features #1612
Labels
No Label
bug
build
dependencies
developers
documentation
duplicate
enhancement
formatting
invalid
legal
mobile
obsolete
packaging
performance
protocol
question
refactoring
regression
security
test
translation
usability
wontfix
No Milestone
No project
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Bitmessage/PyBitmessage-2024-12-21#1612
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Rationale:
The protocol needs to be upgraded to allow for things like forward secrecy and anonymity,, compressed pubkeys. Issues mentioning forward secrecy: #454, #833, #1015 forward anonymity #563.
Furthermore, the current use of pubkey/getpubkey objects has some drawbacks, as pointed out by @gmaxwell (see thread e.g. here: https://www.reddit.com/r/bitmessage/comments/g2u4a5/how_bitmessage_keeps_your_anonymity/fnr5zry/ ). He proposes including the public key inside the address.
Summary of pubkey/getpubkey mechanism drawbacks:
Summary of advantages of pubkey/getpubkey mechanism:
There are some other minor issues, e.g. there is currently no signalling of support of extended encoding in the protocol, the hashing algorithm used for ECDSA signatures (SHA1 vs SHA256). The behavior bitfield is in my opinion unnecessarily long (4 bytes).
Proposal
I think it makes sense to modify the protocol (new message and broadcast versions) to:
Pubkeys can still be added in the future, for example as a helper for PFS. A node could refresh pubkey objects if the collection of prekeys (if we're using something like X3DH) or other data that is used for deriving session keys expires or are used up. Without PFS they probably aren't necessary, and even with PFS, the mechanism could allow reuse of long term key for the initial contact only.
PFS will most likely be implemented later, as the exact method has to be chosen, and also a suitable library, as I'm not sure OpenSSL is sufficient for any existing PFS mechanism.
A more detailed specification will follow later. I'm collecting feedback now.
@mirrorwish @DanielKrawisz @Erkan-Yilmaz @AyrA @Atheros1
When considering a protocol update, you may want to have a look at libp2p and their protocol concepts for versioning, negotiation and addressing.
You may want to look at libp2p's Peer-Ids and multibase prefixes
You may want to have a look at multihash encoding
pyelliptic is officially deprecated: https://github.com/yann2192/pyelliptic/issues/50#issuecomment-297018932
Unforunately this would be just a change for no good reason and break backwards compatibility as far as I can see. I did a research a couple of years ago what to replace the threaded network model with and decided to go with asyncore. Bitmesasge protocol has versioning as well as negotiation of features during the handshake. The concept of addressing as it's described in the link doesn't seem to make any sense for bitmessage.
You need to consider also that the priority of Bitmesasge is anonymity, and some concepts used by other protocols need to be avoided for this reason.
Peer ID breaks anonymity. Multibase prefix wouldn't affect extended encoding because it happens at a different layer.
A couple of years ago I analysed available encoding libraries, collected feedback and decided to go with msgpack. I see no reason to change it now again.
Again, the issue with extended encoding signalling happens on another layer (recipient rather than node), plus at the time when you're sending the message, the easier options won't always provide you with the signal at the time of sending. I think that only a version bump for message/broadcast, or if bitfields are moved to the address would solve this correctly. An address version needs the communicating parties to notify of the change and there is currently no provision in the protocol to do that, so using it just for the signalling of extended encoding I find too rash.
PyBitmessage uses its own fork which has updates for different versions of OpenSSL, blind signatures and so on.