5.7 KiB
| sip | title | status | type | author | created | updated |
|---|---|---|---|---|---|---|
| x4 | Initial Status Protocol Overview | Draft | Standard | Adam Babik <adam@status.im>, Oskar Thorén <oskar@status.im>, Dean Eigenmann <dean@status.im> | 2019-04-18 | 2019-08-26 |
Abstract
In this document, we specify a secure and decentralized messaging protocol, onwards called Status Protocol, that is capable of running on the Ethereum network.
Protocol Layers
The Status Protocol stack consists of multiple protocols. In this document, we give a brief overview of each layer and what they provide. We also note any specific considerations when it comes to using these components together.
| Layer | Purpose | Technology |
|---|---|---|
| Data | End user functionality | 1:1, group chat, public chat |
| Security | Confidentiality, PFS | Double Ratchet |
| Privacy | Metadata protection | Whisper |
| P2P | Overlay routing, NAT traversal | devp2p |
Note that the Status Protocol was documented after the fact, which might lead to some inconsistencies or questionable design choices.
Data Sync Clients
Data Sync Clients specify a format of payloads exchanged between clients communicating using the Status Protocol. The robust and well-defined format is required in order to provide some security guarantees, for example, clients should not display messages that do not conform to the format, and allow the clients to upgrade the protocol safely in the future.
The well-defined format also makes it possible to support multiple types of conversations as well as multiple types of content.
Please refer to Initial Message Payload Specification for more details.
Data Sync Layer
MVDS is used for 1:1 and group chats, however it is currently not in use for public chats.
Conversational Security Layer
Conversational Security Layer provides various cryptographic properties:
-
Confidentiality - Ensure only intended recipients are able to read a message.
-
Integrity - No honest party will accept a message modified in the transit.
-
Authentication - Each participant in the conversation receives a proof of possession of a known long-term secret from all other participants. In addition, each participant is able to verify that a message was sent from the claimed source.
This assumes trust has already been established, see Initial Trust Establishment Specification.
-
Forward secrecy - Also known as perfect forward secrecy (PFS), gives assurance that session keys will not be compromised even if the private key is compromised. Also, compromising one session key will not result in compromising other sessions.
Note: The Status Protocol can work with PFS enabled and disabled. In the case of disabled PFS, the encryption is moved to the Privacy Layer and handled by Whisper. Whisper does not provide forward secrecy. This is a flaw of the original design which mixes security and private layer responsibilities. With PFS enabled, a message is encrypted twice.
Please refer to Initial Conversational Security Specification for more details.
Transport privacy layer
The purpose of the transport privacy layer is to hide metadata (provide darkness) that are always sent when communicating over the internet. In some cases, leaked metadata might be as dangerous as leaking the actual payload so it's important to reduce that.
The Status Protocol uses Whisper in version 6 as a privacy protection protocol. Whisper routes messages by broadcasting them to all connected peers so that identifying of the recipient is almost impossible (the sender is not equally protected, though). Read more about how Whisper achieves darkness.
Note: there is one more cross-layer dependency in the Status Protocol between the privacy and data layers. Whisper uses topics to reduce traffic and preliminarily filter out messages. However, selecting a topic depends on the type of the message that is a topic for 1-1 chat will be different from a topic for a public chat.
Please refer to Initial Transport Privacy through Whisper Specification for more details.
P2P layer
P2P layer allows various clients to securely communicate with each other through the internet in a decetralized fashion, envetually forming a peer-to-peer network. Due to our close relationship to Ethereum and the fact that Whisper is built on top of devp2p, we use devp2p as a P2P layer.
A client in order to rely a message needs to first find other clients (this process is called node discovery and is out of scope of this specification) within the peer-to-peer network. Then, the message needs to be properly routed handling obstacles like NAT traversal. All these things are handled by devp2p.
Censorship resistance
TODO
Dependencies between layers
As it was mentioned above, there are cases when two layers depend on one another:
- encrypting messages is done by the privacy layer instead of security layer
- the privacy layer needs to know some details of the payload to properly route it.
In the next version of the protocol, we will try to remove these dependencies so that all layers are orthogonal and if necessary there is a clean interface between one and another.