Can we use Hive for encrypted communication, in a way that messages will remain safe even after quantum computing becomes widespread?
Introducing "Hive Post-Quantum Mail", Hive-Mail for short.
TL;DR
I've built a new protocol for encrypted communication based on the Hive blockchain which uses Kyber-1024, a "post-quantum" asymmetric encryption algorithm. In addition to quantum resistance, this new system has other additional advantages, such as not requiring transfer of funds or Active Key signing for sending encrypted messages. This system is already fully functional, but currently no GUI is available, only CLI.
GitHub address: https://github.com/hassemer-g/hive-mail/
Hive offers encrypted communication using encrypted memos attached to "transfer" operations. Here's a breakdown of what we already have:
→ Public Memo Key is derived from Private Memo Key using secp256k1 elliptic curve (same as used e.g. in Bitcoin)
→ shared secrets are built based on sender and recipient Memo Keys using ECDH [Elliptic Curve Diffie-Hellman]
→ the memo is encrypted using AES-256-CBC (an unauthenticated symmetric cipher)
The shortcomings of Hive's current encrypted memos system being:
→ user must necessarily transfer funds in order to send an encrypted message (even if only 0.001 HIVE or 0.001 HBD) — 😡 this is a huge annoyance
→ the Private Active Key is necessary to send encrypted messages (required for "transfer" operation) — 😈 this is bad for account security
→ the recipient of an encrypted message is publicly visible onchain
→ uses relatively weak authentication (4-byte checksum taken from hashed plaintext)
→ if the sender's Private Memo Key becomes compromised, an adversary can decrypt all messages sent by this user (that were sent using that private key)
→ the whole security falls apart if the private-public key system used by Hive is compromised (quantum computing [due to Shor's Algorithm] is expected to make secp256k1 for asymmetric key derivation obsolete) — 💀☠️ this means all encrypted messages sent using Hive Memo Keys will be vulnerable somewhere in the not-so-distant future, and will remain vulnerable even after the Hive adopts quantum-resistant cryptography chain-wide (only messages sent after such changes would be safe)
In sum, what does the new Hive-Mail have to offer?
→ onchain sending of encrypted messages with Posting Authority signing, without the need to send any funds
→ quantum-resistant encryption
→ recipient of messages not revealed onchain
→ messages remain safe, even if all the sender's keys (including his Private Post-Quantum Key) are compromised — because only the recipient can decrypt a message
How to use the Hive-Mail CLI?
The required Node.js libraries and other relevant infos are provided in the [brief] documentation at: https://github.com/hassemer-g/hive-mail/
The first step is creating an encrypted "message vault", just follow the console instructions. The process is straightforward and well explained in the console. When creating a vault, you will need to provide your Private Posting Key and Private Memo Key. You will also need to register at least one contact (i.e., another Hive account, with which you would like to communicate).
Once a vault is successfully built, you can send encrypted messages and search onchain for messages sent to you by your registered contacts. You can add more contacts at any time (choose "Alter save file").
In order to signal to someone that you would like to communicate using Hive-Mail, you can send to that person a traditional (transfer operation) encrypted message, which will be shown on the other user's account history. Just keep in mind, messages sent to you using Hive-Mail WILL NOT be shown in your account history; you will need to perform a search to get them (which is very simple).
In order to make this system work, I had to create a completely new key pair to be used by Hive accounts. I call it the "Post-Quantum Key". Just like any other key pair on Hive, there is a Private and a Public version of the Post-Quantum Key Pair. This new key is required for the quantum-resistant messaging Hive-Mail offers.
Whereas the Private Post-Quantum Key should be kept private (it is safely stored inside the vault), the Public Post-Quantum Key should be exposed onchain. I decided the best way to do this was to save the Public Post-Quantum Key in a Hive account's Posting Metadata. This also has the added advantage of requiring only Posting Authority to register or change your Post-Quantum Key!
Let's see an example, from my own account:
So, making it easier to read:
?tG/6e.uQ-P=?o+pD|Wc;1djm:PqCJ<v009DeeFiT}D7acXQ&XUoBgs_WVk]ZVqV[Fjsqc0%dBr#F`]ny*4nPpY!jdJR0J&>+D!Q%#N@c$=iZ!_]?:[[%P0Ru6Hv:7.7/T3/+yKIAOojT2g$@k/[+d01fyRiI3u)EI^yeR|*4oA|[BP^e2aDJq%bd(}Wne:JYjV8~F[2D=LHBSOlBFQvNjO!`A4NA8bSr<aXeYW!>O$u&y/73WDgZ5a)=1<I$8)sMDuO-Nr+sC:$1[&Mj[/_Kej[0E2L~vSi@dYH81{ep~Za+>Fo,|Hj];P?Vw9i-zb]&;D<_ZpL<uv&zJ8w}py|J5N.GT8QCS!-6sd,]ckI9!!G/cN<WE<tnu$cU(xJattLh!BK#kJS.DtVzI.>8UbA[6WDwA+dh!2^B{Bv!n((;bV7kr<O?Ex/`wX,ylOFmXhgf=>dNwcl)YF{_Cd)&64,+!sF|=G,+BaO;%O~(DRN<NrQ20?iro0<ET^:+4JINCE&2n{R/Xa=&lc[W)N8t|}fX9QmX7|yKa?fV?%$!A@_/[B##5-^$-=Isk~68+|);3U>grTfvbW4~nT6%N(d~]{#p,R0>f|ReZNN=)Fu+!TYdG2c?p0/.)Y8?M2Y8XLRkom#M!b5Krcx?pAZzO,cHy/&,lZ,kkQ9Oag@Jl)8z^VcpiHwsy1n&e[G2b]VA[j#Y/0E$nqa:Y}$X$?k{cV@kPA>)NeT+Q/P!Ay2a30_e3INQW*y$:g+C*e7[,5tiD(a}.xa}H|K9Ymn&1E^obfd*FV<}?cW]/em8EZo_)nQ4_7Cy.{OMV2X^gL{V1_9p$TQxw3ovp@$4rbddf]uEKzKN.&K1#+P_Ip&FA=w+mzT|yV=^/7{c}YU#j@}uU:L;;TDHo)+)_85q5bXPs@Mw%JTaDmh3tp0)^r0KNH!|h+BJ4y{O14wP&LEFZQvBtG:N5M&PYfzU9acF5u%~MYu]6(?u]qa[jIQtS`g.HRMH`HuDo^o{:<(|..J!:RTffC(doo4seNgD=lC_2R;1YUS5n`;H00^&Aqs8Cc?APO<L1-$+!0cPoq{zm+4b,UT1^sY^`t#V+Ue^Nm4u^C#,BcBFE_Mcd325x$o>9FdE~D$aQUE.+9IT{xBE;PZ4AWt9xCaZ%>::WSaxx*icDjEGB{[~10Ju8K9IxfH|n*N>g^lG+{]KyRH0s8:uPhY6L.a*[@]{O=)7?V.}DS7;S!m6z[zkkZ%ncnJt&_0|jQ^|UP`kYzH]m5<aOHpcG<[=OIp/cF/Q+v2.*(/C@ECs0ALBla*<S1YhI(V#QtS8U[t7%2G>r@wG3%B9u?S2j8_I;WNGndEBf[*5@S:K!q(;b).Cox8hsc$m[ZDuUJY!Va?Z<1DP;a;MKGgT~xis]:MaPcVhOK!k=$)Etm^,OxWkM1!~*jvBOj8ECY0U)Sk;BO3}4xcHt_A$Q?UrG8--DC-*fUWG$AdV)S%paa%i|S^59-F7!uK!PUDFp8N5xPPfr4I>8vvDqlQe(Qy3N,TR8eSSF2Hy<VBd#{k;eddq*I34zvQ6~2Uk9-.]Kl*lU0Nw4}cQ/[Q[n+ZbDLRqwJjct[M1G@0%#.hxpj/##&[}{7TC;Mz)i)MpI[E-C!4raxHtZ5Z<55n84qT;l@$`,>G/E{9z3}o~f$G^$6f;$`52uX,<vpJ]rAT,$&gP#ERoX5gd4g]uIQu9E,fbC_Mk!.7EjTUvS^J-n$![Z+P9+1McPg[Z@]LWc#dV`vs!c2vJEnA0tZ9~C5zV(<!${]FkVe!>mZAe21?gF|W))N0oX_p^5WkpQ~vewNbl_(ym|_9OW?+h&aDH;$C1:Z*8}Vj6U$0N)7rmGf`0nI5Jb>WEq1R0)c6eB/u+I^1pN^%1Y9;y9Die3As`E:H=o_&bE.}Zwk%%qiq0?w|7?HALu*vCo&bQ5h4-nbB
This absolutely lovely chunk of apparent gibberish is my current Public Post-Quantum Key. In order to maximise space efficiency, everything published onchain by Hive-Mail (including public keys and encrypted messages) is Base 91 encoded.
Post-Quantum keys are quite the brutes 💪🏻 A Private key has 3168 bytes, whereas the Public key (which is contained within the Private key) has 1568 bytes. No deriving of public keys from private keys using a point in a curve or anything of the like. Kyber is lattice-based, completely different from the asymmetric algorithms in use nearly everywhere today.
You can change your Post-Quantum key anytime you want, and your previous Private Post-Quantum keys are stored inside your vault, to ensure you are able to decrypt messages sent to you before you changed your key.
Onchain messages are encrypted using XChaCha20-Poly1305, an authenticated, reinforced version of the well-known ChaCha20 symmetric encryption algorithm.
Let's have a look at how an encrypted message onchain looks like:
Can any of you guys break this encryption and reveal the original message? 🙂
I know, I know, even regular Hive encrypted messages are still perfectly safe, up to now at least. The point being, Hive-Mail was built to offer robust security that will last.
That's it, I don't want to overextend this post. I hope you guys like this lil addition to our repertoire.
I for one think the best way for this new protocol to benefit the Hive community is to have it added to popular apps and UIs, such as the Hive Keychain (https://hive-keychain.com/ | @stoodkev), PeakD (https://peakd.com/), Ecency (https://ecency.com/ | @good-karma), etc.
Hey, let me and the rest of the Hive community know in the comments what you think of this creation! Suggestions very much welcome. Also, if you like, I could make more posts on Hive-Mail, delve into the detail of different aspects of this new feature on Hive.
Also, make sure to spread the word, if enough people endorse it, maybe we could have better communication functionalities added to Hive apps and websites someday.