Bitmessage

This product was added to computer science because of the content, defects on the quality assurance side of the editor. This is done to bring the quality of the articles from the computer science subject area to an acceptable level. Help us to eliminate the substantive shortcomings of this article and take part you in the discussion! ( ) Reason: The article has several shortcomings. Below is the disorder of the sections in the " Practical Relevance ," the ongoing comparison with " remail ", without mentioning other methods. Moreover, the article is written very talked in part and does not meet the linguistic level of a scientific article. Furthermore, the article is mostly only on the one thing is to make the record, but not how it does in individual cases. The encryption method used and an explanation of the " Streams" is completely absent. Information about existing implementations and a basic objective assessment of these is also missing. The " importance of Bitmessage project" contributes little to the article at and should be completely revised -. ISibboI (talk) 21:38 January 17th 2014 ( CET )

Bitmessage is a 2012 proposed encryption protocol to allow a completely confidential exchange of e- mail -like messages in a peer- to- peer network. The Initial Deployment and proposal comes from the bitcoin scene, which also accounts for the similar name.

The exchange encrypted and signed e -mails have been for the introduction of S / MIME and PGP possible (1995 and 1996), but this sender, recipient, subject line and the name of attachments remain unencrypted. At least naming the recipient's address can not be avoided, because otherwise you might not be delivered to the e -mail.

The fact that this is a limitation of privacy, a study of 1992., The authors identified common interests of 50,000 people from 31 countries, by observing the incoming and outgoing e -mail traffic of thirteen American and two European research institutions. A glance at the contents of the e -mails was not necessary to. It was sufficient to evaluate the sender and recipient addresses.

Opportunities for anonymizing e- mail has been around a long time. But in Bitmessage protocol specific properties of asymmetric encryption are first combined with a broadcast transmission, whereby the receiver can remain anonymous.

There is a sample implementation of the Creator of the Bitmessage protocol. The PyBitmessage program can be similar to use as an e -mail program after installation and allows participation in the global Bitmessage network.

• 2.1 Functional principle of competition 2.1.1 Example remailer cascade
• 2.1.2 Comparison of the functional principles

• 3.1 Access to Internet nodes
• 3.2 Access to the DSLAM
• 3.3 Attacks by peers
• 3.4 Resistance of Bitmessage Protocol
• 3.5 intrusion into the computer of a peer
• 3.6 vulnerability by " Traffic Analysis "

Principle of operation

Anonymity of the recipient

When Bitmessage protocol transmits an encrypted message no direct indication of the sender or recipient. It must therefore be sent to all participants of the Bitmessage network. A participant can determine by means of the HMAC method, if a message with one of his public key has been encrypted. If this is the case, he knows that the message is destined for him, and he can decrypt it.

If the Bitmessage network grows, the number of delivered messages will be large enough to avoid overloading the Internet connection of a single participant. Therefore, the network is divided in time into groups, called " streams". A Bitmessage message will then be sent only to the members of the stream in which the recipient is located.

Bitmessage addresses

Encrypts is with the public key of the recipient. The receiver is the only one who can decrypt the message again, because only he knows the corresponding private key.

As a recipient address of the RIPEMD -160 hash of the public key of the receiver is. Thus, the length of the address of 128 bytes is truncated to 20 bytes. In order to obtain the public key of the recipient with the hash, a participant may ask the relevant stream with a special message for it.

The fingerprint is used together with the number of streams, in which the receiver is converted into a letter and digits that you can write down on a piece of paper or dictate on the phone, for example:

BM- 2nTX1KchxgnmHvy9ntCN9r7sgKTraxczzyE The prefix " BM " identifies the string as Bitmessage address. The Base58 encoding ensures pressure and pronounceable character and to errors caused by the confusion of I and l, or exclude 0 and O.

Properties of Bitmessage addresses

A Bitmessage address is similar to Cinderella's shoe. The young woman had left the prince a shoe that just suited her. She could prove the prince that she had been the masked dancer. You could also remain anonymous if they wanted to. Without their cooperation, the prince could not locate it.

But there ends the parallel: In order to identify them, the Prince had a public call in the UK spread: " With whom I danced? Please let me know! "It made ​​themselves countless young women. If they had done by Bitmessage protocol, he could see Cinderella's response to the signature. Each Bitmessage message contains the signed plaintext public key with which the signature can be checked. From the public key of the Prince could calculate the Bitmessage address in order to compare them with the address that the masked dancer had left him. But if she had actually left him a Bitmessage address, he would be able to encrypt the " public appeal", and then alone her answer would have suffice as proof.

These properties of the Bitmessage network arising directly from the properties of public and private keys, as they are used in S / MIME and OpenPGP for years. It just had someone come up with the idea to combine them with a broadcast transmission.

Importance of Bitmessage project

Ever since the aforementioned 1992 study is always pointed in the context of encryption of e -mails that they alone are not sufficient to ensure complete privacy. To remedy is usually referred to anonymizing remailer and other anonymizing services.

Function principle of competition

The principle of operation of all of these services based on the fact that the origin of the e -mail is veiled. In particular, the IP address of the sender is disguised. Because the IP address can be assigned to the customer of an Internet provider. The Internet provider to publish this information not ( with dynamically assigned IP addresses ), but he needs it in case of suspicion to investigation agencies give out. And of course there is the possibility that it is passed secretly from an employee.

Example remailer cascade

Therefore, the e-mail is sent without sender's address to a remailer, which forwards it to the recipient. The recipient gets to see only the IP address of the remailer.

An attacker who observes the incoming traffic of the remailer, but would be able to associate the email to the sender or its IP address. Therefore, the sender needs to encrypt the e-mail together with the receiver address before it sends it to the remailer. Decrypts the whole and sends the e-mail to the recipient.

The observer might assign the incoming encrypted e -mail the outgoing unencrypted e -mail but because they are close to each. Therefore, the remailer collects many incoming emails from different senders and sends them in wrong order again.

In this approach, the sender must trust the operator of the remailer. To prevent the remailer experiences himself, who communicates with whom, several remailers can be cascaded. Here, the individual remailers are possible in the possession of independent operators in different countries.

To send an e -mail through a cascade of remailers, the sender encrypts the recipient address and the contents of the e -mail with the public key of the last remailer. The result and the address of the last remailer he encrypted with the public key of the second last remailer. He continues until he has the result finally encrypted with the public key of the first remailer. The whole he then sends to the first remailer, which removes the outer encryption, and as the recipient address finds the address of the second remailer. The way by the cascade of a layer of encryption is removed after the other until the plaintext finally reaches the receiver (see, onion routing ).

To find out who who sends an e -mail here, the operators of all remailers must cooperate with each other. If only one of the operators is not cooperating, the anonymity of the sender is preserved.

If the sender wishes to have in the same way an answer, he must refrain to remain anonymous to the recipient. Then he writes a reply address in the e -mail and must encrypt it, of course, because otherwise would someone who observes the output of the remailer cascade, learn who is communicating with whom here.

If the sender and recipient to remain anonymous both for each other, significantly more complicated structures are needed (see Mix). Therefore it is often waived.

Comparison of the functional principles

While it is easiest in the described method and its variants to anonymize the sender, it is the Bitmessage protocol easiest to anonymize the recipient. The receiver simply does nothing which he might betray himself. He assumes, like all other participants, only passively receive all messages. To identify the recipient, you'd have to break into his computer.

The sender, on the other hand, in front of the receiver is not anonymous. Because the receiver knows from which IP address it has received the message. If the receiver but does not make public the knowledge thus obtained, the sender remains all bystanders against anonymous, in the sense that no one can get in touch Bitmessage his address with its IP address.

The developer of the Bitmessage Protocol has set itself the goal to completely eliminate the association between Bitmessage address and IP address. Also, the receiver is the IP address of the sender can not find out. Of which more below.

The simplicity of Bitmessage

The importance of Bitmessage protocol is its simplicity. The more complex a security architecture, the harder it is to eliminate vulnerabilities is.

For the remailer cascade has the advantage that it can be integrated into the existing e- mail infrastructure. The DNS name resolution, the usual e -mail programs, mailboxes on the servers of a mail service ... all that can be further use. And above all, is pretty much anyone who has an internet connection, available by e-mail.

As peer-to -peer network, however, has Bitmessage the charm that it does not rely on this whole infrastructure. Since, for example, does not require the DNS, the participants can not be victims of DNS spoofing. To be prevented while DNSSEC in future, but thereby the complexity of the whole system is further enhanced.

A Bitmessage network is so clear that one can hope to really make it "waterproof".

Echo in the professional world

The developer of the Bitmessage Protocol, Jonathan Warren, has been inspired by the protocol of the Bitcoin network. He is not an expert in cryptology. (At least he has committed outspoken rookie mistake. ) But the simplicity of the Bitmessage protocol should exert a great attraction for professionals who have dealt with the older method for anonymization. Judging by Google hits, the project to date (29 March 2013) seems to have been perceived only in the bitcoin scene.

Practical Relevance

That someone observed, when, how often and with whom exchanged e- mails, is not just a theoretical possibility. In Echelon project, for example, the satellite relayed e -mail traffic is observed. In PRISM communications service providers are obliged to recording of metadata (eg sender, recipient and time of e- mail). And with tenses are, inter alia, transatlantic submarine cable tapped.

Access to Internet nodes

The Internet consists of more than 37,000 autonomous networks that are coupled together as the sailboats in a crowded marina: The sailors from the last boot must climb over on the other boats to go ashore. Similar is the path taken by the data packets through the Internet. ( The command line program Traceroute, or tracert on Windows, can understand that. )

The operators of the Autonomous networks will exchange their data streams at key Internet nodes. On the DE- CIX in Frankfurt, for example, operate 480 companies have their router. Accordingly, many people there have access. Therefore, no Internet service provider guarantees the integrity and confidentiality of the data traffic.

Access to the DSLAM

To make the copper cable between the DSL modem and the DSLAM a customer of the network operator as short as possible, the DSLAM are increasingly from the exchange in a cabinet on the road laid (so-called outdoor DSLAM ). There could observe or manipulate without the notice on the Internet traffic of residents of several streets.

Attacks by peers

An attacker could mingle with the participants of the Bitmessage network and operate one or more manipulated Bitmessage clients. The possibilities are arising thereby unknown.

Resistance of Bitmessage Protocol

According to Jonathan Warren Bitmessage to be resistant to all of these attack scenarios. He assumed that an attacker can not control all peers or their Internet connections.

He also assumes that someone who has access to a central Internet hub, has not also have access to the Internet connections of individual participants. Why is unclear.

Intrusion into the computer of a peer

Much more likely than the interception of a DSL connection is to break into the computers of a Bitmessage - user over the Internet. An attacker who is able to get a private key in this way, not only can subsequently decrypt all previously received with the associated Bitmessage address messages. He also finds signatures to prove the authorship of the individual sender.

It does not help the victims even if the messages were deleted after reading, because these messages are earlier hiked in encrypted form through the Internet, where the attacker could record them. So Bitmessage are not fit off-the -record exchange messages whose existence will deny the parties afterwards. This weakness shares Bitmessage with S / MIME, PGP and other applications of asymmetric encryption.

Vulnerability through " Traffic Analysis "

The operating principle of Bitmessage network is actually very old. Long before there was the Internet, it has been used in the military field. Even then encrypted messages were delivered via broadcast, namely by radio. ( At that time, however, only symmetric encryption methods have been used. ) From military history, you can learn how an attack on the other hand looks like.

The attack is called Traffic Analysis. The recognized reliable protection against this is to generate a constant stream of uniform size encrypted messages that normally have no content, but these are replaced by meaningful messages when necessary. Larger texts have to be distributed across multiple messages.

From this technique, both the Bitmessage protocol and its competitors are far away.