HushChat - Signal Protocol with zaddrs instead of phone numbers https://hush.is
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

141 lines
9.3 KiB

4 years ago
# HushChat - Signal-like Protocol on Hush
<img src="images/silentdragonlite.png" width="750">
4 years ago
## Features of HushChat:
* No phone numbers :lock:
* No centralized web servers :chains:
4 years ago
* No US-based or any kind of company/non-profit/organization :x:
4 years ago
* No Javascript/Electron in our desktop full or lite wallets :no_entry_sign:
* [Plausible Deniability](https://en.wikipedia.org/wiki/Plausible_deniability)
4 years ago
* Multiple layers of encryption, in-flight and at-rest :shield:
* Emoji Support :poop:
4 years ago
## What is HushChat Protocol ?
4 years ago
4 years ago
HushChat is a protocol which is a particular use case of HushList protocol and which sits on top of Hush Protocol, an improved Zcash Protocol. It is
4 years ago
inspired by the design of Signal Protocol and uses many of the same cryptography and ideas, but does not actually use any
code from Signal. For low-level details about HushChat Protocol see https://git.hush.is/hush/hushchat-protocol
4 years ago
## How do you start using HushChat?
Refer to our [HushChat Beta Guidebook](guide.md) to learn more.
4 years ago
## Is HushChat only compatible with HUSH mainnet?
No, it's designed to run on any compatible Zcash Protocol chain, including all [Hush Smart Chains](https://git.hush.is/hush/hush-smart-chains).
4 years ago
4 years ago
That being said, HushChat is being developed soley on HUSH mainnet. Other cryptocoins are encouraged to read our Free Software and port it to their codebases with appropriate licensing.
4 years ago
4 years ago
## Is HushChat a fork of Signal?
4 years ago
No. We do not use code directly from Signal, but the ideas from the protocol and ideas/concepts from the GUI interface.
For instance, Signal Protocol has a concept of "ratcheting" and so does HushChat. Ratcheting is implemented via <a href="https://libsodium.org">libsodium</a> secretstreams.
4 years ago
## Why not just use Signal?
4 years ago
Signal requires phone numbers and is a centralized service. HushChat is completely anonymous and decentralized and requires absolutely no metadata be given to any centralized third parties. Signal is also not fully open source, the backend servers are NOT OPEN SOURCE, and so, Signal should be considered "open core" and not fully open source. HushChat is Free Software! We are about your freedom, Moxie cares about his Silicon Valley friends.
4 years ago
## Is HushChat compatible with the new Hush Smart Chain DRAGONX ?
Yes, [DRAGONX](https://dragonx.is) is supported by default, as well as all Hush Smart Chains. GUI wallets that support HushChat on DRAGONX are in progress.
4 years ago
## How does it compare to Conceal (CCX) and LOKI chat systems (Session) ?
Glad you asked!
* Monero (CryptoNote Protocol) family coins have no encrypted data storage at the protocol level!
4 years ago
* Zcash Protocol coins have encrypted data at the protocol level via the memo field
* This means that Monero family coins are inherently inferior to build an encrypted chat system upon
* The encryption must be added at a higher level and really stands out, you know which transactions are chats
and which are not
* The design of HushChat is such that every normal HUSH transaction looks like a chat, and every chat
looks like the most common kind of Hush transaction. There is no way to tell if chat is being used in any
4 years ago
z2z transaction or not. This is caused ["plausible deniability"](https://en.wikipedia.org/wiki/Plausible_deniability) and also there is no way to know *how many*
4 years ago
people are being communicated with, another kind of plausible deniability.
* CCX and LOKI have none of the above properties, their systems are centralized and have very little privacy, if any.
4 years ago
* CCX + LOKI use Javascript/web tech extensively and HushChat avoids that stuff like a disease
4 years ago
## What kind of interfaces will there be to HushChat?
In order of (likely) development:
4 years ago
* Lite mode desktop ([SDL](https://git.hush.is/hush/SilentDragonLite/releases) )
* Full mode desktop ([SD](https://git.hush.is/hush/SilentDragon/releases) )
* Android Mobile ([SDA](https://git.hush.is/hush/SilentDragonAndroid/releases) )
4 years ago
The Lite mode desktop version is released.
4 years ago
## What is HushList?
HushList is a protocol first published in 2017, which describes how to use Zcash Protocol for various communications use cases,
including censorship-resistance: https://git.hush.is/hush/hushlist/src/branch/master/whitepaper/protocol.pdf
4 years ago
4 years ago
HushChat is basically one specialized way to use HushList Protocol, focused on near-real-time chat versus mailing list style
4 years ago
communicaitons. The world is increasingly chat-based versus email-based and HushChat is a response to that.
4 years ago
4 years ago
## Will HushChat store messages on the blockchain like HushList does?
Yes, data must be stored on-chain to have censorship resistance and HushChat can be thought of as a "flavor" of HushList.
Users may choose between storing data on the *public* Hush blockchain or their own [Hush Smart Chain](https://git.hush.is/hush/hush-smart-chains) (which could be public or completely private).
4 years ago
## Isn't it a bad idea to store private data in a blockchain?
It depends on the needs of the user. Currently, many users give all their information for free to various cloud companies
who constantly mine their personal data which can then be sold to advertising companies who want to influence thinking and purchases. These average users have a lot to benefit from controlling their data, wrapping it in multiple layers of encryption and enjoying censorship-resistance. For those with more strict needs (say a Healthcare company), a dedicated Hush Smart Chain
with access controls, such as needing to be on a certain VPN with a special user/pass to connect to the network, could be used.
Ultimately, to prove to others that something happened or to easily communicate with others, a public blockchain will be the primary use case. It also provides a meeting place for users to come together and then spin up their own Just-In-Time specific-use-case blockchains.
4 years ago
Additionally, if somebody is trying to say false things about you, selectively disclosing data that proves your innocence
can be very valuable. HushChat enables this use case.
4 years ago
4 years ago
## Are you rolling your own crypto like stupid people?
No. We use the industry standard libsodium to provide cryptographic primitives:
https://download.libsodium.org/doc/
4 years ago
Specifically, we use these parts of libsodium:
4 years ago
* Key Exchange
* Secretstreams
* Password Hashing API (Argon2id)
4 years ago
and potentially others. In terms of cryptographic hash functions, Blake3, Blake2B and SHA256 are used directly and internally by various libsodium functions.
4 years ago
## How does HushChat protect my privacy?
4 years ago
Glad you asked!! HushChat adds various layers of privacy on top of our "base" Hush Protocol (itself an improvement on Zcash Protocol), heavily using libsodium.
4 years ago
* Every HushChat has per-conversation encryption
* This means that every time Alice talks to a new Bob, they have unique encryption keys compared to every other chat.
* Every HushChat conversation constantly "ratchets"
4 years ago
* The shared keys to each conversation constantly change, providing "forward secrecy"
4 years ago
* If you can steal the secret keys to one chat, it won't decrypt future chats nor can you impersonate future chats
4 years ago
* HushChat Lite wallets have *FULL* wallet.dat encryption, leaving no plaintext accessible
* A wallet.dat at rest therefore has two layers of encryption, wallet-level and chat-level
4 years ago
* HushChats on the Hush blockchain have *three* layers of encryption, since the encrypted memo field is only visible to sender and receiver
4 years ago
* Every HushChat is additionally encrypted with a user passphrase, independent of wallet.dat private keys
* This means if your device is seized/liberated/stolen and your wallet.dat inserted in ChainAnalysis or similar blockchain analysis platform, your chats are encrypted blobs of useless information
* HushChats cannot be truncated, removed, reordered, duplicated or modified without being detected
* There are very strong encryption/decryption guarantees provided by libsodium secretstreams: https://doc.libsodium.org/secret-key_cryptography/secretstream
* HushChat, when used from a lite wallet, uses a randomly selected different server upon startup
* Unlike most existing lite wallets (such as Zcash), which have a hardcoded single centralized lite server, Hush wallets have many community run servers
* It's very bad for privacy for all users to talk to a single lite wallet, that means the lite wallet operator knows their IP addresses and transaction id's of ALL USERS. Additionally the ISP of the lite wallet knows all IP addresses talking to the server.
* In Hush, a new random server is selected when the wallet starts, and no one lite server operator has access to all the data, only a slice of it
## Signal Vulnerabilities
https://restoreprivacy.com/timing-attacks-on-whatsapp-signal-threema-reveal-user-location/
HushChat is not vulnerable to the above vulnerability because there are no delivery receipts in HushChat protocol. When Alice sends a message to Bob, she has no idea if or when it's ever delivered to Bob's wallet or if he reads it. This is a feature, not a bug.
Signal is also increasingly trying to be a ["social media app"](https://signal.org/blog/introducing-stories/) and encouraging people to leak metadata and promising them it will be deleted forever. Haven't we heard that before? Hush considers this a bug (possibly an attack) and not a feature.
4 years ago
## Where can I learn more?
Join us on [Telegram](https://hush.is/telegram) or our [Telegram Support](https://hush.is/telegram_support) channels.