@alshafei@simplex this is great, thanks for posting it! Always glad to see improvements in privacy protocols, especially when that includes metadata.
This can almost be used as the transport for a social media system to replace FB private posting. The piece missing is efficient one-to-many message delivery; right now their group messaging is limited to small groups since (as I read it) the full message is encrypted and sent to each recipient separately. Ideal would only require one upload per message, which the receiving server would then fan out to the recipients. You can do this while keeping e2ee by encrypting the full message once, then encrypting that decryption key for each recipient, for a total overhead of 32 bytes of encrypted key material per recipient. (Maybe this already happens and I missed it.)
A smaller concern is that if there's only one server on the delivery path (i.e. 2 hops) then that server sees the IP addresses of both the sender and the recipient. Using Tor mitigates this.
@alshafei@simplex the group fanout I mentioned earlier could also be done efficiently through arbitrarily long delivery paths.
Anyway, I've implemented a protocol to do all this, but SimpleX looks better. I hope more apps are written using it, and the protocol continues to be developed.
On groups, for most public, open-to-join groups e2e encryption is needed to protect participation, not content, so we don't need pairwise ratchets between members here - we're developing the new design based on super-peers that'll do broadcasting. e2e encryption between members can indeed be added later to that design.
Add comment