Topic: [ANNOUNCE] Bitmessage - P2P Messaging system based partially on Bitcoin - page 7. (Read 89814 times)

Yeah of course.

My argument is that like encryption, designing an anonymizing P2P protocol is hard to do correctly. We see that BM has a pretty large attack surface and has scalability issues.

It would be nice if the development of BitMessage2 could follow a more scientific approach. Build upon previous and well tested work instead of pulling a scheme out of thin air.

Certainly, but I think their lack of adoption is part of the problem Bitmessage tries to solve. It's already possible to reproduce Bitmessage's functionality by sending GPG encrypted anonymous emails over Tor, but almost nobody does.

Bote: https://en.wikipedia.org/wiki/I2P#E-mail

Bote?

Leaving implementation details aside, the 10+ years of research solving an extremely similar problem to Bitmessage is worth a cursory glance. Could their protocols not influence the design of BM?

Yes, and I2P has Bote, etc. Problems:

They are much heavier software with slower startup times and higher network load
No one-click setup
Java
Not specifically marketed as secure email

Yawn   Try fidelity bonds and sacrifices.

My guess is that this will be done via some namecoin alternative - BitName/BitDNS - https://bitcointalksearch.org/topic/bitnames-dns-auction-250612

How do you end up associating a person's user name in the network with a particular public key, without other peers attempting to also claim ownership of the same user name?

I wasn't necessarily suggesting Freenet as a solution, (I for one have developed an irrational loathing of Java), but it does serve as one example of a well reviewed body of research that could be used as a basis for the development of a BitMessage2 protocol. There are plenty of others.

Exactly, this is what we are doing with Project Quixote.  Operates like skype. 

Spam is prevented by proof-of-work and reputation of sender.

I believe this sort of hashing is helpful for spam prevention.  In a network of this type, an identifier is needed for determining whether or not a message is intended for a specific peer, so that the peer can then retrieve and decrypt it.  If a public key is used as an identifier, any peer could simply monitor the network, scrape these keys, and send out spam messages for the user to decrypt.  If a hash is used instead, not only can a peer still identify that a message is for him, but he can reject any messages that fail to decrypt properly, as a result of spam bots not knowing his public key.

With this is in mind, users still need a way of securely sharing public keys, while minimizing spam to the simplest of problems, that problem being whether or not you want to speak to someone.  I propose such a way in the Bitmask paper with regards to permission packets and identity profile messages.  Think of it as using skype, and only accepting communication from either those who have added you to their list of contacts, or vice-versa.

When did you try? There was a 0.1 version series that was basically useless, and a 0.2 series that works.

I have attempted to use Freenet's mail... it doesn't work!

Freenet already has a mail system that does everything Bitmessage does, with stronger privacy protections.

Easier to copy/paste than the huge public key, + possible deterrent to quantum computing?

I agree completely.



What frustrates me a little is that the problem of allowing Alice and Bob to communicate, anonymously over the internets, is by no means a novel problem. There is a metric-f*k-ton of material on the topic.

We also have fully implemented open source software such as Freenet / I2P that have been around for years.

Instead of reinventing the wheel completely, could BitMessage2 not build upon and improve existing, well tested, ideas?

For example, is there a reason why BM could not be implemented as a reliable-and-anonymous message channel by just building on top of a DHT such as freenet or similar? This would scale far better and we would not need to care about ACKs.


TLDR:  BitMessage2 should employ a more rigorous, scientific approach to its protocol design. It should relate itself to previous work and motivate each design decision.

I see no reason why BitMessage insists on addresses being a hash of the public key rather than the actual public key.  It isn't like anyone can remember or will manually type in the address.  This would allow you to get rid of the entire discovery step.

The ACK can be delayed by several hours and thus no one would know who sent the ack...

You need link-level encryption, plus modify the broadcast algorithm to randomly pick only one of your peers to broadcast to first.   Your peer would randomly pick one other peer to broadcast to... if after X amount of time you have not received an inv from all of your other peers you pick another random peer from the subset that haven't acked and broadcast to them... everyone else is doing the same thing.

Then increase the connections-per-node to 32.

The result of this kind of broadcast is that a node that is 'connected to everyone' would only have a 1 in 32 chance of detecting the first broadcast, a 2 in 64 chance of detecting one hop removed, a 4 in 128 chance of first receiving the message after 3 hops.....   At this point it becomes clear that being the 'first to broadcast' something as seen from a peer connected to everyone becomes meaningless... and link-level encryption prevents outside observers from watching the propagation of the message.

The only remaining attack is to man-in-the-middle the ECDH exchange used to establish the link-layer encryption...

 

His main issues were concerns with scalability, some privasy issues regarding tracking ACK (acknowledgement) messages, etc, which Atheros himself claimed he's not even sure about (quote, "There is no clear defined line as I'm not even sure what the bottleneck will be (bandwidth? Disk IO? CPU? Memory?"). But overall he seemed to really like it as the first step to get things going. The TL;DR of his review was "Very neat system, that is very obviously in the very first stages of being developed, and it's great to see so many people giving serious critiques on it, and seriously working on trying to improve it.". Which is true.

BitMessage has all the potential of becoming the first crypto currency that will really offer intrinsic value and will be backed by something. It is backed by a 100% reserve stored security of your Internet communication. It'll be the first anti-NSA (and the likes) currency. Good job NSA! You're the driving force and engine for developing secure Internet communication systems and protocols. Keep up building big computer centers!

This looks bad. Does this guy know what he is talking about? ... i think a lot of things have been sorted out already.

Looks like he is quoting outdated critiques of BitMessage's early encryption.