Pages:
Author

Topic: [ANNOUNCE] Bitmessage - P2P Messaging system based partially on Bitcoin - page 7. (Read 89882 times)

hero member
Activity: 714
Merit: 500
Certainly, but I think their lack of adoption is part of the problem Bitmessage tries to solve. It's already possible to reproduce Bitmessage's functionality by sending GPG encrypted anonymous emails over Tor, but almost nobody does.

Bote: https://en.wikipedia.org/wiki/I2P#E-mail

Yeah of course.

My argument is that like encryption, designing an anonymizing P2P protocol is hard to do correctly. We see that BM has a pretty large attack surface and has scalability issues.

It would be nice if the development of BitMessage2 could follow a more scientific approach. Build upon previous and well tested work instead of pulling a scheme out of thin air.
hero member
Activity: 784
Merit: 1000
0xFB0D8D1534241423

Yes, and I2P has Bote, etc. Problems:

They are much heavier software with slower startup times and higher network load
No one-click setup
Java
Not specifically marketed as secure email

Bote?

Leaving implementation details aside, the 10+ years of research solving an extremely similar problem to Bitmessage is worth a cursory glance. Could their protocols not influence the design of BM?
Certainly, but I think their lack of adoption is part of the problem Bitmessage tries to solve. It's already possible to reproduce Bitmessage's functionality by sending GPG encrypted anonymous emails over Tor, but almost nobody does.

Bote: https://en.wikipedia.org/wiki/I2P#E-mail
hero member
Activity: 714
Merit: 500

Yes, and I2P has Bote, etc. Problems:

They are much heavier software with slower startup times and higher network load
No one-click setup
Java
Not specifically marketed as secure email

Bote?

Leaving implementation details aside, the 10+ years of research solving an extremely similar problem to Bitmessage is worth a cursory glance. Could their protocols not influence the design of BM?
hero member
Activity: 784
Merit: 1000
0xFB0D8D1534241423
For example, is there a reason why BM could not be implemented as a reliable-and-anonymous message channel by just building on top of a DHT such as freenet or similar? This would scale far better and we would not need to care about ACKs.
Freenet already has a mail system that does everything Bitmessage does, with stronger privacy protections.

Yes, and I2P has Bote, etc. Problems:

They are much heavier software with slower startup times and higher network load
No one-click setup
Java
Not specifically marketed as secure email
legendary
Activity: 1596
Merit: 1100
Exactly, this is what we are doing with Project Quixote.  Operates like skype. 

Spam is prevented by proof-of-work and reputation of sender.

Yawn Smiley  Try fidelity bonds and sacrifices.

hero member
Activity: 714
Merit: 500
How do you end up associating a person's user name in the network with a particular public key, without other peers attempting to also claim ownership of the same user name?

My guess is that this will be done via some namecoin alternative - BitName/BitDNS - https://bitcointalksearch.org/topic/bitnames-dns-auction-250612
newbie
Activity: 12
Merit: 0
I see no reason why BitMessage insists on addresses being a hash of the public key rather than the actual public key.  It isn't like anyone can remember or will manually type in the address.  This would allow you to get rid of the entire discovery step.

I believe this sort of hashing is helpful for spam prevention.  In a network of this type, an identifier is needed for determining whether or not a message is intended for a specific peer, so that the peer can then retrieve and decrypt it.  If a public key is used as an identifier, any peer could simply monitor the network, scrape these keys, and send out spam messages for the user to decrypt.  If a hash is used instead, not only can a peer still identify that a message is for him, but he can reject any messages that fail to decrypt properly, as a result of spam bots not knowing his public key.

With this is in mind, users still need a way of securely sharing public keys, while minimizing spam to the simplest of problems, that problem being whether or not you want to speak to someone.  I propose such a way in the Bitmask paper with regards to permission packets and identity profile messages.  Think of it as using skype, and only accepting communication from either those who have added you to their list of contacts, or vice-versa.

Exactly, this is what we are doing with Project Quixote.  Operates like skype.  

Spam is prevented by proof-of-work and reputation of sender.


How do you end up associating a person's user name in the network with a particular public key, without other peers attempting to also claim ownership of the same user name?
hero member
Activity: 714
Merit: 500
For example, is there a reason why BM could not be implemented as a reliable-and-anonymous message channel by just building on top of a DHT such as freenet or similar? This would scale far better and we would not need to care about ACKs.
Freenet already has a mail system that does everything Bitmessage does, with stronger privacy protections.

I have attempted to use Freenet's mail... it doesn't work!



I wasn't necessarily suggesting Freenet as a solution, (I for one have developed an irrational loathing of Java), but it does serve as one example of a well reviewed body of research that could be used as a basis for the development of a BitMessage2 protocol. There are plenty of others.
hero member
Activity: 770
Merit: 566
fractally
I see no reason why BitMessage insists on addresses being a hash of the public key rather than the actual public key.  It isn't like anyone can remember or will manually type in the address.  This would allow you to get rid of the entire discovery step.

I believe this sort of hashing is helpful for spam prevention.  In a network of this type, an identifier is needed for determining whether or not a message is intended for a specific peer, so that the peer can then retrieve and decrypt it.  If a public key is used as an identifier, any peer could simply monitor the network, scrape these keys, and send out spam messages for the user to decrypt.  If a hash is used instead, not only can a peer still identify that a message is for him, but he can reject any messages that fail to decrypt properly, as a result of spam bots not knowing his public key.

With this is in mind, users still need a way of securely sharing public keys, while minimizing spam to the simplest of problems, that problem being whether or not you want to speak to someone.  I propose such a way in the Bitmask paper with regards to permission packets and identity profile messages.  Think of it as using skype, and only accepting communication from either those who have added you to their list of contacts, or vice-versa.

Exactly, this is what we are doing with Project Quixote.  Operates like skype. 

Spam is prevented by proof-of-work and reputation of sender.
newbie
Activity: 12
Merit: 0
I see no reason why BitMessage insists on addresses being a hash of the public key rather than the actual public key.  It isn't like anyone can remember or will manually type in the address.  This would allow you to get rid of the entire discovery step.

I believe this sort of hashing is helpful for spam prevention.  In a network of this type, an identifier is needed for determining whether or not a message is intended for a specific peer, so that the peer can then retrieve and decrypt it.  If a public key is used as an identifier, any peer could simply monitor the network, scrape these keys, and send out spam messages for the user to decrypt.  If a hash is used instead, not only can a peer still identify that a message is for him, but he can reject any messages that fail to decrypt properly, as a result of spam bots not knowing his public key.

With this is in mind, users still need a way of securely sharing public keys, while minimizing spam to the simplest of problems, that problem being whether or not you want to speak to someone.  I propose such a way in the Bitmask paper with regards to permission packets and identity profile messages.  Think of it as using skype, and only accepting communication from either those who have added you to their list of contacts, or vice-versa.
legendary
Activity: 1400
Merit: 1013
I have attempted to use Freenet's mail... it doesn't work!
When did you try? There was a 0.1 version series that was basically useless, and a 0.2 series that works.
hero member
Activity: 770
Merit: 566
fractally
For example, is there a reason why BM could not be implemented as a reliable-and-anonymous message channel by just building on top of a DHT such as freenet or similar? This would scale far better and we would not need to care about ACKs.
Freenet already has a mail system that does everything Bitmessage does, with stronger privacy protections.

I have attempted to use Freenet's mail... it doesn't work!

legendary
Activity: 1400
Merit: 1013
For example, is there a reason why BM could not be implemented as a reliable-and-anonymous message channel by just building on top of a DHT such as freenet or similar? This would scale far better and we would not need to care about ACKs.
Freenet already has a mail system that does everything Bitmessage does, with stronger privacy protections.
legendary
Activity: 1680
Merit: 1035
I see no reason why BitMessage insists on addresses being a hash of the public key rather than the actual public key.  It isn't like anyone can remember or will manually type in the address.  This would allow you to get rid of the entire discovery step.

Easier to copy/paste than the huge public key, + possible deterrent to quantum computing?
hero member
Activity: 714
Merit: 500

I see no reason why BitMessage insists on addresses being a hash of the public key rather than the actual public key.  It isn't like anyone can remember or will manually type in the address.  This would allow you to get rid of the entire discovery step.


I agree completely.



The ACK can be delayed by several hours and thus no one would know who sent the ack...

You need link-level encryption, plus modify the broadcast algorithm to randomly pick only one of your peers to broadcast to first.   Your peer would randomly pick one other peer to broadcast to... if after X amount of time you have not received an inv from all of your other peers you pick another random peer from the subset that haven't acked and broadcast to them... everyone else is doing the same thing.

Then increase the connections-per-node to 32.

The result of this kind of broadcast is that a node that is 'connected to everyone' would only have a 1 in 32 chance of detecting the first broadcast, a 2 in 64 chance of detecting one hop removed, a 4 in 128 chance of first receiving the message after 3 hops.....   At this point it becomes clear that being the 'first to broadcast' something as seen from a peer connected to everyone becomes meaningless... and link-level encryption prevents outside observers from watching the propagation of the message.

The only remaining attack is to man-in-the-middle the ECDH exchange used to establish the link-layer encryption...


What frustrates me a little is that the problem of allowing Alice and Bob to communicate, anonymously over the internets, is by no means a novel problem. There is a metric-f*k-ton of material on the topic.

We also have fully implemented open source software such as Freenet / I2P that have been around for years.

Instead of reinventing the wheel completely, could BitMessage2 not build upon and improve existing, well tested, ideas?

For example, is there a reason why BM could not be implemented as a reliable-and-anonymous message channel by just building on top of a DHT such as freenet or similar? This would scale far better and we would not need to care about ACKs.


TLDR:  BitMessage2 should employ a more rigorous, scientific approach to its protocol design. It should relate itself to previous work and motivate each design decision.
hero member
Activity: 770
Merit: 566
fractally
This looks bad. Does this guy know what he is talking about? ... i think a lot of things have been sorted out already.


His main issues were concerns with scalability, some privasy issues regarding tracking ACK (acknowledgement) messages, etc, which Atheros himself claimed he's not even sure about (quote, "There is no clear defined line as I'm not even sure what the bottleneck will be (bandwidth? Disk IO? CPU? Memory?"). But overall he seemed to really like it as the first step to get things going. The TL;DR of his review was "Very neat system, that is very obviously in the very first stages of being developed, and it's great to see so many people giving serious critiques on it, and seriously working on trying to improve it.". Which is true.

I see no reason why BitMessage insists on addresses being a hash of the public key rather than the actual public key.  It isn't like anyone can remember or will manually type in the address.  This would allow you to get rid of the entire discovery step.

The ACK can be delayed by several hours and thus no one would know who sent the ack...

You need link-level encryption, plus modify the broadcast algorithm to randomly pick only one of your peers to broadcast to first.   Your peer would randomly pick one other peer to broadcast to... if after X amount of time you have not received an inv from all of your other peers you pick another random peer from the subset that haven't acked and broadcast to them... everyone else is doing the same thing.

Then increase the connections-per-node to 32.

The result of this kind of broadcast is that a node that is 'connected to everyone' would only have a 1 in 32 chance of detecting the first broadcast, a 2 in 64 chance of detecting one hop removed, a 4 in 128 chance of first receiving the message after 3 hops.....   At this point it becomes clear that being the 'first to broadcast' something as seen from a peer connected to everyone becomes meaningless... and link-level encryption prevents outside observers from watching the propagation of the message.

The only remaining attack is to man-in-the-middle the ECDH exchange used to establish the link-layer encryption...

 
legendary
Activity: 1680
Merit: 1035
This looks bad. Does this guy know what he is talking about? ... i think a lot of things have been sorted out already.


His main issues were concerns with scalability, some privasy issues regarding tracking ACK (acknowledgement) messages, etc, which Atheros himself claimed he's not even sure about (quote, "There is no clear defined line as I'm not even sure what the bottleneck will be (bandwidth? Disk IO? CPU? Memory?"). But overall he seemed to really like it as the first step to get things going. The TL;DR of his review was "Very neat system, that is very obviously in the very first stages of being developed, and it's great to see so many people giving serious critiques on it, and seriously working on trying to improve it.". Which is true.
legendary
Activity: 3431
Merit: 1233
Securty Now (Twit TV) did a podcast about BitMessage.  I am just now watching it, but it doesn't look favorable.

http://twit.tv/show/security-now/420
BitMessage has all the potential of becoming the first crypto currency that will really offer intrinsic value and will be backed by something. It is backed by a 100% reserve stored security of your Internet communication. It'll be the first anti-NSA (and the likes) currency. Good job NSA! You're the driving force and engine for developing secure Internet communication systems and protocols. Keep up building big computer centers! Cheesy
donator
Activity: 674
Merit: 523
This looks bad. Does this guy know what he is talking about? ... i think a lot of things have been sorted out already.
hero member
Activity: 770
Merit: 566
fractally
Securty Now (Twit TV) did a podcast about BitMessage.  I am just now watching it, but it doesn't look favorable.

http://twit.tv/show/security-now/420

Looks like he is quoting outdated critiques of BitMessage's early encryption.
Pages:
Jump to: