No server - no problem? How protected is a “decentralized” messenger from hacking

Since the advent of the blockchain, developers have sought to apply it literally in everything - from international payment systems to marriage contracts. Of course, the ideas of social services based on this technology were also offered: social networks, blogs, instant messengers.



For example, an instant messenger was implemented on the Voice platform, which clients of this blockchain can use. A developer Aaron Cox proposed a framework for creating blogs based on a block chain (the project was called Reprint).



What is the potential of social blockchain services? Will they replace the usual VK, Facebook, Telegram and Twitter? And if so, what will force users to choose them? IT expert Vadim Andryan says that the blockchain has much more opportunities to maintain confidentiality. And now, when users of social networks are increasingly thinking about protecting their personal data, this may be the main asset of blockchain projects.



Confidentiality as a trend



2014 is considered the heyday of mobile messengers: it was then that the real boom of these applications began, and the number of users of the most popular service, WhatsApp, reached half a billion.



In the same year, Telegram was named the fastest-growing startup in Europe: having started a year earlier, it scored an audience of several million users. The advertising campaign of the new project of Pavel Durov was held under the slogan “Taking back our right to privacy” (“Returning our right to privacy”).



Telegram caught the trend - the need for users to protect their data. It was formed because until 2013, data protection in messengers was not sufficiently reliable, and this led to a series of hacking accounts.



In parallel with how Telegram with its encrypted protocol conquered the market, in Germany they began the development of another secure messenger. It was the project of Vadim Andryan Crypviser - an instant messenger based on the blockchain and additionally protected at all levels.



Now the project team has already released a working version of the application and is preparing a commercial release of the platform, scheduled for January 2018. We will talk about how the messenger is arranged on the blockchain and how it implements the protection of user data.







Server is a vulnerability; decentralization is one of the stages of protection



Cryptographic protocols and technologies existed before the blockchain: these are SSL, VPN, PPTP and SRTP. But today they do not provide 100% security of transmitted data.



They use a model of hop-by-hop encryption with server-side encryption. This means that data encryption and decryption does not occur at the client application level, but at the server level. It turns out that the one who has access to the server has access to all the data. That is why such a mechanism is unreliable for use in mass communications.



Some instant messengers use end-to-end encryption on the user's side. In this case, two keys are used to decrypt data - public (which can be freely transmitted over the network) and secret (which is stored on the user's side and never leaves the device). But such a scheme does not provide complete security, because asymmetric encryption is also vulnerable: before encrypting any data, transferring it over the network, you need to get the user's key, and the key exchange still goes through the server. Therefore, the server - the main vulnerability.



In decentralized models, the likelihood of an attack from the server is excluded. As Vadim Andryan explains, in his messenger authorization is also decentralized and works on the principle of a cryptocurrency wallet.



However, the Crypviser team considered that these measures are not enough. Therefore, protection on the local device level (encrypted independent data storage) and user-defined local security functions were also added to the messenger: block access to the chat, hide the chat from the list.







Blockchain is open and data is closed



A question that many readers of this article will most likely have to do concerns the transparency of the blockchain . How can you transfer sensitive data through a system that is open to everyone? Here's how this is implemented in Crypviser: the word to Vadim Andryan .



“In fact, we do not use blockchain directly for data exchange. They go either directly from the user to the user, or in encrypted form through a proxy. A blockchain, we use to store part of the key. By itself, a part of the key located in the blockchain does not give anything. It serves as confirmation for the user that half of the key is not compromised. In the blockchain, you can check any cryptocurrency transaction - and here: you can check the integrity of the key at any time.



One part of the key is stored by the user, the other is in the blockchain . And for secure work, we came up with a cryptographic scheme in which the CVCoin token is involved. For example, for authentication, the user sends a part of the key along with the token through the blockchain, where the reconciliation with the second half of it takes place.



Only the owner of the secret key can “spend” the token by solving a special cryptographic “task” associated with complex calculations using CrypID. This means that the CV-server provides the validity of the first part of the user's public key, written in Blockchain.



To confirm and verify the first part of the public key, registered in the Blockchain on the user's side, the CV server in a similar way sends tokens to the user for authentication. The Crypviser application performs similar algorithms to verify the authenticity of the recorded part of its public key. Thus, the CV server and the user simultaneously authenticate half of the user's original public key. The security of the partial value of a public key recorded in the registry is ensured by other nodes using the data distribution function. "



Will the era of cryptomessingers come?



So, Crypviser developers spent more than three years to create a blockchain, a crypto-encryption system and a complex key mechanism for the protected messenger. In this case, the messenger is addressed to ordinary people - those who discuss in chat rooms an evening trip to the bar or send funny pictures. Do they need a multistage protection system?



As the statistics show, the trend is preserved: people still choose an instant messenger, which is positioned as “the safest”. Probably, soon there will be other services besides Telegram, which use this argument in their marketing strategy.



Elena Andreeva, Sergey Karpov