Skip to content

Adding berty messenger

Pseudo Nym requested to merge github/fork/sharp-tailed/pr-16-add-berty-messenger into master

berty

Add Berty, the decentralized and metadata-minimizing messenger for all adverse situations.

Warning: Berty is still under active development and should not be used to exchange important data.

"Berty is an open, secure, offline-first, peer-to-peer and zero trust messaging app."

Berty is an anonymous, secure, peer-to-peer protocol that doesn’t need an internet connection to function.

  • No phone number or email required to create an account
  • End-to-end encryption (E2EE) used to encrypt all conversations
  • Focus on leaking as little metadata as possible
  • Decentralized, distributed, serverless
  • No consensus, no blockchain
  • No internet connection required (uses the BLE technology and mDNS)
  • Free forever, no data stored, transparent code, open-source

Account creation steps

  1. Generate Account ID Key Pair. This operation will not be repeated. This key pair is the identity of the account, hence it is not possible to change it.
  2. Generate Alias Key Pair. Operation will not be repeated. More details on Alias Key Pair in Alias Identity.
  3. Generate Device ID Key Pair on device used for account creation. This operation will be repeated on every new device. See Linking Devices for more information. This key pair is the identity of the device.
  4. Generate Public RDV Seed. The RDV Seed is used to generate an RDV Point to receive a Contact Request. See Adding Contacts for more information. This operation can be repeated anytime.
  5. Since there is no central directory, it is not required to have access to the Internet in order to create an Account and send/receive a contact request. If two users create their Account offline and then connect via direct transport, they will exchange their public rendezvous points (used for contact requests) and will therefore be able to add each other as a contact.

Security

  • End-to-end Encryption: In the Berty Protocol, all communications are fully end-to-end encrypted using Symmetric-key Ratchet . Every time a user wants to send a message to someone, a Message Key is derived from their Chain Key using HKDF . The HKDF also updates the Chain Key after each derivation. The Message Key is then used to encrypt the message and will not be reused to encrypt other messages. Each member’s device within a group has a different Chain Key. The Group ID is included in the parameters of the HKDF to make the derived keys context-specific . At the beginning of the conversation members share their device’s Chain Key with the other participants. To decrypt messages sent by other participants, they have to follow the same process and derive the Message Key from the Chain Key of the sender with the HKDF for every message they receive.
  • Forward Secrecy: New members are not able to decrypt messages sent before their arrival because the Symmetric Ratchet Protocol grants Forward Secrecy. Indeed, it is not possible to revert a Chain Key into a previous state once it has been derived with the HKDF, and thus it is not possible to obtain a Message Key older than the current Chain Key.
  • Metadata Protection Instead of a directory linking public keys to personal data such as telephone numbers, the Berty Protocol uses a combination of TOTP and a public key to generate rendezvous point addresses and register its users on IPFS, who can later be contacted by peers wishing to communicate.
  • Open-Source: Berty is currently developed by Berty Technologies, a French nonprofit organization:

We want to contribute to a world where free and secure communications are common and fear of censorship or surveillance are not. We believe that open-source is more secure, as anyone can examine the code and improve it: this is why we rely on and build open and free software. As the founding team, our ultimate goal is to progressively relinquish control over Berty and to make it become a truly global community project. More info on berty/community.

  • Cryptography:

Most of the crypto libs used in the Berty Protocol are packages included in the standard Go library:

Changes

  • Add Berty to messaging apps chart

References:

FOSS project: https://github.com/berty/berty - https://berty.tech/blog/open-source Security overview: https://github.com/berty/community/blob/master/SECURITY.md Blog post from Berty Tech when they opened their source: https://berty.tech/blog/berty-not-war-ready

Merge request reports