Overview
| Artifact ID: | 6155187d9c911796bed061b198a59c030ab35a41 |
|---|---|
| Page Name: | Experiment: mmmv_mail_protocol_t1 |
| Date: | 2018-10-17 23:32:56 |
| Original User: | martin_vahi |
| Parent: | aece95bf4360d2d60f964ef946053ce49134e3a3 (diff) |
| Next | 750bf2dec378230da4b0eab291e0a4330ceffe5d |
Content
Currently the mmmv_mail_protocol_t1 lacks any code.
Aims
- Hide metadata as much as one can think of, including who writes to whom and the message receiving time and the messaging frequency.
- Symmetric key encryption, where each encryption key has a unique ID and no user specific data fields. (In practice the fixed length IDs are not guaranteed to be unique, but that's something that the encryption software must be able to handle.)
- Cryptotext modifications should be detectable. In practice crypto software will probably include that feature. The mmmv_crypt_t1(TODO: add it to the Fossil repository) already has that feture.
The Protocol
Users U_1..U_n form a
complete graph G_u.
Graph G_uu is like G_u, except that each G_u unidirected edge is
replaced with 2 directed edges, one directed edge in each direction. Each of
the G_uu directed edges, E_g_uu_k, k inSet(1 to ((n*(n-1)/2)*2=n*(n-1)) )
id est k inSet(1 to (n*(n-1)), represents a virtual mail moving channel.
The users U_1..U_n have symmetric cryptography based one-time keys for each
E_g_uu_k. The one-time keys have a key specific probabilistically unique key_ID
and they do NOT contain any user-IDs. Each user has a database(It might be
an SQLite database)that pairs the
key_IDs of that user with the E_g_uu_k-s that exit or enter that user at the
G_uu.
The vertices of the G_uu, the users U_1..U_n, exchange messages by
uploading outgoing mail to the server and downloading incoming mail from the
server in batches of mail messages, where only some, if any, of the downloaded
messages are for the user that downloads the batch of messages. Users can not
delete messages from the server. The uploader of the message tells the server a
recommended_deletion_moment of the message and the server will delete the
message at will. For redundancy the same message can be uploaded to multiple
servers. Encryption of the communication between the G_uu vertices and the mail
server is outside of the scope of this specification, but it is assumed that
the eavesdroppers is able to determine, which of the G_uu vertices contacts the
mail server and the eavesdroppers are able to contact the server themselves and
query the list of messages that the server stores. Anti-DoS measures are
outside of the scope of this specification. To avoid revealing the fact that
one user sent a letter to another user, users upload messages, possibly batches
of messages, "addressed" to themselves at regular intervals and users download
batches of messages at regular intervals.
The mail Server API
The mail server implements some version of the following functions:
ht_upload_message(
x_message,
x_recommended_deletion_moment
)
ar_list_message_encryption_key_IDs(x_upload_start_moment,x_upload_end_moment,i_max_array_length,i_max_encryption_key_ID_length)x_download_messages(ar_encryption_key_IDs,i_max_individual_message_size_in_bytes)