Steem Messenger V0.0.4 : Lara, Triple Dose Algorithm, and many more !

in #utopian-io7 years ago (edited)

The Steem Messenger™


What is the project about?

Steem Messenger™ is about convenience, security, and privacy. Many Steem users decided to use chats mediums like Discord, and Steemit.chat. Steem Messenger enables a secure and fast instant messaging interface between users on the Steem blockchain, without the need to trust your recipient, or any other third party.

To make this secure and private, we use what we call the Triple Dose Algorithm™. Because your data is important, we carefully apply this algorithm to all messages in the network, which gives us confidence about the security and privacy of interactions between you, users, frontends, and the database.

This project is more than messaging. It is about data transfer of any type. With Steem Messenger™, you will now soon be able to chat, make a phone call, video calls, all securely, and with a great level of privacy. But not only ! You could also connect a smart object to the network, give it a username, and it would be a secure, fast, and private way to send intructions to that object. A Steem IoT ? Why not !

Our database is permissioned, and can be opened for developpers to create any frontend for it. For doing so, we created Lara™, a special module that will act as the trusted intermediary of the network.


(Credits : @happydaddyfr CC-BY-NC-ND)

The project is still in developpement stage, but has a private beta. If you wish to test the application, feel free to contact me on Discord @Kingswisdom#7650.

Technology Stack

We use a powerful implementation of the memo.encode function readily available on the SteemJS lib. We use Javascript/HTML/CSS for the front-end, and NodeJS for the server side.

To support high traffic volume, for scalability, and to avoid hurting our beloved Steem Blockchain, we decided to use a non-relationnal database (NoSQL), MongoDB, for it's convenience and performance.

We modified our encryption system, and now, we use a 3 passes encryption protocol (the Triple Dose Algorithm™), which allow our database to be as safe as the Steem blockchain.

Our database is permissioned, and every application that will connect to it in the future will have to respect the required protocol in order to CRUD (Create, Read, Update and Delete) on it, otherwise, it will not get any permission. This protocol respects users privacy, and gives the database it's secure nature. In order to achieve this, we created a module called Lara™, which will act as the trusted intermediary between users, and frontends using our shared database.

Features


  • Instant Messaging
    As Steem Messenger™ is off-chain based, we can play around the block time limitation (3 seconds per block), and we don't need to constantly stream the blockchain to find if you just received a message. Every time you receive a message, a notification sound will occur, so you'll never miss one !

-Data transfer
As we don't rely on transfers to send messages securely, we can also play around the memo size limitation (2kb), which gives us the ability to theoretically send any size of file. We thus added the possibility to encrypt images and files and to send them to your recipient. Note that it can take quite a lot of time to encrypt a large size image, so we restricted the size limit to 100 Kb for the moment. Files are not stored on our database for the moment, which means your receiver will only receive them if he is connected. It also means when you disconnect from the app, or refresh the page, the image will disappear from the chat.

  • A new and unique encryption key
    On your first login, you will automatically generate a new pair of encryption keys. This key will serve for your messages encryption only, and will never leave your computer. We're thus proud to introduce the Steem Messenger™ pair of keys !

  • An original way of verifying your identity on the Steem Blockchain
    To make the database truly secure and permissioned, we decided to use the memo pair of keys. When you send a message, you also send your private memo key to check your identity. This will preserve the database integrity, and makes it the first permissioned database on Steem ! It will also gives us the ability to prevent someone using your private key if your memo key was leaked on the Steem blockchain. We will never store or access any data/token/hash of your key on the Steem Messenger™'s server, nor on Lara™'s server. No MITM (Man In The Middle), no identity theft.

  • 3 passes encryption
    With a clever use of the steem.memo.encode function, we achieved to build a real and unique by design end to end encryption. Every bit of data that leaves your computer is carefully encrypted : your message is encoded with your Steem Messenger™ Private Key, which means Lara™ and the server can't read your messages. Then, informations about your message and your identity are encrypted with Lara™'s public key. The third pass is SSL, and brings a third layer of security. We're proud to unveil the Triple Dose Algorithm™.

  • Keep the control on your data
    With all the controversy about data leaks lately, we decided to give you full rights to your data. Sending private messages through the blockchain can be a real privacy concern : anybody can see with who you've been talking with, at what frequency, and can determine patterns in your behavior, conducting to massive data analysis.
    Not to mention the fact that your messages on the blockchain are permanent, which poses a real problem if the encryption method used was broken.
    With Steem Messenger™, you can easily, with the click of a button, delete your conversations, leaving no track of it on the database. Plus, if the encryption method is broken someday, we can always modify our encryption algorithm, apply it to the whole database, and make it safe again.

  • Secure database
    All your messages are encrypted in your browser before they are sent to the server, providing you an E2EE (End to End Encryption). Meaning that only you and your recipient can read your own messages, as it would take 10,000 centuries to successfully brute force your Steem Messenger key with a regular computer. No institutional agency can actually decode your messages without your keys, which makes Steem Messenger™ a great medium of communication, far more secure than the actual market need.

-Modularity is here
With the help of the great companion Lara™, we are now able to share our database with other frontends developers. They will no longer have to find a solution for the authentication process and the security of an off chain database. At Steem Messenger™, we believe this factor will make the number of apps in the Steem ecosystem flourish, given the number of possibilities. From data hosting, to any kind of off chain transactions that only requires your identity to be proven.

  • No Active/posting permissions required
    We will never ever need your important keys to verify your identity. We believe the memo key is the perfect way to verify your identity through the Steem Blockchain without putting your account or funds at risk.

  • Widget interface
    Steem Messenger™ is designed for convenience, and modularity. As we want to extend the usage of this application to all the Steem ecosystem, we need to make a unique interface, that can fit in an extension for example.

  • User-friendly interface
    We believe mass adoption is achievable if the interface is easy to understand, and without complicated concepts. Anybody can use this application, given the fact that they have a Steem account.

How does it work?


Client side

Now, this webpage is just here to present the project. Everythings happen when you click on the Steem Messenger™ button on the bottom right.

The graphic style was enhanced, providing a beautiful minimalist interface, that can integrate easily with any Steem based front-end.

You can connect to the interface by entering your personnal informations. Please remember you need exclusively your private memo key, as other keys would not work. Not to mention you should never use your active key and your password if you are not accessing to your account's funds.

It will check the public memo key associated with your username (pubWif = result[0]["memo_key"];) and verify if the private key you specified is valid with steem.auth.wifIsValid(privWif, pubWif);. If everything is ok, your private memo key is then sent to Lara™ in a encrypted state. The server will then send you a response, validating your credentials or not. If this is the first time you log in, you'll then automatically generate a new pair of keys with your own computational power (the process takes around 2 sec).

Once you've logged in, you can now see your previous conversations you had ! You can also search for a recipient by name. Once you've selected your recipient, you'll automatically query the blockchain for your recipient's public memo key and encrypt your message with var encoded = steem.memo.encode(uniquePrivateKey, publicMemoReceiver, text);.

Here is how the function works :

Your input is transmitted to Lara™ with socket.emit, and you can see how your message is encrypted before it goes to the server.

Once Lara™ receive your encrypted container, she will decrypt it with her private key and check if you are who you claim to be. If Lara™ validates your identity, she'll send your encrypted message and the delivery informations to the database, and tell to the server to deliver it to your recipient. Your memo key is deleted right after your identity confirmation.

Same thing when you receive a message, you can see in SM.js, the client will decode the container and append it to your conversation.

The raw variable is the encrypted message received from the server. It is decoded with var decoded = steem.memo.decode(ind.key, raw);, and then, inserted in the chat box. Without your private Memo Key, nobody should be able to decode your message but you.

Server side

Thanks to the witness @kennybll, the server now has a function to retrieve the last message from each conversation you had ! It gave us the possibility to create the "previous discussions" section. I'm really proud that more and more developpers get involved and helped us out in the making of this powerful messaging tool on top of the Steem Blockchain !

Now the Steem Messenger™ counts one more member in the team ! This anonymous person was working in the French military IT security. He found this project really interesting and accepted to take care of the server security.

The server is now hosted on one of our domain, and we started the private Beta testing session two weeks ago, without any security or privacy concern. We are now preparing our private server, with 32gb of high quality server RAM, and 2x E5 processors, which will give us enough power to handle the potential data load of the community.

Installation guide


To test this release, you need Node.js, and MongoDB.

Simply use npm install into the directory, start mongod, and then run type npm start. You can now launch index.ejs !

Private Beta Session


For now, we cannot allow the public beta to be released, even though the app is ready to be used as is. The only reason retaining us is the fact that a lot of users leaked their memo keys on the blockchain lately. We will take the time to query the blockchain to find every memo key out there, and build a script that will verify if the key is a leaked one or not. By doing so, we will be able to avoid every identity theft attempts.

We are searching for a few people to test the messenger for a given period of time. Every person selected will have to choose one friend to test the application. If you are interested in testing one of the most exciting project on this blockchain, please feel free to submit your application in the comments section.

Roadmap


We aim to be the most secure, fast, and reliable way to interact and chat with people/groups/guilds on the Steem blockchain. For now, we are working with the goal of delivering the first public release. Here are our next steps :

  • Verify if the memo key was leaked and block the connection if so
  • Finish the setup of the server
  • Prepare API points and API documentation
  • Add a settings section, in which you can choose the language, and many more important settings to give you the best experience
  • A blacklist user option will be added
  • Better emojis !
  • Improve graphic style
  • And many secret features

Changelogs


0.0.4 :
  • Creation of the Lara™ module
  • Triple Dose Encryption Algorithm™
  • Creation of the Steem Messenger™ set of public/private keys
  • Previous discussions section added
  • Various bugs corrected
  • Improved user interface
0.0.3 :
  • Widget interface
  • Total rework of the code
  • Added images and files encryption (restricted to < 100 Kb files)
  • Added a "return" button to return to receiver selection
  • Application deployed successfully !
  • Various tweaks and optimizations
  • Private Beta Testing session
0.0.2 :
  • Improved user interface
  • Added functions to client.js to interact with the index.html
  • Added login interface
  • Now you receive only messages that are related to you
  • The clear function now delete only the data related to you
  • Preparing the code to be deployed online with express
  • A process.env variable was added, the mongo database is now ready to deploy safely
0.0.1 :
  • Encode/decode function created
  • Using socket.io and mongodb to build the chat
  • Verifies authority localy on your browser
  • As a first release, you received every encoded messages from the database
  • clear all messages function
  • Simple UI
  • Proof of concept released

Contribution


If you would like to contribute to this project, or have any question about it, feel free to contact me on Discord @Kingswisdom#7650, or on github

Closing remarks


I want to thank every dev that helped me in the production of this application. They gave me great advices and helped me with the best of intentions. Thank you @kennybll, @jaysermendez, @planetenamek.

I also want to give a special thank to @jerrybanfield for his help through the @budgets project. This funding helped a lot, and it feels so much more practical to write on a not-broken keyboard !

As a sub-community manager/curator for SteemSTEM, I always felt the need to send a message to a random user I've spotted which can have some potential. A lot of users don't even have Discord, and they kind of quit Steem because of the lack of interactions. A solid integrated Messenger application was for me the best way to achieve a seamless communication with someone, without having to make it public.

I'm also very excited by how this developpement is going, from a simple messaging app, to a secure interface for basically anything concerning data and identity validation. The Lara module is also a great way to experiment with the permissioned database architecture on the Steem Blockchain. Why not store Dtube videos on it, costing cheap database storage ? We could even create an anonymous chat section, for all the users that land on steemit but don't know anything ? Or for the external audience ? The number of possibilities are incredible, and this brings me a lot of hope for the Steem ecosystem, and future !

Thank you !

If you think this app gives value to the Steem ecosystem, you can vote for me as a witness with SteemConnect, or directly through Steemit

Sort:  

My pleasure to help in any way in the development of this amazing project :D Looking forward to test it!

Thanks for your support buddy :D

Always man :D you deserve it!

Hi! Very cool. I'd like to see it.

How do you plan on handling group messaging?

Hello ! Thanks for your interest ! if you want to join the private Beta, contact me on discord @Kingswisdom#7650 :)

For the group messaging, for the moment this is confidential information, but the system is already working !

Now THIS is how you do messaging. Genius!

Thank you sir ! :D

I personally think that the estimator and security should be arranged in the messaging media that we should extend the matter further by now, which is not enough, I think it should be used more widely and should start a new system

Unfortunately, you're right ! The privacy concern just emerged in the idea of the general public, with the fuss lately about data mining companies. But in fact this behavior existed way before Facebook. Thank you for your comment !

amazing project,it help all for development.
Thank u for share ur idea.

Thank you for your contribution. How about a group chat, with whiteboard sharing, it might not be a too much task but will give the app a unique feature. Bdw I feel "jerrybanfield" tag is unnecessary in the Utopian post. Also when you commit it in github it would be good to add meaningful commit description.


Need help? Write a ticket on https://support.utopian.io.

Chat with us on Discord.
[utopian-moderator]

Hello @codingdefined !

Thank you for your kind suggestions ! Although I already thought of the group chat, the whiteboard seems to be a really interesting feature ! Great idea !
For the "jerrybanfield" tag, I used it so that Jerry could see this post in his daily tag checking routine, as he funded the project through the Budget initiative !

And, yes this is noted, next time i'll give more details on the commits descriptions :)

For jerrybanfield. Tags him in comment ;)

Hey @kingswisdom
Thanks for contributing on Utopian.
We're already looking forward to your next contribution!

Contributing on Utopian
Learn how to contribute on our website or by watching this tutorial on Youtube.

Want to chat? Join us on Discord https://discord.gg/h52nFrV.

Vote for Utopian Witness!

Nicee! Great idea @kingswisdom :)