this post was submitted on 16 Dec 2024
8 points (100.0% liked)

SimpleX Chat

355 readers
3 users here now

Community of SimpleX Chat users – managed by the team.

SimpleX Chat is the first chat platform that is 100% private by design – it has no user identifiers of any kind and no access to your connections graph – it's a more private design than any alternative we know of.

Please ask any questions and make feature suggestions. Your ideas and criticism are very welcome!

https://github.com/simplex-chat/simplex-chat

founded 2 years ago
MODERATORS
[email protected]
8
If SimpleX donesn't work with ID's, how can it be sure to deliver the messages at the right person ? (lemmy.ml)
submitted 3 days ago by [email protected] to c/[email protected]
3 comments fedilink hide all child comments
 

I have read the documentation, but i still don't understand how simpleX know that the messages are delivered to the right person if it doesn't use ID's. Could someone explain it schematically ?

Thanks

you are viewing a single comment's thread
view the rest of the comments
[–] rrobin 1 points 6 hours ago

Not sure which docs you are looking at, but my preferred description for this part is SMP

The previous message already pointed out the main point - communication happens via queues our clients knows to belong to the destination, and these queues are temporary. This means even if an attacker determines the queue belongs to a specific person it can be changed and even then it does not reveal who is the other contact using the queue.

A few more bits to consider:

  1. queues are unidirectional (so you need at least 2 for a contact) and you only create the ones you use to receive messages
  2. the server holds two identifiers for a queue - one for the sender one for the receiver
  3. the queue also has two keys - which allow the server to recognize the sender and receiver respectively i.e. only the sender can send and only the receiver can collect msgs (SMP server should reject otherwise)
  4. all the keys/ids i mentioned so far a created anew per queue
  5. finally the messages that are placed in the queue are encrypted between sender and receiver (DH) but is beyond SMP

So there are IDs but hopefully they are not useful for an attacker.

Now to answer your question. There are IDs but for a message to be delivered to the wrong person the following would need to happen

  1. you would have to send it to a server with the wrong ID and encrypted with wrong key
  2. the SMP server would need to allow this by decrypting it with the wrong key too (unlikely but not impossible I think - if we assume some magic to break point 3. from before)
  3. the message would then be picked up by the receiver (which would try to decrypt it but it would fail)

Caveats - the client app must be well implemented and NEVER reuse keys. Likewise the server must not reuse queue IDs.

I think I got my assumptions right. When in doubt check the 2nd link for a long step by step description of the protocol