Encryption overview in ADAMANT Messenger

We have already described what features of ADAMANT ensure security, and how it encrypts and signs messages with code examples.

In this article, we answer questions about the cipher keys, the theoretical possibility of decrypting correspondence, and the threat of quantum computers.

Encryption and digital signatures

Cryptography is a conservative mathematical science and every cipher must pass the test of time. Therefore, ADAMANT has the same algorithms that use Bitcoin, Ethereum, Lisk, Zcash, Monero, Signal, Tox, Threema, Telegram, ProtonMail, OpenSSH, OpenBSD, TLS, DNSCrypt, IPFS, iOS, PuTTY, Tor.

ADAMANT, thanks to the blockchain, guarantees decentralization, freedom of speech and absence of censorship, anonymity (pseudonymity), the integrity and order of messages, their permanent storage, reliability of delivery, the ability to access them at any time and from any device, excludes Man-in-the-Middle attacks. Messages and transactions are verified not by the recipient, not by the authorized center, but by every node in the network. The price of the decentralization — fees which compensate the costs of network supporters.

Account and Passphrase (Key pair)

• BIP39 mnemonic passphrase of 12 words ~ 2048¹² variants, 132-bit entropy
• BIP39 seed ⟶ SHA-256 hash, 256-bit
• Ed25519 digital signature keys: 256-bit public key and 512-bit secret (private) key. Security compared to RSA with ~3000-bit keys, strong 128-bit block ciphers.
• ADM user address is a ‘U’ + 8 bytes of the SHA-256 of public key, 64-bit
• Ed25519 public key is written in the ADAMANT blockchain with the first outgoing transaction

Messages

• User’s Ed25519 sign keys ⟶ Curve25519 Diffie-Hellman sign keys (256-bit public key and 256-bit secret) for asymmetric encryption
• Curve25519-XSalsa20-Poly1305 (NaCl.box) cifer for Diffie-Hellman Curve25519 protocol, 20 rounds with 192-bit nonce for XSalsa20, and Poly1305 to verify the data integrity and the authenticity of a message
• Key-value storage, KVS
• User’s Ed25519 sign keys ⟶ XSalsa20-Poly1305 secret key
• Data ⟶ JSON object with “noise” added
• XSalsa20-Poly1305 (NaCl.secretbox) cifer of 20 rounds with 192-bit nonce for XSalsa20, and Poly1305 to verify the data integrity and the authenticity of a message

Transactions’ signatures

• Tx data includes timestamp and encrypted message ⟶ SHA-256 hash
• Tx hash is signed with Ed25519 by sender (the 256-bit public key and 512-bit secret key)
• Tx ID is 8 bytes of the signature’s SHA-256 hash

Detailed description of encryption and sign:

• Generating ADAMANT account and key pair
• Encrypting and Decrypting Messages
• Signing Transactions

Blockchain data storage and quantum computers

Some users are intimidated by the “eternal” storage of correspondence in the blockchain. Will they come up with quantum computers and decrypt all the correspondence soon?

New approaches to cryptanalysis (decryption without keys) threaten not only ADAMANT, but the entire IT sphere and the Internet, including state secrets, correspondence, data storage. All technologies and programs are built on the same cryptographic ciphers — see the examples above.

Total surveillance systems like PRISM in the US and Yarovaya law in Russia, store absolutely all traffic, and it will also be available for new approaches to cryptanalysis.

Quantum cryptanalysis is not magic, and will not allow “decrypting all the correspondence that is stored on the blockchain”. It only allows theoretically to speed up decryption, and since current cifers have a significant margin of safety, quantum cryptanalysis may be ineffective. In addition, it is impossible to “decrypt the entire correspondence”, and they will have to work on each user account separately — everyone has different encryption keys. In ADAMANT, accounts are anonymous, so they still need to choose an account for decryption.

It will be decades before the practical application of quantum cryptanalysis. Probably, during this time, the threat to cryptography will not be quantum computers, but something else.

If necessary, ADAMANT can also adapt to new technologies in cryptography, like other messengers and programs.

Use cases are important for ADAMANT. It does not replace “everyday” WhatsApp and Telegram. The ideal way to use ADAMANT is for one-time or short-term correspondence with frequent account switches. It takes one second to create a new account.

Protect your right to privacy, and remember — Secure messengers do not exist.

Encryption overview in ADAMANT Messenger was originally published in adamant.im on Medium, where people are continuing the conversation by highlighting and responding to this story.