xx messenger is a

cross-platform In computing, cross-platform software (also called multi-platform software, platform-agnostic software, or platform-independent software) is computer software that is designed to work in several computing platforms. Some cross-platform software r ...

decentralized Decentralization or decentralisation is the process by which the activities of an organization, particularly those regarding planning and decision making, are distributed or delegated away from a central, authoritative location or group. Conce ...

encrypted

instant messaging Instant messaging (IM) technology is a type of online chat allowing real-time text transmission over the Internet or another computer network. Messages are typically transmitted between two or more parties, when each user inputs text and trigge ...

service developed by PrivaTegrity Corporation. Messages are delivered over a variety of

mix network Mix networks are routing protocols that create hard-to-trace communications by using a chain of proxy servers known as ''mixes'' which take in messages from multiple senders, shuffle them, and send them back out in random order to the next desti ...

first described in 2016. Users can send one-to-one and group messages, which can include voice notes and images. xx messenger uses usernames as identifiers which can be optionally attached to standard cellular

telephone number A telephone number is a sequence of digits assigned to a landline telephone subscriber station connected to a telephone line or to a wireless electronic telephony device, such as a radio telephone or a mobile telephone, or to other devices f ...

s or email addresses for contact discovery. All communications between users are secured with quantum-resistant end-to-end encryption. xx messenger's software is

free and open-source Free and open-source software (FOSS) is a term used to refer to groups of software consisting of both free software and open-source software where anyone is freely licensed to use, copy, study, and change the software in any way, and the source ...

. Its mobile clients are published under the

2-clause BSD BSD licenses are a family of permissive free software licenses, imposing minimal restrictions on the use and distribution of covered software. This is in contrast to copyleft licenses, which have share-alike requirements. The original BSD lice ...

License, while its server software is published under a modified, patent-protected Business Source License.

History

An alpha version of xx messenger was first presented on January 6, 2016 by

David Chaum David Lee Chaum (born 1955) is an American computer scientist, cryptographer, and inventor. He is known as a pioneer in cryptography and privacy-preserving technologies, and widely recognized as the inventor of digital cash. His 1982 dissertatio ...

at the

Real World Crypto Real may refer to: Currencies * Brazilian real (R$) * Central American Republic real * Mexican real * Portuguese real * Spanish real * Spanish colonial real Music Albums * ''Real'' (L'Arc-en-Ciel album) (2000) * ''Real'' (Bright album) (2010) ...

conference with the stated goal of demonstrating a new type of

encryption scheme. The encryption scheme, known as PrivaTegrity, was described by Chaum and team of academic partners at

Purdue University Purdue University is a public land-grant research university in West Lafayette, Indiana, and the flagship campus of the Purdue University system. The university was founded in 1869 after Lafayette businessman John Purdue donated land and money ...

, Radboud University Nijmegen,

University of Birmingham , mottoeng = Through efforts to heights , established = 1825 – Birmingham School of Medicine and Surgery1836 – Birmingham Royal School of Medicine and Surgery1843 – Queen's College1875 – Mason Science College1898 – Mason Univers ...

, and other schools.Chaum, David, et al. "cMix: Anonymization by high-performance scalable mixing." ''USENIX Security''. 2016. xx messenger was released to the public as a mobile app on

Android Android may refer to: Science and technology * Android (robot), a humanoid robot or synthetic organism designed to imitate a human * Android (operating system), Google's mobile operating system ** Bugdroid, a Google mascot sometimes referred to ...

and

IOS iOS (formerly iPhone OS) is a mobile operating system created and developed by Apple Inc. exclusively for its hardware. It is the operating system that powers many of the company's mobile devices, including the iPhone; the term also includes ...

on 25 January 2022.

Architecture

cMix

xx messenger uses cMix - a network of

servers that are run by independent operators in approximately 80 countries - for data transmission. cMix attempts to address traditional latency and scalability limitations of mix networks by performing computationally expensive public-key operations between mix nodes prior to any client data being transmitted over the network. Messages sent by users of xx messenger are grouped in batches of 1,000 and routed through a subset of cMix nodes. Once the mixing process is complete, each message can be retrieved and decrypted by their recipient.

Encryption protocols

The cMix protocol uses XChaCha20,

BLAKE2b BLAKE is a cryptographic hash function based on Daniel J. Bernstein's ChaCha stream cipher, but a permuted copy of the input block, XORed with round constants, is added before each ChaCha round. Like SHA-2, there are two variants differing in the ...

, HMAC-SHA-256,

Diffie–Hellman key exchange Diffie–Hellman key exchangeSynonyms of Diffie–Hellman key exchange include: * Diffie–Hellman–Merkle key exchange * Diffie–Hellman key agreement * Diffie–Hellman key establishment * Diffie–Hellman key negotiation * Exponential key exc ...

, and

Supersingular isogeny key exchange Supersingular isogeny Diffie–Hellman key exchange (SIDH or SIKE) is an insecure proposal for a post-quantum cryptographic algorithm to establish a secret key between two parties over an untrusted communications channel. It is analogous to the D ...

cryptographic primitive Cryptographic primitives are well-established, low-level cryptographic algorithms that are frequently used to build cryptographic protocols for computer security systems. These routines include, but are not limited to, one-way hash functions and ...

s. Messages are encrypted in two layers. The inner layer is encrypted with ChaCha20 symmetric encryption. This payload is then encrypted once more for transmission over the mixnet using multi-party ElGamal encryption. The encryption protocols, in addition to the properties provided by the mixnet, allow both anonymity preservation and traditional end-to-end security guarantees, as well as preliminary post-quantum security with a traditional fallback mechanism.Chaum, D., Das, D., Javani, F., Kate, A., Krasnova, A., Ruiter, J.D., & Sherman, A.T. (2017). cMix: Mixing with Minimal Real-Time Asymmetric Cryptographic Operations. ''ACNS''.

References

External links