Steem Messenger V0.0.4 : Lara, Triple Dose Algorithm, and many more !
The Steem Messenger™
What is the project about?
Steem Messenger™ is about convenience, security, and privacy. Many Steem users decided to use chats mediums like Discord, and Steemit.chat. Steem Messenger enables a secure and fast instant messaging interface between users on the Steem blockchain, without the need to trust your recipient, or any other third party.
To make this secure and private, we use what we call the Triple Dose Algorithm™. Because your data is important, we carefully apply this algorithm to all messages in the network, which gives us confidence about the security and privacy of interactions between you, users, frontends, and the database.
This project is more than messaging. It is about data transfer of any type. With Steem Messenger™, you will now soon be able to chat, make a phone call, video calls, all securely, and with a great level of privacy. But not only ! You could also connect a smart object to the network, give it a username, and it would be a secure, fast, and private way to send intructions to that object. A Steem IoT ? Why not !
Our database is permissioned, and can be opened for developpers to create any frontend for it. For doing so, we created Lara™, a special module that will act as the trusted intermediary of the network.
(Credits : @happydaddyfr CC-BY-NC-ND)
The project is still in developpement stage, but has a private beta. If you wish to test the application, feel free to contact me on Discord
We use a powerful implementation of the
To support high traffic volume, for scalability, and to avoid hurting our beloved Steem Blockchain, we decided to use a non-relationnal database (NoSQL), MongoDB, for it's convenience and performance.
We modified our encryption system, and now, we use a 3 passes encryption protocol (the Triple Dose Algorithm™), which allow our database to be as safe as the Steem blockchain.
Our database is permissioned, and every application that will connect to it in the future will have to respect the required protocol in order to CRUD (Create, Read, Update and Delete) on it, otherwise, it will not get any permission. This protocol respects users privacy, and gives the database it's secure nature. In order to achieve this, we created a module called Lara™, which will act as the trusted intermediary between users, and frontends using our shared database.
- Instant Messaging
As Steem Messenger™ is off-chain based, we can play around the block time limitation (3 seconds per block), and we don't need to constantly stream the blockchain to find if you just received a message. Every time you receive a message, a notification sound will occur, so you'll never miss one !
As we don't rely on transfers to send messages securely, we can also play around the memo size limitation (2kb), which gives us the ability to theoretically send any size of file. We thus added the possibility to encrypt images and files and to send them to your recipient. Note that it can take quite a lot of time to encrypt a large size image, so we restricted the size limit to 100 Kb for the moment. Files are not stored on our database for the moment, which means your receiver will only receive them if he is connected. It also means when you disconnect from the app, or refresh the page, the image will disappear from the chat.
A new and unique encryption key
On your first login, you will automatically generate a new pair of encryption keys. This key will serve for your messages encryption only, and will never leave your computer. We're thus proud to introduce the Steem Messenger™ pair of keys !
An original way of verifying your identity on the Steem Blockchain
To make the database truly secure and permissioned, we decided to use the memo pair of keys. When you send a message, you also send your private memo key to check your identity. This will preserve the database integrity, and makes it the first permissioned database on Steem ! It will also gives us the ability to prevent someone using your private key if your memo key was leaked on the Steem blockchain. We will never store or access any data/token/hash of your key on the Steem Messenger™'s server, nor on Lara™'s server. No MITM (Man In The Middle), no identity theft.
3 passes encryption
With a clever use of the
steem.memo.encodefunction, we achieved to build a real and unique by design end to end encryption. Every bit of data that leaves your computer is carefully encrypted : your message is encoded with your Steem Messenger™ Private Key, which means Lara™ and the server can't read your messages. Then, informations about your message and your identity are encrypted with Lara™'s public key. The third pass is SSL, and brings a third layer of security. We're proud to unveil the Triple Dose Algorithm™.
Keep the control on your data
With all the controversy about data leaks lately, we decided to give you full rights to your data. Sending private messages through the blockchain can be a real privacy concern : anybody can see with who you've been talking with, at what frequency, and can determine patterns in your behavior, conducting to massive data analysis.
Not to mention the fact that your messages on the blockchain are permanent, which poses a real problem if the encryption method used was broken.
With Steem Messenger™, you can easily, with the click of a button, delete your conversations, leaving no track of it on the database. Plus, if the encryption method is broken someday, we can always modify our encryption algorithm, apply it to the whole database, and make it safe again.
All your messages are encrypted in your browser before they are sent to the server, providing you an E2EE (End to End Encryption). Meaning that only you and your recipient can read your own messages, as it would take 10,000 centuries to successfully brute force your Steem Messenger key with a regular computer. No institutional agency can actually decode your messages without your keys, which makes Steem Messenger™ a great medium of communication, far more secure than the actual market need.
-Modularity is here
With the help of the great companion Lara™, we are now able to share our database with other frontends developers. They will no longer have to find a solution for the authentication process and the security of an off chain database. At Steem Messenger™, we believe this factor will make the number of apps in the Steem ecosystem flourish, given the number of possibilities. From data hosting, to any kind of off chain transactions that only requires your identity to be proven.
No Active/posting permissions required
We will never ever need your important keys to verify your identity. We believe the memo key is the perfect way to verify your identity through the Steem Blockchain without putting your account or funds at risk.
Steem Messenger™ is designed for convenience, and modularity. As we want to extend the usage of this application to all the Steem ecosystem, we need to make a unique interface, that can fit in an extension for example.
We believe mass adoption is achievable if the interface is easy to understand, and without complicated concepts. Anybody can use this application, given the fact that they have a Steem account.
How does it work?
Now, this webpage is just here to present the project. Everythings happen when you click on the Steem Messenger™ button on the bottom right.
The graphic style was enhanced, providing a beautiful minimalist interface, that can integrate easily with any Steem based front-end.
You can connect to the interface by entering your personnal informations. Please remember you need exclusively your private memo key, as other keys would not work. Not to mention you should never use your active key and your password if you are not accessing to your account's funds.
It will check the public memo key associated with your username (
pubWif = result["memo_key"];) and verify if the private key you specified is valid with
steem.auth.wifIsValid(privWif, pubWif);. If everything is ok, your private memo key is then sent to Lara™ in a encrypted state. The server will then send you a response, validating your credentials or not. If this is the first time you log in, you'll then automatically generate a new pair of keys with your own computational power (the process takes around 2 sec).
Once you've logged in, you can now see your previous conversations you had ! You can also search for a recipient by name. Once you've selected your recipient, you'll automatically query the blockchain for your recipient's public memo key and encrypt your message with
var encoded = steem.memo.encode(uniquePrivateKey, publicMemoReceiver, text);.
Here is how the function works :
Your input is transmitted to Lara™ with
socket.emit, and you can see how your message is encrypted before it goes to the server.
Once Lara™ receive your encrypted container, she will decrypt it with her private key and check if you are who you claim to be. If Lara™ validates your identity, she'll send your encrypted message and the delivery informations to the database, and tell to the server to deliver it to your recipient. Your memo key is deleted right after your identity confirmation.
Same thing when you receive a message, you can see in SM.js, the client will decode the container and append it to your conversation.
raw variable is the encrypted message received from the server. It is decoded with
var decoded = steem.memo.decode(ind.key, raw);, and then, inserted in the chat box. Without your private Memo Key, nobody should be able to decode your message but you.
Thanks to the witness @kennybll, the server now has a function to retrieve the last message from each conversation you had ! It gave us the possibility to create the "previous discussions" section. I'm really proud that more and more developpers get involved and helped us out in the making of this powerful messaging tool on top of the Steem Blockchain !
Now the Steem Messenger™ counts one more member in the team ! This anonymous person was working in the French military IT security. He found this project really interesting and accepted to take care of the server security.
The server is now hosted on one of our domain, and we started the private Beta testing session two weeks ago, without any security or privacy concern. We are now preparing our private server, with 32gb of high quality server RAM, and 2x E5 processors, which will give us enough power to handle the potential data load of the community.
To test this release, you need Node.js, and MongoDB.
npm install into the directory, start
mongod, and then run type
npm start. You can now launch
Private Beta Session
For now, we cannot allow the public beta to be released, even though the app is ready to be used as is. The only reason retaining us is the fact that a lot of users leaked their memo keys on the blockchain lately. We will take the time to query the blockchain to find every memo key out there, and build a script that will verify if the key is a leaked one or not. By doing so, we will be able to avoid every identity theft attempts.
We are searching for a few people to test the messenger for a given period of time. Every person selected will have to choose one friend to test the application. If you are interested in testing one of the most exciting project on this blockchain, please feel free to submit your application in the comments section.
We aim to be the most secure, fast, and reliable way to interact and chat with people/groups/guilds on the Steem blockchain. For now, we are working with the goal of delivering the first public release. Here are our next steps :
- Verify if the memo key was leaked and block the connection if so
- Finish the setup of the server
- Prepare API points and API documentation
- Add a settings section, in which you can choose the language, and many more important settings to give you the best experience
- A blacklist user option will be added
- Better emojis !
- Improve graphic style
- And many secret features
- Creation of the Lara™ module
- Triple Dose Encryption Algorithm™
- Creation of the Steem Messenger™ set of public/private keys
- Previous discussions section added
- Various bugs corrected
- Improved user interface
- Widget interface
- Total rework of the code
- Added images and files encryption (restricted to < 100 Kb files)
- Added a "return" button to return to receiver selection
- Application deployed successfully !
- Various tweaks and optimizations
- Private Beta Testing session
- Improved user interface
- Added functions to client.js to interact with the index.html
- Added login interface
- Now you receive only messages that are related to you
- The clear function now delete only the data related to you
- Preparing the code to be deployed online with
process.envvariable was added, the mongo database is now ready to deploy safely
- Encode/decode function created
mongodbto build the chat
- Verifies authority localy on your browser
- As a first release, you received every encoded messages from the database
- clear all messages function
- Simple UI
- Proof of concept released
I want to thank every dev that helped me in the production of this application. They gave me great advices and helped me with the best of intentions. Thank you @kennybll, @jaysermendez, @planetenamek.
As a sub-community manager/curator for SteemSTEM, I always felt the need to send a message to a random user I've spotted which can have some potential. A lot of users don't even have Discord, and they kind of quit Steem because of the lack of interactions. A solid integrated Messenger application was for me the best way to achieve a seamless communication with someone, without having to make it public.
I'm also very excited by how this developpement is going, from a simple messaging app, to a secure interface for basically anything concerning data and identity validation. The Lara module is also a great way to experiment with the permissioned database architecture on the Steem Blockchain. Why not store Dtube videos on it, costing cheap database storage ? We could even create an anonymous chat section, for all the users that land on steemit but don't know anything ? Or for the external audience ? The number of possibilities are incredible, and this brings me a lot of hope for the Steem ecosystem, and future !
Thank you !