"You cannot get by today without encryption, and yet the majority of users still do not check whether they have the right encryption keys. That’s why we decided to use the bitcoin network in BabelApp for automatic key control," says Čeněk Rauscher, the mobile applications development lead in today’s interview for Lupa.cz.
Words like encryption and secure communication are showing up practically all the time when speaking about using the internet. So a person may think that writing messages and calling is secure. Is that the case?
You practically cannot get by on the internet today without encryption. Everything and everywhere is being encrypted. Companies like to boast about it, and that makes many users feel at ease. Even webpages are using secured communication; your browser is encrypting when it sends data. But that doesn’t mean if you send someone an email from your browser that nobody else other than the intended recipient can read it. In this case, only the path from you to the server and subsequently to the addressee of the email is encrypted. On the server, your message is decrypted, saved and accessible. Then it just depends on that server’s level of protection against hackers, intra-company policies against leaking of messages, rules of the country within which the server is located, and other factors.
Another thing is so-called end-to-end encryption. This means that a client application encrypts the data at the end device (such as a phone) and sends it to the recipient, and only this recipient is able to decrypt and read the message. Servers are used here only to transmit the message, and nobody who gets to the message along the way can read it.
Most of today’s communicators boast that they support end-to-end encryption. Does that imply that it is enough to choose one of them and then one doesn’t need to be worried about security of calls and messages anymore?
It is true that most communicators proclaim end-to-end encryption, and there is probably no reason to mistrust them. Unfortunately, though, the matter is not so simple. If you want to have encrypted communication with somebody, it is necessary to exchange encryption keys. Even though the server gives you some keys, how do you know that they do not belong to somebody else? That an “evil” administrator or hacker did not give you a different key for instance?
It’s similar as in the case of phone numbers. Imagine that you ask a “good friend” to give you the telephone number of his friend but instead he gives you his own number and does the same thing to that friend. You and that friend exchange messages in good faith that nobody is reading your private messages, but in reality all the messages are received by somebody else who not only reads and forwards the messages but also may be inconspicuously changing them. It is very difficult to recognize such altered communication, even though checking whether communication is secure is usually not that difficult.
So, how can we make sure that our communication is not altered?
It’s not difficult, but it is rather impractical for users. In case of the friends mentioned above, it would be enough to meet and confirm mutually the phone numbers. With most end-to-end communicators there is an option to display encryption keys in some form, be it a jumble of characters, a sequence of codes, pictures or even words. Then, it is enough to connect with the person in question (in some way other than by using the communicator just being checked, of course, for instance to meet the person or call each other) and check the keys. If they are identical, there is nothing to fear.
For most users this is quite annoying, however, and we know from our own experience that only a fraction of people are verifying the keys. If you add to this that the keys are changing over time and that some communicators do not even notify you about the change, then you could be verifying the keys practically all the time.
From what you say, it feels like end-to-end encryption is quite a nightmare…
It is true that going through manual checking of keys is a bit of a nightmare. That’s also the reason why most communicators are hiding them in the application so that the application doesn’t look too complicated, although this doesn’t add much to security. The BabelApp communicator that we are developing aimed from the beginning to tell the user as much critical information as possible. It notified the user all the time what needs to be checked, who changed a key, etc.
In the end, this wasn’t really successful. There were so many warnings and so much information that nobody wanted to deal with it and we have come to believe that the only secure way is to do all the checks automatically and warn the user only in case of danger and to interrupt the communication altogether in case of a detected attack.
And isn’t it possible at all to deal with key verification in any other way?
Let’s think about the communication with your friend who somebody is eavesdropping on or reading. To meet with her is surely a solution and probably a pleasant one, but it probably would be enough to have a telephone directory where you could find her name and check if the phone number is correct.
This looks easy, but somebody may object – how do I know that the telephone directory I am searching in is not altered? What if the “treacherous” friend has planted it on me? And it is true that I cannot be sure. I would need a telephone directory everyone could trust, one that nobody could falsify and change in any way. If I transfer this to the internet, I need some service that belongs to nobody, where everybody can read data, and in certain cases add data but nobody is able to change them.
Do you mean blockchain?
Yes and no. It is true that one may imagine blockchain as a depository or database where information is difficult to change. The term “blockchain” has become a synonym for something unchanging and therefore secure, but that’s not exactly true. Blockchain is only a data structure containing blocks linked into chains having the characteristic that if you change information in an older block, it is necessary to change also all the newer blocks. This makes changes difficult, but that’s all.
Cryptocurrencies for instance use blockchain to store transactions and they use very smart protection mechanisms so that these transactions cannot be changed. The most common is a so-called “proof of work” – a protection requiring the block to fulfill very strict criteria in order to be considered valid. It is easy to verify that this is the case, but it is very difficult to create such a block. Even for millions of computers trying 24/7 it is a question of several minutes (about 10 minutes for bitcoin).
So if one would want to make a change, a person would have to have computing power able to recalculate the block being changed and after that also all newer blocks and this would have to be faster than new blocks could be added by the rest of the network. How massive this power is may be illustrated by the fact that also very energy-saving chips taking care of the calculations use as much energy as several nuclear power plants. So, as you see, this is indeed not very ecological.
You use cryptocurrencies to store information about keys?
Yes. After making an analysis, we decided to use the biggest, oldest, and hopefully also the most stable cryptocurrency — if we may use the word stable when speaking about cryptocurrencies at all. By the oldest cryptocurrency I mean bitcoin, of course.
So instead of bitcoin transactions, you enter information about the keys into the bitcoin network? Is that even allowed?
That’s not quite accurate. Blocks in bitcoin blockchain contain only lists of executed transactions and nothing else. We need to adhere to the rules, of course, and nothing else other than transactions would be accepted by the network. But in the same way as you may add a comment to a financial transaction at the bank, it is possible to write a certain form of comment to a bitcoin transaction. We use these few bytes for future verification. So, we always transfer a little fraction of bitcoin (a few crowns’ worth) and add important information for future verification. Anybody is able to find and verify this transaction but nobody is able to delete or change it.
And what about the key change? You have mentioned that keys may change over time, but on principle you cannot change anything in bitcoin network.
Nothing may be changed, but the small amount of bitcoin may be transferred again and again, the same as money. Only the last outstanding transaction is valid, other transactions are only history.
But somebody enters transactions with keys into the bitcoin network. Who has the right to do so, and how can I be sure that the information entered was not falsified?
In the case of BabelApp, we use the standard bitcoin transaction mechanism. If you use a new transaction to transfer part of a bitcoin, you define within it who may access the amount and who may transfer it to somebody else in the future. In this way it is ensured that creating and changing keys and other necessary operations may be performed only by the person owning the keys.
Moreover, if bitcoin keys enabling to make a record would be stolen and misused, for instance, it would be very quickly discovered. Each telephone is constantly monitoring all changes in the bitcoin network containing information with data for BabelApp. So, information about changed information in one’s own account cannot be missed and the application will discontinue the communication immediately.
The bitcoin network is surely secure, but it is also huge. If I need to verify a specific person, is it really necessary to download hundreds of gigabytes of data?
This may be a problem with a standard phone. The bitcoin network is growing constantly at tremendous speed, and all blocks truly contain hundreds of gigabytes. It is not necessary to download all these data, however. Users do not
connect directly to the nodes in the bitcoin network but only to one of them or alternatively to multiple BabelApp servers. These servers download data from bitcoin nodes, verify them, then filter and send to clients only a fraction of them. In this way, the security and changelessness of this information is secured and the end clients only validate that the server is not cheating.
That means clients process only an insignificant amount of data. If you call or send pictures, data volumes are much greater. Moreover, information is stored at the clients, so it is accessible also offline and nothing needs to be downloaded multiple times.
Using bitcoins is quite difficult. You need a wallet, you need to buy bitcoins somewhere, and then pay fees to miners. Does this apply to BabelApp too?
The miners ensure security of the network. Logically, the more of them there are, the more secure is the network. Nevertheless, they do not do it out of some higher purpose or conviction; they do it for money. Therefore, the behavior of the network is predictable – more expensive bitcoins mean more miners and greater security. The miners have a clear task of trying to create a correct block with transactions and if one succeeds approximately once in 10 minutes, then he or she will be rewarded. Part of the reward consists in fees for those transactions included into the block. If there are many transactions, it is necessary to wait for some time until transactions are entered into a block. This may take hours, exceptionally days.
It is clear that somebody has to pay these miners, as otherwise they wouldn’t do it. This doesn’t mean, however, that you have to buy bitcoins and study how to use the bitcoin wallet. The server you are registered with pays for your transactions. If this is a server in your company, the company pays it for you. If you use the free BabelApp where you can connect at no charge, you may use the protection also there. In the application, you only need to activate a service and pay through Google or Apple a fee for the transaction in the amount of CZK 10.
This is a little bit less than current real costs, but at the moment we mainly want nobody to misuse the application excessively. You may use the application also without this protection, but then it is the same as Threema or Signal so far as protection is considered. Everybody who is interested can learn more about the application on our website at babelapp.com. There is also a comprehensive white paper for download with all information about the application, including a detailed description of protection using the bitcoin networks.
My bitcoin protection is activated, so I don’t have to take care of anything else now? The application is always verifying everything for me?
Put simply, yes. The application is all the time checking news in the bitcoin network and verifies this against information that it has, and it is searching for possible threats. If it finds one, it will inform you about it or alternatively it denies you the altered communication. If any of your contacts is not using this protection, the application marks such person with orange color and you may use the standard manual verification. So long as your phone is not reporting an attack, there is nothing to fear. In the case of orange contacts, just pay attention to sensitive correspondence at least until you verify manually.
BabelApp sounds like an interesting but very large project. Blockchain, bitcoin, encryption, security, Android, iOS, Windows client. Tell us something about what are you planning for the project, what’s next, how big is the team of developers working on the application?
You could continue with that list by adding OSX, Java, C++, VOIP. In the course of development we really encountered many problems from Android to ZRTP. The project started about 8 years ago as an SMS encryption tool for Android and iOS. Since then, it has grown into one of the most secure communication platforms in the world. In the roadmap, we have more and more functions that we are implementing. I can mention, for example, video conferencing, a calendar, and an encrypted disk through which received and sent attachments would be accessible. There is much more, and it only depends upon our customers and their priorities.
We have a team of about 20 people in our company to develop this application. Not only developers but also testers, a UX designer, implementation specialist, and others. The team is growing, so if somebody who is reading this article is interested and has something to offer, we will be happy to welcome him or her at OKsystem. We have quite a few open positions at the moment.
You can find the original interview in czech on Lupa.cz: Čeněk Rauscher (OKsystem): Využíváme bitcoin pro ukládání šifrovacích klíčů - Lupa.cz