Vikram Reddy, profile picture
Uploaded byVikram Reddy
PPT, PDF792 views

Bitmessage

This document summarizes Bitmessage, an anonymous and encrypted messaging protocol. Some key points: - Bitmessage is based on the Bitcoin protocol and uses a "Everyone Gets Everything" model where all active users receive and try to decrypt messages. - It aims to anonymize both message content and metadata like sender/receiver addresses. - Issues include a lack of perfect forward secrecy and questions around scalability with high message volumes. - The document proposes a thin client architecture like Bitcoin's Electrum to help address scalability by avoiding downloading the full blockchain locally.

Embed presentation

Downloaded 21 times
Bitmessage:An Analysis Vikram Reddy Pareddy CSc 8222 Department of Computer Science, Georgia State University
Email • SMTP – 1981 • Simple Protocol - designed mainly for academic and government use. • No data protection strategies included
SMTP
Improvements on SMTP • Sender Policy Framework(SPF) – It is an email validation system that tries to prevent spam by detecting spoofing, by verifying sender’s IP address. The domain administrators are expected to designate hosts in that domain that are legitimate hosts. • Domain Keys Identified Mail(DKIM) – It is a method of associating a domain name to the email message to make someone responsible for the email. This responsibility is set by using digital signatures.
Secure Email • PGP – 1991 – Phil Zimmerman • It uses signing, encryption, certificates etc. to create secure environments – for email or for encrypted file systems etc. • Public key authentication – decentralized • Web of Trust
Web of Trust
Assumptions in Web of Trust • In order to verify the key, the assumption made is that everyone signs the key of others • Also everyone submits these signatures to the key servers.
Idea of PGP
Off the record messaging • Cryptographic protocol used to provide strong encryption for instant messaging and email • It uses a combination of AES symmetric key encryption, Diffie-Hellman key exchange, and SHA1 hash function.
Features of OTR systems • Encryption • Authentication • Deniable Encryption • Perfect Forward Secrecy
Invisible Internet Project • Provides a layer that serves secure communication/data transfer mechanism • Introduced in 2003 as a beta software • Not reviewed yet • No anonymity guaranteed
Issues with protocols based on SMTP
Bitcoin • Open source decentralized Peer to Peer currency • No central authority • Not designed for anonymity • Proof of work • Mining
Bitmessage • Based on Bitcoin, although it is designed to handle a different application • It differs from the protocols based on SMTP as it is based on the concept of EGE or “Everyone Gets Everything” • Using this concept, Bitmessage can not only mask the message body but also the metadata associated with the message i.e. the sender and receiver
EGE • No end points to a message • Encrypt the message and drop it into the block chain of messages • All the active users try to decrypt the message. • Only the intended recipient will be able to decrypt the message.
Other services of Bitmessage Broadcasting •Since Bitmessage is based on the concept of EGE, broadcasting a message comes naturally •The users have to get the password of the channel from some forum or word of mouth – and then they will be able to decrypt the messages using the password
Chans •Chans or channels are anonymous chat rooms •Users can simply encrypt using the public key of the chat room and post it •Completely anonymous
Perfect Forward Secrecy • An intruder can store all the encrypted conversations and later when he eventually breaks or somehow gets the private key, all the previously encrypted information is lost • This is a concern in almost all the PKI systems • In Bitmessage this concern is even more pronounced as anyone can store the block chains easily
• Bitmessage doesn’t provide PFS • However, this can be supported in Bitmessage using and implementation of key rotation • Every message that is sent has to be sent using a new key. These are called ephemeral keys
Message Retention • In Bitmessage, the messages are retained for two days before they are deleted • The sender expects an acknowledgement from the receiver which confirms the delivery of the message • If the receiver doesn’t check his mailbox in two days that the message was sent, the messae is lost and the sender has to send it again This concept is being improved using the Time-to-live concept
Streams • According to Prof. Tom Rodden of Univ of Nottingham, 2.8 million mails are being sent per second across the world. • If Bitmessage is expected to store all these messages, it has to implement some concept compared to the normal block chain used by bitcoin • For this, Bitmessage uses Streams. • Streams are a way to self-segregate the messages when the volume of the messages is too high
• When the volume of messages become too high, the client can divide the block chain into child streams • Problem: Inter stream messaging is not possible in Bitmessage. • If the receiver of the message is in a different stream, the sender has to create an address in that other stream in order to send the message.
Conclusion • Bitmessage completely redesigns the email system • It is completely anonymous • There are a few issues that still exist such as Perfect Forward Secrecy and the question of scalability
Future Work • An MIT graduate has developed a new protocol based on Bitmessage • This message is called Bitmask or Bitmessage 2.0. This protocol uses bandwidth based metrics instead of proof of work • A protocol called LibertyMail is being developed which is again based on Bitmessage system
Idea • Currently, Bitmessage, like bitcoin in the beginning has only one client, Bitmessage-Qt • This is a standalone client in the system which is used independent of any mail client • The problem with this kind of client is that it downloads all the block chain into the individual system • While this is a hindrance only when downloading the client for the first time, it is still a hindrance
• Bitcoin overcomes this hindrance by using a thin client based architecture • Electrum is an example • Electrum has its multiple servers located across the world. • A person who wants to use a bitcoin client can generate the keys on his local machine and send it to the electrum server which posts it onto the block chain
• Electrum uses passphrase based electrum client that creates deterministic addresses based on the seed value. • The idea of my project is to use a similar architecture in Bitmessage. • Using this architecture, we can still mask the metadata
References

More Related Content

PPTX
Bitmessage
byVikram Reddy
 
PPT
Email Security : PGP & SMIME
byRohit Soni
 
PDF
COMP 4010 - Lecture 1: Introduction to Virtual Reality
byMark Billinghurst
 
PDF
Digital Certified Mail
byMatthew Chang
 
PPT
Proposal presentation
byVikram Reddy
 
PPT
chap15 cryptography and network security.ppt
byubaidullah75790
 
PPTX
E-mail Security S/MIME PrettyGoodPrivacy
byDr.Manjunath Kotari
 
PDF
Design of a secure "Token Passing" protocol
byAugusto Ciuffoletti
 
Bitmessage
byVikram Reddy
 
Email Security : PGP & SMIME
byRohit Soni
 
COMP 4010 - Lecture 1: Introduction to Virtual Reality
byMark Billinghurst
 
Digital Certified Mail
byMatthew Chang
 
Proposal presentation
byVikram Reddy
 
chap15 cryptography and network security.ppt
byubaidullah75790
 
E-mail Security S/MIME PrettyGoodPrivacy
byDr.Manjunath Kotari
 
Design of a secure "Token Passing" protocol
byAugusto Ciuffoletti
 

Similar to Bitmessage

PDF
Using PGP for securing the e-mail
bydavidepiccardi
 
PPT
S-MIMEemail-security.ppt
bywitscollege
 
PDF
Electronic mail security
byDr.Florence Dayana
 
PDF
BAIT1103 Chapter 5
bylimsh
 
PPT
computer netwok security Pretty Good Privacy PGP.ppt
byjayaprasanna10
 
PPT
Celebrity Cricket League 2016 - http://ccl5.com/
byTania Agni
 
PPT
Pgp smime
byTania Agni
 
PPT
chapter 15-Network and Security-By-MIT.ppt
byKamranHussainAwan
 
PPT
ch15.ppt
bywitscollege
 
PPT
ch15.ppt
byssuser6602e0
 
PPT
ch15 (1).ppt
bySunilKatkar5
 
PDF
New Approach for Keys Distribution Through Publish/Subscribe Protocols
byIJCSIS Research Publications
 
PPTX
Email sec11
byAthira Asakumar
 
PDF
PBU-Intro_to_PGP
byauremoser
 
PPTX
unit 5.pptxhhhnggjfvbjoohcchvvikbkbkbobh
byHrushikeshDandu
 
PPT
PGP.ppt
byqwerrew1
 
PPTX
BitChat_Seminar_Presentation.pptx sjsjks
byrejimt1004
 
PDF
M.FLORENCE DAYANA/electronic mail security.pdf
byDr.Florence Dayana
 
PPTX
Lattice based Merkle for post-quantum epoch
byDefCamp
 
PPTX
Email security
bykumarviji
 
Using PGP for securing the e-mail
bydavidepiccardi
 
S-MIMEemail-security.ppt
bywitscollege
 
Electronic mail security
byDr.Florence Dayana
 
BAIT1103 Chapter 5
bylimsh
 
computer netwok security Pretty Good Privacy PGP.ppt
byjayaprasanna10
 
Celebrity Cricket League 2016 - http://ccl5.com/
byTania Agni
 
Pgp smime
byTania Agni
 
chapter 15-Network and Security-By-MIT.ppt
byKamranHussainAwan
 
ch15.ppt
bywitscollege
 
ch15.ppt
byssuser6602e0
 
ch15 (1).ppt
bySunilKatkar5
 
New Approach for Keys Distribution Through Publish/Subscribe Protocols
byIJCSIS Research Publications
 
Email sec11
byAthira Asakumar
 
PBU-Intro_to_PGP
byauremoser
 
unit 5.pptxhhhnggjfvbjoohcchvvikbkbkbobh
byHrushikeshDandu
 
PGP.ppt
byqwerrew1
 
BitChat_Seminar_Presentation.pptx sjsjks
byrejimt1004
 
M.FLORENCE DAYANA/electronic mail security.pdf
byDr.Florence Dayana
 
Lattice based Merkle for post-quantum epoch
byDefCamp
 
Email security
bykumarviji
 

Recently uploaded

PPTX
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PDF
final.pdf
byomarbishtawi04
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
PDF
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PPTX
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
final.pdf
byomarbishtawi04
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
Workflow and decision Automation with Flowable
bychakib ch
 
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 

Bitmessage

  • 1.
    Bitmessage:An Analysis Vikram ReddyPareddy CSc 8222 Department of Computer Science, Georgia State University
  • 2.
    Email • SMTP –1981 • Simple Protocol - designed mainly for academic and government use. • No data protection strategies included
  • 3.
  • 4.
    Improvements on SMTP •Sender Policy Framework(SPF) – It is an email validation system that tries to prevent spam by detecting spoofing, by verifying sender’s IP address. The domain administrators are expected to designate hosts in that domain that are legitimate hosts. • Domain Keys Identified Mail(DKIM) – It is a method of associating a domain name to the email message to make someone responsible for the email. This responsibility is set by using digital signatures.
  • 5.
    Secure Email • PGP– 1991 – Phil Zimmerman • It uses signing, encryption, certificates etc. to create secure environments – for email or for encrypted file systems etc. • Public key authentication – decentralized • Web of Trust
  • 6.
  • 7.
    Assumptions in Webof Trust • In order to verify the key, the assumption made is that everyone signs the key of others • Also everyone submits these signatures to the key servers.
  • 8.
  • 9.
    Off the recordmessaging • Cryptographic protocol used to provide strong encryption for instant messaging and email • It uses a combination of AES symmetric key encryption, Diffie-Hellman key exchange, and SHA1 hash function.
  • 10.
    Features of OTRsystems • Encryption • Authentication • Deniable Encryption • Perfect Forward Secrecy
  • 11.
    Invisible Internet Project •Provides a layer that serves secure communication/data transfer mechanism • Introduced in 2003 as a beta software • Not reviewed yet • No anonymity guaranteed
  • 12.
    Issues with protocolsbased on SMTP
  • 13.
    Bitcoin • Open sourcedecentralized Peer to Peer currency • No central authority • Not designed for anonymity • Proof of work • Mining
  • 14.
    Bitmessage • Based onBitcoin, although it is designed to handle a different application • It differs from the protocols based on SMTP as it is based on the concept of EGE or “Everyone Gets Everything” • Using this concept, Bitmessage can not only mask the message body but also the metadata associated with the message i.e. the sender and receiver
  • 15.
    EGE • No endpoints to a message • Encrypt the message and drop it into the block chain of messages • All the active users try to decrypt the message. • Only the intended recipient will be able to decrypt the message.
  • 16.
    Other services ofBitmessage Broadcasting •Since Bitmessage is based on the concept of EGE, broadcasting a message comes naturally •The users have to get the password of the channel from some forum or word of mouth – and then they will be able to decrypt the messages using the password
  • 17.
    Chans •Chans or channelsare anonymous chat rooms •Users can simply encrypt using the public key of the chat room and post it •Completely anonymous
  • 18.
    Perfect Forward Secrecy •An intruder can store all the encrypted conversations and later when he eventually breaks or somehow gets the private key, all the previously encrypted information is lost • This is a concern in almost all the PKI systems • In Bitmessage this concern is even more pronounced as anyone can store the block chains easily
  • 19.
    • Bitmessage doesn’tprovide PFS • However, this can be supported in Bitmessage using and implementation of key rotation • Every message that is sent has to be sent using a new key. These are called ephemeral keys
  • 20.
    Message Retention • InBitmessage, the messages are retained for two days before they are deleted • The sender expects an acknowledgement from the receiver which confirms the delivery of the message • If the receiver doesn’t check his mailbox in two days that the message was sent, the messae is lost and the sender has to send it again This concept is being improved using the Time-to-live concept
  • 21.
    Streams • According toProf. Tom Rodden of Univ of Nottingham, 2.8 million mails are being sent per second across the world. • If Bitmessage is expected to store all these messages, it has to implement some concept compared to the normal block chain used by bitcoin • For this, Bitmessage uses Streams. • Streams are a way to self-segregate the messages when the volume of the messages is too high
  • 22.
    • When thevolume of messages become too high, the client can divide the block chain into child streams • Problem: Inter stream messaging is not possible in Bitmessage. • If the receiver of the message is in a different stream, the sender has to create an address in that other stream in order to send the message.
  • 23.
    Conclusion • Bitmessage completelyredesigns the email system • It is completely anonymous • There are a few issues that still exist such as Perfect Forward Secrecy and the question of scalability
  • 24.
    Future Work • AnMIT graduate has developed a new protocol based on Bitmessage • This message is called Bitmask or Bitmessage 2.0. This protocol uses bandwidth based metrics instead of proof of work • A protocol called LibertyMail is being developed which is again based on Bitmessage system
  • 25.
    Idea • Currently, Bitmessage,like bitcoin in the beginning has only one client, Bitmessage-Qt • This is a standalone client in the system which is used independent of any mail client • The problem with this kind of client is that it downloads all the block chain into the individual system • While this is a hindrance only when downloading the client for the first time, it is still a hindrance
  • 26.
    • Bitcoin overcomesthis hindrance by using a thin client based architecture • Electrum is an example • Electrum has its multiple servers located across the world. • A person who wants to use a bitcoin client can generate the keys on his local machine and send it to the electrum server which posts it onto the block chain
  • 27.
    • Electrum usespassphrase based electrum client that creates deterministic addresses based on the seed value. • The idea of my project is to use a similar architecture in Bitmessage. • Using this architecture, we can still mask the metadata
  • 28.