We originally wanted to make something with as many meme technologies as possible. This eventually led to the "dumbest-smart idea" or the "smartest-dumb idea" ever made.
What it does
Forest is a"hyper secure" text messaging system. There are several layers of security created though encryption, as well as security created through user anonymity and the decentralized delivery in network architecture. Forest has the potential to be used in situations where user's need complete anonymity and network reliability, such as those under highly censored governments.
When a user writes a message, the following happens:
- A 256-bit key is created.
- Key is RSA encrypted with the recipient's public key.
- Program waits an arbitrary amount of time to prevent cryptographic timing attacks
- The original key (#1) is used to AES-256 encrypt the written message.
- Once again, the program waits to prevent cryptographic timing attacks
- A 64-bit cryptographic salt is generated
- A parent hash is obtained from the 'adoptive' parent block from the "Block Pool" (see below)
- The following data is gathered and set into a block struct's data fields.
- Encrypted key (#2)
- Encrypted message (#4)
- Salt (#6)
- Parent block hash (#7)
- The same data from #8 is strung together, and hashed with SHA3-512. This hash is set as the block struct's "Block ID"
- A block pepper is generated for memes and set alongside the block data. It is never used again.
For the network operations, the networking code is intended to do the following:
- (on client start, a server listener is started)
- When the listener server receives a message, an acceptor function goroutine is started
- The received block is destrung and matched against a list of known hashes (block ID's). This process is done to prevent blocks from being passed around a network indefinitely.
- If the block ID is known, the block is discarded
- If it is new, the ID is written to the list and passed to the forwarder function
- The forwarder function passes the block to the block pool
- The forwarder function scans a file containing a list of other known clients on the network (which contains their addresses)
- For each client on the list, the block is passed to a sender function which delivers the messages across the network.
- Program returns to the forwarder function, which attempts decryption of the message after. If the decryption is good, it delivers the message to frontend for delivery.
Delivering the message across the entire network is a layer of security in itself. Since everyone receives the message, it is impossible for attackers to determine who specific recipients are through monitoring network traffic.
In order to prevent blocks from competing for parents, a pool of 1000 parent candidate hashes is kept. All of these candidate hashes were sent by this client at least one hour prior, allowing the entire network to receive blocks before they begin to be added to block pools.
In order to select a parent hash
- The blocks encrypted message is hashed
- The hash is placed into a list with all the other hashes in the block pool
- The list is sorted lexicographically
- The element which comes after encrypted message hash is chosen as the parent hash.
- If the encrypted message's hash is the _ last _ on the sorted list, the element before the encrypted message's hash is chosen
Challenges we ran into
At first, we had no idea what we were doing. And we wanted to use a language none of us have ever used before.
Connecting the network between clients was tough due to configurations in addressing. We found it was also impossible to connect to clients on different networks due to router firewalling. This issue could possibly be solved later with VPN's
A challenge in creation of the blockpool was comparing the encrypted message hash between the other hashes in the block pool. We had a hacky solution to sort the hashes, then simply select one of the hashes ordered next to it.
We did not understand which block modes to use for AES, so (Ryan) had to do a lot of research to choose one.
On the front end, we found it difficult to connect all of the functions to the user interface, simply because there were so many.
Separately, the network, frontend, and block/blockpool work on their own. Our greatest challenge was connecting them all together, which has been partially done at this time.
What we learned
None of us have used Go before. So we all learned how to use a new programming language. We also learned a lot about cryptography, networking, and cyber security in doing research for this project. Most of all, we had fun