Hello liberationtech, I present you the first version of Viola: a secure multiparty messaging system.
Viola is currently very far from being user-ready, but it's at a stage that could really benefit from technical feedback, experimentation and code contributions. I posted about it on the moderncrypto [messaging] mailing list, but I'm also posting it here as for greater visibility :) You can find the code repository here: https://github.com/asn-the-goblin-slayer/viola Here are some more details about the protocol and the code as well as some guidelines on how to contribute :) -- The viola protocol: You can find the protocol spec here: https://github.com/asn-the-goblin-slayer/viola/blob/master/viola_spec.txt The primary aim of the viola protocol has been to offer the basic security properties while keeping the protocol easy to understand, analyze and implement. Essentially, everytime I was faced with a design decision I picked the simplest design possible. At its present form, I consider it an educational and experimentation tool for multiparty messaging, but it also has potential to grow into a powerful messaging system. The current protocol offers end-to-end confidentiality of messages as well as entity authentication. It does not offer security properties like deniability or transcript/room consistency yet. The viola protocol does not use a (multiparty) key exchange protocol to generate group encryption keys. Instead the viola protocol uses a room captain and a key transport protocol to ship encryption keys to the room participants. For more information, please read the protocol spec. -- The viola codebase: I decided there would not be much benefit in designing yet another multiparty messaging protocol without first building it to see how well it works. So I implemented a prototype of Viola for use over IRC with Weechat. I used Python and the Weechat python bindings which allowed me to prototype pretty quickly. The current code is far from user-ready and should not be used for anything sensitive. The weechat UX still sucks, and there are dozens of XXXs sprinkled around the code. However the basic functionality seems to work fine and that's what's important at this stage. -- Future steps: I don't have much spare time these days, so I don't know how much time I will have for Viola. Now that I managed to publish the first version of the protocol I'm going to take a step back and wait for feedback and suggestions before acting further. My secret hope is that people will find interest in this project and will submit patches, bug fixes and UX improvements. If you want to help out but you are not sure how, please read TODO.txt or check all those XXXs in the codebase; some are dead simple to solve, some are harder. Also, testing Viola yourself for a few minutes should give you plenty of ideas on things to improve on the UX. On the protocol side, if you take a minute and understand the viola spec, you will realize that it's actually a quite simple protocol with great potential for improvements in every step. If you have a viola improvement in mind, I invite you to hack the spec and the code, and actually implement and test the improvement yourself. If you find a great improvement that works, please let me know! I also hope that more people will help with breaking the protocol, and conducting missing security analysis. For example, please read the "Security discussion" section in the spec and all the XXXs. Furthermore, the current viola codebase works over IRC powered by weechat and Python. However, I actually don't think that Python or Weechat or IRC are necessarily the best tools for this sort of protocol. I'm definitely open to alternative implementations, or extending viola to more chat clients and frameworks. Feel free to use github for any viola patches that I should look at, or use this mailing list thread for any design suggestions you might have. Also, if you are interested in helping, but you are missing required documentation or help to get started, let me know as well. -- Testing viola: If you find this project interesting, please give Viola a try. Read the README file to get started with testing viola. You can test viola on real IRC networks or just setup your own testing IRC server and test it out offline. I've been using hybrid-ircd for local testing which only takes 20 seconds of setup time. You can also create weechat aliases that allow you to join the server, and start viola with just one command. Finally, if you follow the README instructions you will end up in the #viola_test IRC channel of baconsvin. I have parked a room captain there that will accept any room joins, so feel free to join that viola room for testing. -- Acknowledgments As always, Viola would not be here if it was not for the celo crew: joe, ahf and infinity0. --- Have fun playing with Viola and please provide feedback!!! -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
