BitTorrent introduces secure, serverless messaging system
Back in September, the company behind the BitTorrent P2P protocol and the BitTorrent and μTorrent file-sharing software announced that they have started working on BitTorrent Chat, a serverless messaging system that will allow users to talk to their friends using P2P.
“The primary weakness that we see in the available communications platforms is that they all rely on some central server to route and store all of your communication. Even if your provider can deliver industry-standard security, they cannot provide you with any kind of assurance that your communication is private. All it takes is the right (or wrong) person gaining access to your provider’s central servers, and your privacy evaporates,” explained Abraham Goldoor, software engineer on the BitTorrent Chat team, adding that they realised they were “uniquely qualified” to build a different platform.
Goldoor finally lifted the veil a bit and explained how BitTorrent Chat will work:
With BitTorrent Chat, there aren’t any “usernames” per se. You don’t login in the classic sense. Instead, your identity is a cryptographic key pair. To everyone on the BitTorrent Chat network at large, you ARE your public key. This means that, if you want, you can use Chat without telling anyone who you are. Two users only need to exchange each other’s public keys to be able to chat.
Using public key encryption provides us with a number of benefits. The most obvious is the ability to encrypt messages to your sender using your private key and their public key. But in public key encryption, if someone gains access to your private key, all of your past (and future) messages could be decrypted and read. In Chat, we are implementing forward secrecy. Every time you begin a conversation with one of your contacts, a temporary encryption key will be generated. Using each of your keypairs, this key will be generated for this one conversation and that conversation only, and then deleted forever.
To “translate” a public key into an IP address, the system will use a distributed hash table (DHT). To make this system secure, they have updated their DHT protocol to support encryption.
It’s unknown when the system will be officially available to the general public, but users can try it out by signing up for the private alpha test version.