Diving deep into

A closer look at its internals

at XMPP Meetup Berlin on October 13, 2021, by Nico Alt (nico.dorfbrunnen.eu)


“A messaging app designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate”



“If the internet’s down, Briar can sync via Bluetooth or Wi-Fi, keeping the information flowing in a crisis.



“If the internet’s up, Briar can sync via the Tor network, protecting users and their relationships from surveillance.


Private Chats

Screenshot of Briar's private chats

Private Groups

Screenshot of Briar's private groups


Screenshot of Briar's forums


Screenshot of Briar's blogs


Screenshot of Briar's RSS feeds

See the Briar User Manual [1] for more information


Graph of a centralized network


Graph of a federated network


Graph of a peer-to-peer network

Mesh Networks

Single-hop social mesh


Multi-hop social mesh [2]

Public mesh [3]

Security slider in Tor Browser

Also see "Confronting Briar with disasters" [5]


Briar's architecture
  • Inspired by pre-Internet protocols like UUCP, Usenet and FidoNet
  • Operates over both low-latency and high-latency simplex and duplex links
  • 2 modes: interactive and batch modes
Bramble protocols

Crypto Basics

Symmetric encryption

Asymmetric encryption


Analogy to DH with colors

Meeting up

Bramble QR Code Protocol [11]

Two smartphones showing QR codes

Bramble QR Code Protocol [11]

  • QR code: commitment to public key and transport properties
  • Screens and cameras
  • Short-range bidirectional transport
  • Diffie-Hellman

Doing Rendezvous

Bramble Rendezvous Protocol [12]

Bramble Rendezvous Protocol [12]

  • briar:// links instead of QR codes
  • briar://f011b235 ≠ f011b235.onion
Briar users in Tor network

Bramble Rendezvous Protocol [12]

  • Discovery protocol for peer-to-peer networks
  • Based only on public keys
  • No network addresses etc.
  • Pseudo-random contact details
  • Currently uses Tor hidden services
  • Diffie-Hellman

Shaking Hands

Bramble Handshake Protocol [13]

Bramble Handshake Protocol [13]

  • Via connection made by BRP
  • Establish ephemeral shared key
  • Diffie-Hellman

Doing Logistics

Bramble Transport Protocol [14]

Bramble Transport Protocol [14]

  • Secure channel with confidentiality, integrity, authenticity and forward secrecy
  • Wide range of underlying transports
  • No timeouts, handshakes or plaintext headers
  • Usable with traffic analysis prevention techniques
  • No anonymity, unlinkability or unobservability -> uses Tor

Bramble Transport Protocol [14]

  • "Provides forward secrecy even for transports where one of the peers can only send and the other can only receive." [14]
  • "It can be used on transports with very high latency, such as disks sent through the mail." [14]
  • Time-based key management protocol

Time-based key management protocol

  • Time divided into numbered periods
  • Period length: D + L seconds
  • D is time difference between devices
  • L is maximum expected latency
  • Stores last, current and next period's keys

Wire protocol

  • Pseudo-random tag
  • Stream header with ephemeral cipher key
  • One or more frames

Cryptographic Algorithms

Authenticated Encryption:


Hash and MAC:




Key Agreement:



Bramble Synchronisation Protocol [15]

Bramble Synchronisation Protocol [15]

  • Each device has set of peers
  • Devices can be part of groups
  • Groups contain message graphs
  • Messages can be shared or deleted
  • Each group belongs to a client

Open Problems

Need to be always online


More and high-quality attachments

More fundamental problems [16]

Upcoming Solutions

Mailbox [6] [7]

Collecting and sending messages while you're offline (could enable iOS client)

Scheme explaining Mailbox

New transport: removable drives

A SD card attached to a pigeon

Sharing app offline

Graph with many potential Briar clients

Desktop program [8]

Briar Desktop

Desktop program [8]

  • Kotlin and Compose for Desktop
  • Directly uses Briar's Java API
  • Windows, macOS and Linux
  • In future: share UI components with Android and iOS?

Sponsored by BMBF Germany      Sponsored by Prototype Fund

Thanks for listening!


  1. https://briarproject.org/how-it-works/
  2. https://briarproject.org/manual/
  3. https://code.briarproject.org/briar/briar/-/issues/1816
  4. https://code.briarproject.org/briar/briar/-/issues/1817
  5. https://code.briarproject.org/briar/briar/-/issues/972
  6. https://nico.dorfbrunnen.eu/posts/2021/briar-disaster/
  7. https://code.briarproject.org/briar/briar-mailbox
  8. https://code.briarproject.org/briar/briar/-/wikis/Mailbox-Architecture
  9. https://code.briarproject.org/briar/briar-desktop
  1. https://code.briarproject.org/briar/briar/-/wikis/A-Quick-Overview-of-the-Protocol-Stack
  2. https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BQP.md
  3. https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BRP.md
  4. https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BHP.md
  5. https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md
  6. https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BSP.md
  7. https://code.briarproject.org/briar/briar/-/wikis/Fundamental-Problems
  8. https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange#/media/File:Diffie-Hellman_Key_Exchange.svg
  9. https://github.com/grote/reveal.js (several images and slides)

Slides at nico.dorfbrunnen.eu/assets/posts/2021/diving-at-xmpp/presentation