Diving deep into
A closer look at its internals
at XMPP Meetup Berlin on October 13, 2021, by Nico Alt (nico.dorfbrunnen.eu)
Briar
“A messaging app designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate”
[0]
Briar
“If the internet’s down, Briar can sync via Bluetooth or Wi-Fi, keeping the information flowing in a crisis.”
[0]
Briar
“If the internet’s up, Briar can sync via the Tor network, protecting users and their relationships from surveillance.”
[0]
Private Chats
Private Groups
Forums
Blogs
RSS
See the Briar User Manual
[1]
for more information
Centralized
Federated
Peer-to-Peer
Mesh Networks
Multi-hop social mesh
[2]
Public mesh
[3]
Also see "Confronting Briar with disasters"
[5]
Architecture
- Inspired by pre-Internet protocols like UUCP, Usenet and FidoNet
- Operates over both low-latency and high-latency simplex and duplex links
- 2 modes: interactive and batch modes
Crypto Basics
Diffie-Hellman
Meeting up
Bramble QR Code Protocol
[11]
Bramble QR Code Protocol
[11]
- QR code: commitment to public key and transport properties
- Screens and cameras
- Short-range bidirectional transport
- Diffie-Hellman
Doing Rendezvous
Bramble Rendezvous Protocol
[12]
Bramble Rendezvous Protocol
[12]
- briar:// links instead of QR codes
- briar://f011b235 ≠ f011b235.onion
Bramble Rendezvous Protocol
[12]
- Discovery protocol for peer-to-peer networks
- Based only on public keys
- No network addresses etc.
- Pseudo-random contact details
- Currently uses Tor hidden services
- Diffie-Hellman
Shaking Hands
Bramble Handshake Protocol
[13]
Bramble Handshake Protocol
[13]
- Via connection made by BRP
- Establish ephemeral shared key
- Diffie-Hellman
Doing Logistics
Bramble Transport Protocol
[14]
Bramble Transport Protocol
[14]
- Secure channel with confidentiality, integrity, authenticity and forward secrecy
- Wide range of underlying transports
- No timeouts, handshakes or plaintext headers
- Usable with traffic analysis prevention techniques
- No anonymity, unlinkability or unobservability -> uses Tor
Bramble Transport Protocol
[14]
- "Provides forward secrecy even for transports where one of the peers can only send and the other can only receive." [14]
- "It can be used on transports with very high latency, such as disks sent through the mail." [14]
- Time-based key management protocol
Time-based key management protocol
- Time divided into numbered periods
- Period length: D + L seconds
- D is time difference between devices
- L is maximum expected latency
- Stores last, current and next period's keys
Wire protocol
- Pseudo-random tag
- Stream header with ephemeral cipher key
- One or more frames
Cryptographic Algorithms
Authenticated Encryption:
XSalsa20/Poly1305
Hash and MAC:
BLAKE2b
Signatures:
Ed25519
Key Agreement:
Curve25519
Synchronizing
Bramble Synchronisation Protocol
[15]
Bramble Synchronisation Protocol
[15]
- Each device has set of peers
- Devices can be part of groups
- Groups contain message graphs
- Messages can be shared or deleted
- Each group belongs to a client
Open Problems
More and high-quality attachments
More fundamental problems
[16]
Upcoming Solutions
Collecting and sending messages while you're offline (could enable iOS client)
New transport: removable drives
Sharing app offline
Desktop program
[8]
Desktop program
[8]
- Kotlin and Compose for Desktop
- Directly uses Briar's Java API
- Windows, macOS and Linux
- In future: share UI components with Android and iOS?