Ima-Hub utilizes signal protocol for security of communication between users
Send / receive microservice
The send / receive microservice is responsible to HUB for sending and receiving encrypted messages and files to and from end users. In order to start the connection with the sending / receiving microservice, it is necessary to be registered in the HUB.
The send / receive microservice ensures the privacy of user data using end-to-end state-of-the-art Signal Protocol-based encryption (https://signal.org/). Conversations are safe for everyone. HUB itself does not have the ability to penetrate user data.
Signal Protocol
The Signal Protocol is a non-federated cryptographic protocol that can be used to provide end-to-end encryption for voice calls and instant messaging conversations. The protocol was developed by Open Whisper Systems in 2013 and was first introduced in the open-source TextSecure app, which later became Signal.
The protocol provides confidentiality, integrity, authentication, participant consistency, destination validation, forward secrecy, post-compromise security (aka future secrecy), causality preservation, message unlinkability, message repudiation, participation repudiation, and asynchronicity. It does not provide anonymity preservation and requires servers for the relaying of messages and storing of public key material.
Several messaging applications have implemented the protocol, such as WhatsApp, Google messages app who provides end-to-end encryption to all RCS-based conversations, Facebook Messenger for optional Secret Conversations and Skype for its Private Conversations.
The protocol combines the Double Ratchet algorithm, prekeys, and a triple Elliptic-curve Diffie–Hellman (3-DH) handshake, and uses Curve25519, AES-256, and HMAC-SHA256 as primitives.
HUB encryption protocols
The XEdDSA and VXEdDSA signature schemes will be used to create and verify EdDSA-compatible signatures using public and private key formats originally defined for the Diffie-Hellman X25519 and X448 elliptic curve functions.
The Extended Triple Diffie-Hellman Key Protocol, also known as the X3DH, is a shared secret key generation protocol with mutual key-based party authentication. X3DH will create a common secret key between two parties that authenticate each other based on public keys.
Double Ratchet is a key management algorithm. It will be used to exchange encrypted messages based on a shared secret key. The parties will generate new Double Ratchet keys for each message.
The Sesame algorithm will be used to manage the asynchronous transmission of encrypted messages.