Every secure instant messenger has to implement two systems:
1. The encoding-decoding system
2. The delivery system


Encoding-decoding system implementation.

Vernam IM is another implementation of the well-known One Time Pad algorithm.
The main questions about OTP (Vernam) are the following:



Key distribution.

Here's the step-by-step explanation.
Step 1.
A Blum-Blum-Shub generator is used to generate a long sequence of pseudo-random numbers. This algorithm is well - studied and crypto-resistant.
It requires 3 prime numbers as a parameter.
Vernam IM selects them from one million prime numbers stored in it's database.
AS a result we have P = {P1, P2, P3}
Step 2.
Vernam IM asks users to draw some curves on the screen. Each point has X and Y coordinates. . This creates the equation S = X + Y. If S is an even number, then we put 0 in the sequence. If S is an odd number, then we put 1 in the sequence. As a result, we have a sequence of true random numbers (TRN).
Step 3.
Vernam IM creates a string of parameters consisting of P and TRN and converts into a QR code.
Step 4.
The second user scans the QR code during an in-person meeting.
Step 5.
On both devices the Blum-Blum-Shub generator generates a long sequence of pseudo - random numbers (PRN) using P.
Step 6.
On both devices we modify PRN with TRN using a certain algorithm.
As a result,we have a long sequence of PRN modified with TRN. This sequence is used as a source for one - time pads.
Note.
We are aware of this US patent.
Our method is different from that which is described in this patent.


Authentication.

According to Wikipedia, authentication is needed in situations where an attacker knows that the message contains some text known to him or her.
This situation is impossible in our case.
We take care to avoid predictable situations ("Hello" in the beginning of the message, etc.).
If the length of the message is less than 10 characters, then we add spaces to the right or left of the message with a probability of 50%.


True randomness.

By definition, all hardware generators are true random number generators, and software generators are pseudo-random.

However, there is no way to distinguish true random numbers from pseudo-random numbers from two given sequences if you do not know how they were generated. Just ask Google.

The situation is much like the situation described by Mark Twain in "Concerning Tobacco":
"The next superstition is that a man has a standard of his own. He hasn't. He thinks he has, but he hasn't. He thinks he can tell what he regards as a good cigar from what he regards as a bad one — but he can't. He goes by the brand, yet imagines he goes by the flavor. One may palm off the worst counterfeit upon him; if it bears his brand, he will smoke it contentedly and never suspect."

But let's be serious.

In this work, we can read:
"More specifically, the conjectured guarantee about this random number generator is the following: If you present a polynomial time adversary with two sequences:
1. a truly random sequence of bits of length k,
2. k bits from the output of the pseudorandom generator when seeded with a starting state shorter than k bits. Then the adversary can't distinguish between the two sequences with probability "significantly" more than ½…
This emphasizes a deep philosophical viewpoint in theoretical computer science, that whether some object has a property (randomness) really only depends on the power of a computationally limited observer to identify that property. If nobody can tell the difference between fake randomness and real randomness, then the fake randomness is random."
In our case we do not use PRN sequence, but rather PRN modified with TRN.
Thus, we can state that our sequence of numbers is (at least) very close to the sequence of true random numbers.
If you wish to oppose, then simply list the criteria by which you will be able to distinguish our sequence from a sequence of true random numbers.
And finally, please keep in mind the following:
1. According to this work the Vernam cipher is robust to small deviations of randomness.
2. In this article, randomness is defined through unpredictability. According to this work, the Blum-Blum-Shub PRBG is an unpredictable (cryptographic secure) generator.


Delivery system implementation.

There are many protocols for messaging.
Each of them uses it's own infrastructure (set of servers and software).
Infrastructure is worth the money.
For example, Pavel Durov (owner of Telegram) spends more than $1 million a month (source) a sum he says is "bearable for the foreseeable future"— but not forever.
Thus, you, as a Telegram user, cannot be sure that Telegram will work tomorrow.
Durov may lose interest in this, or accept Buddhism, or he may run out of money.
Vernam IM uses third - party cloud services for messaging.
Namely Microsoft OneDrive and DropBox.
They have an API for the public folder mechanism.
Vernam IM only writes and reads messages to/from shared folders. All synchronization is made by cloud service.
It is simple and easy.
It's very reliable.
It does not cost anything.
It`s fast (2-3 seconds).
No other infrastructure is needed.
That is why Vernam IM does not require any registration.
We do not collect or process any personal data of users.
Users can use existing OneDrive/DropBox accounts or create a new one for free.
To invite a friend,a user has to create a shared folder in his/her OneDrive/DropBox account. The invited friend has to accept the invitation and add the shared folder to his/her OneDrive/DropBox account. These actions are committed outside the application.
Then the user has to create a new channel in the application.
Vernam IM requires you to select a cloud service (OneDrive or DropBox) and select the shared folder that you created earlier.
Then this data is sent (via QR code) to your friend's device.
Then you and your friend can read and write messages from/to this shared folder.
Using shared folders will give you the following benefits:
- No spam and Ads,
- Protection inherent in cloud services,
- It can not be forbidden (like Telegram in Russia),
- It can not be out of service,
- For an outside observer it looks like a regular file exchange and not a conversation.
Made on
Tilda