How Does this Messaging App Work?

Two Steps Away from Being Unhackable
To ensure your safety, Vernam IM has none of its own servers.
That`s why it uses a user's Dropbox folder for the message transmission.

It's safe, easy, and always user-controllable.
To ensure your safety, Vernam IM has none of its own servers.
That`s why it uses a user's Dropbox folder for the message transmission.

It's safe, easy, and always user-controllable.
This messaging system is fully independent on the app developer
and is always user-controlled.
Independent private messaging
Independent private messaging
There are only two steps to make all your messaging independent and unhackable

Step 1
If you are a chat creator, then create a free Dropbox
account or use an existing account.

If you were invited to chat, you don't need to have
a Dropbox account.

To create a chat, the creator should connect
to Dropbox and login.

All other settings will be done automatically.

Step 1
If you are a chat creator,
then create a free Dropbox account
or use an existing account.

If you were invited to chat,
you don't need to have
a Dropbox account.

To create a chat, the creator
should connect to Dropbox and login.

All other settings
will be done automatically.

Step 2
To start, you'll have to have one face-to-face meeting with your chat partner to exchange the encryption keys that you created.

Your partner must scan the QR code from your phone screen.

And that's all! You can start communicating.

Step 2
To start, you'll have to have
one face-to-face meeting with
your chat partner to exchange
the encryption keys that you created.

Your partner must scan the QR code
from your phone screen.

And that's all! You can start
communicating.

If you would like to learn more, read on!
If you would like to learn
more, read on!
THE DELIVERY SYSTEM

Delivery System Implementation.


There are many protocols for secure messaging.
Each of them uses it's own infrastructure (set of servers and software).
Infrastructure is worth the money.

For example, Pavel Durov (owner of Telegram) spends more than
$1 million a month (source) a sum he says is
"bearable for the foreseeable future"— but not forever.
Thus, you, as a Telegram user, cannot be sure that Telegram will work tomorrow.

Durov may lose interest in this, or accept Buddhism, or he may run out of money.

Vernam IM uses third - party cloud service for private messaging.
Namely DropBox.

It has an API for access from mobile devices.
Vernam IM only writes and reads messages to/from your folder in
your DropBox account.
All synchronization is made by cloud service:
- It is simple and easy.
- It's very reliable.
- It does not cost anything.
- It's fast (2-3 seconds).
- No other infrastructure is needed.

That is why Vernam IM does not require any registration.
We do not collect or process any personal data of users.

Users can use existing DropBox account or
create a new one for free.

User has to create a new contact manually.
Contact's data requires only user's and subscriber's nicknames.

Then this data is sent (via QR code) to your friend's device.
Then you and your friend can read and write messages from/to this DropBox account.

Using a Dropbox will give you the following benefits:
- No spam and ads;
- Protection inherent in cloud services;
- It can not be blocked (like Telegram in Russia);
- It can not be out of service;
- For an outside observer it looks like a regular file exchange
and not a conversation.
THE ENCODING - DECODING SYSTEM
Encoding - Decoding System Implementation.

Vernam IM is another implementation of the well-known One Time Pad algorithm.
The main questions about OTP (Vernam) are the following:

Key distribution.

Here's the step-by-step explanation.
Step 1.
A Blum-Blum-Shub generator is used to generate a long sequence
of pseudo-random numbers. This algorithm is well - studied and
crypto-resistant.
Vernam IM generates parameters for this algorithm (P)

Step 2.
Vernam IM asks users to draw some curves on the screen.
As a result, we have a sequence of true random numbers (TRN).

Step 3.
Vernam IM creates a string of parameters consisting of P and TRN
and converts it into a QR code.

Step 4.
The second user scans the QR code during an in-person meeting.

Step 5.
On both devices the Blum-Blum-Shub generator generates a long
sequence of pseudo-random numbers (PRN) using P.

Step 6.
On both devices we modify PRN with TRN using a certain algorithm.
As a result, we have a long sequence of PRN modified with TRN. This sequence
is used as a source for one-time pads.

Authentication.

According to Wikipedia, authentication is needed in situations where an
attacker knows that the message contains some text known to him or her.

This situation is impossible in our case.

True randomness.

By definition, all hardware generators are true random number generators,
and software generators are pseudo-random.

However, there is no way to distinguish true random numbers from pseudo-random numbers from two given sequences if you do not know how
they were generated.
Just ask Google.

In this work, we can read:
"More specifically, the conjectured guarantee about this random number generator
is the following: If you present a polynomial time adversary
with two sequences:
1. A truly random sequence of bits of length k,
2. K bits from the output of the pseudorandom generator when seeded
with a starting state shorter than k bits.
Then the adversary can't distinguish between the two sequences
with probability "significantly" more than ½…

This emphasizes a deep philosophical viewpoint in theoretical computer science,
that whether some object has a property (randomness) really only depends
on the power of a computationally limited observer to identify that property.
If nobody can tell the difference between fake randomness and real randomness,
then the fake randomness is random."

In our case we do not use PRN sequence, but rather PRN modified with TRN.
Thus, we can state that our sequence of numbers is (at least) very close
to the sequence of true random numbers.

If you wish to oppose, then simply list the criteria by which you will be able
to distinguish our sequence from a sequence of true random numbers.

And finally, please keep in mind the following:
1. According to this work the Vernam cipher is robust to small deviations
of randomness.
2. In this article, randomness is defined through unpredictability.
According to this work, the Blum-Blum-Shub PRBG is an unpredictable
(cryptographic secure) generator.
THE DELIVERY SYSTEM

Delivery System Implementation.


There are many protocols
for secure messaging.
Each of them uses it's own infrastructure
(set of servers and software).
Infrastructure is worth the money.

For example, Pavel Durov
(telegram owner) spends more than
$1 million a month (source) a sum
he says is "bearable for the
foreseeable future"— but not forever.
Thus, you, as a Telegram user,
cannot be sure that Telegram will
work tomorrow.

Durov may lose interest in this,
or accept Buddhism, or he may
run out of money.

Vernam IM uses third - party
cloud service for private messaging.
Namely DropBox.
It has an API for access from mobile
devices. Vernam IM only writes and
reads messages to/from your folder in
your DropBox account..
All synchronization is made
by cloud service:
- It is simple and easy.
- It's very reliable.
- It does not cost anything.
- It's fast (2-3 seconds).
- No other infrastructure is needed.

That is why Vernam IM doesn`t
require any registration.
We do not collect or process any
personal data of users.

Users can use existing
DropBox account or
create a new one for free.

User has to create a new
contact manually.
Contact's data requires only
user's and subscriber's nicknames.

Then this data is sent (via QR code)
to your friend's device.
Then you and your friend can read
and write messages from/to
this Dropbox account.

Using a Dropbox will give
you the following benefits:
- No spam and ads,
- Protection inherent in cloud services,
- It can not be blocked
(like Telegram in Russia),
- It can not be out of service,
- For an outside observer it looks
like a regular file exchange
and not a conversation.
THE ENCODING - DECODING
SYSTEM

Encoding - Decoding
System Implementation.

Vernam IM is another implementation
of the well-known One Time Pad algorithm.
The main questions about OTP
Vernam) are the following:

Key distribution.

Here's the step-by-step explanation.
Step 1.
A Blum-Blum-Shub generator is
used to generate a long sequence
of pseudo-random numbers.
This algorithm is well - studied and
crypto-resistant.
Vernam IM generates parameters
for this algorithm (P)

Step 2.
Vernam IM asks users to draw
some curves on the screen.
As a result, we have a sequence
of true random numbers (TRN).

Step 3.
Vernam IM creates a string of
parameters consisting of P and
TRN and converts it into a QR code.

Step 4.
The second user scans the
QR code during an in-person meeting.

Step 5.
On both devices the Blum-Blum-Shub
generator generates a long
sequence of pseudo - random
numbers (PRN) using P.

Step 6.
On both devices we modify
PRN with TRN using a certain algorithm.
As a result, we have a long
sequence of PRN modified with TRN.
This sequence is used as a source
for one-time pads.

Authentication.

According to Wikipedia,
authentication is needed in
situations where an attacker
knows that the message contains
some text known to him or her.

This situation is impossible in our case.

True randomness.

By definition, all hardware
generators are true random number
generators, and software generators
are pseudo-random.

However, there is no way to
distinguish true random numbers
from pseudo-random numbers
from two given sequences if you
do not know how they were generated.
Just ask Google.

In this work, we can read:
"More specifically, the conjectured
guarantee about this random number
generator is the following:
If you present a polynomial time
adversary with two sequences:
1. A truly random sequence
of bits of length k;
2. K bits from the output
of the pseudorandom generator
when seeded with a starting state
shorter than k bits.
Then the adversary can't distinguish
between the two sequences with
probability "significantly" more than ½…

This emphasizes a deep philosophical
viewpoint in theoretical computer science,
that whether some object has a property
(randomness) really only depends on
the power of a computationally limited
observer to identify that property.
If nobody can tell the difference between
fake randomness and real randomness,
then the fake randomness is random."

In our case we do not use PRN sequence,
but rather PRN modified with TRN.
Thus, we can state that our sequence
of numbers is (at least) very close
to the sequence of true random numbers.

If you wish to oppose, then simply list
the criteria by which you will be able
to distinguish our sequence from
a sequence of true random numbers.

And finally, please keep in mind
the following:
1. According to this work
the Vernam cipher is robust
to small deviations of randomness.
2. In this article, randomness is defined
through unpredictability.
According to this work, the Blum-Blum-Shub
PRBG is an unpredictable
(cryptographic secure) generator.