The Signal Technology Foundation, which develops the Signal secure communications system, has resumed publishing the code for the server parts of the messenger. The project code was originally opened under the AGPLv3 license, but the publication of changes in the public repository was stopped without explanation on April 22 last year. The repository update stopped after the announcement of the intention to integrate the payment system into Signal.
Signal's built-in payment system, based on its own MobileCoin (MOB) cryptocurrency, developed by Moxie Marlinspike, author of the Signal protocol, began testing recently. At about the same time, changes in the server components accumulated over the year were published in the repository, including those including the implementation of the payment system.
The MobileCoin cryptocurrency is designed to build a mobile payment network that ensures user privacy. User data remains only in their hands and Signal developers or infrastructure element administrators cannot access money, user balance data and transaction history. The payment network does not have a single point of control and is based on the idea of ββfractional ownership, the essence of which is that all network funds are formed as a set of individual shares that can be exchanged. The total amount of funds in the network is fixed at 250 million MOB.
MobileCoin is based on the blockchain, which stores the history of all successful payments. To confirm ownership of the funds, you must have two keys - a key to transfer funds and a key to view the status. For most users, these keys can be derived from the shared underlying key. To receive a payment, the user must provide the sender with two public keys corresponding to the available private keys used to send and verify ownership of the funds. Transactions are generated on the user's computer or smartphone, and then transferred to one of the nodes that have the status of a validator for processing in an isolated enclave. Validators validate the transaction and share the information about the transaction on a chain (peer to peer) with other nodes from the MobileCoin network.
Data can only be transmitted to nodes that have cryptographically confirmed the use of the unmodified MobileCoin code in the enclave. Each isolated enclave replicates a state machine that adds valid transactions to the blockchain, using the MobileCoin Consensus Protocol to confirm payments. Nodes can also take on the role of full validators, which additionally form and place a public copy of the computed blockchain in content delivery networks. The resulting blockchain does not contain information that allows you to identify a user without knowing his keys. In the blockchain, there are only identifiers calculated based on the user's keys, encrypted data about the funds and metadata for integrity control.
To ensure integrity and protection against data corruption, a Merkle Tree tree structure is used in which each branch verifies all underlying branches and nodes through joint (tree) hashing. Having a final hash, the user can verify the correctness of the entire history of operations, as well as the correctness of the past states of the database (the root verification hash of the new state of the database is calculated taking into account the past state).
In addition to the validators, the network also has Watcher nodes that verify the digital signatures that the validators attach to each block in the blockchain. Watcher nodes constantly monitor the integrity of the decentralized network, maintain their own local copies of the blockchain, and provide an API for wallet applications and exchange clients. The validator and the observing node can be launched by anyone, for this, the corresponding services, enclave images for Intel SGX and the mobilecoind daemon are distributed.
The creator of Signal explained the idea of ββintegrating cryptocurrency into the messenger with the desire to provide users with an easy-to-use payment system that protects privacy, similar to how the Signal messenger ensures the security of communication. Bruce Schneier, a well-known expert in the field of cryptography and computer security, criticized the actions of the Signal developers. Schneier believes that putting all your eggs in one basket is not the best solution, and the point is not at all that this leads to bloat and complexity of the program, and not even the doubtful use of the blockchain, and not an attempt to tie Signal to one cryptocurrency.
The key problem, according to Schneier, is that adding a payment system to an end-to-end encryption application creates additional threats associated with increased interest from various intelligence agencies and government regulators. Secure communications and secure transactions could well be implemented by separate applications. Applications with implementations of strong end-to-end encryption are already under attack, and it is dangerous to further increase the degree of confrontation - when the functionality is combined, the impact on the payment system will pull the end-to-end encryption functionality with it. If one part dies, the whole system dies.
Source: opennet.ru