BitTorrent, the company behind the popular file sharing protocol with the same name, is developing a secure chat application that will encrypt all communications between users and won't use any central server to route messages.
The company announced that it planned to develop the secure messaging product, called BitTorrent Chat, in September. However, at that time there were no technical details available about it's possible implementation.
The product is still far from a stable release, but the BitTorrent developers have made progress since the original announcement and revealed more about the program's architecture in a series of blog posts Thursday.
The most fundamental difference compared to many existing chat programs is that BitTorrent Chat won't rely on a central server to deliver messages from the sender to their recipients. The encryption will be done directly among clients, not between the clients and a server.
Chat applications that rely on centralized, cloud-based servers are vulnerable to hackers or "NSA's dragnet surveillance sweeps," Christian Averill, BitTorrent's director of communications said in a blog post. "While we're hearing legislative calls to curb domestic spying, and corporate assurances regarding user privacy, we can't rely on these systems. Statements like 'just because we can, doesn't mean we should' don't guarantee user privacy."
In the absence of a central server to route messages between users, BitTorrent Chat users will find each other through the same mechanism that many BitTorrent clients use to locate file-sharing peers -- a Distributed Hash Table (DHT).
"In essence, the DHT is a web of peers cooperating," Abraham Goldoor, a software engineer on the BitTorrent Chat team explained in a separate blog post. "You ask your closest neighbor if they know of the person you are looking for. You then ask their neighbors, and their neighbors' neighbors, and so on. Eventually, you'll get to a peer (neighbor) who knows the address of the person you're looking for. They return this address to you. This is done in such a way that only you know who you are looking for."
In order to accommodate BitTorrent Chat's requirements, the DHT protocol itself has been updated to support encryption.
With BitTorrent Chat users will be identified by their public keys, which is part of a public-private key pair used for encrypted communications. Two users only need to exchange their public keys with each other to be able to chat securely.
Since there will be no traditional usernames and users will be identified by their keys, the infrastructure will also provide some level of anonymity.
However, even when used directly between users and not between users and a central server, public-key-based encryption does not protect against all types of attacks. For example, in most common implementations, if a private key is stolen, it can be used to decrypt all past and future messages encrypted with its corresponding public key.
To counter that, the BitTorrent Chat developers will implement a cryptographic feature known as forward secrecy. "Every time you begin a conversation with one of your contacts, a temporary encryption key will be generated," Goldoor said. "Using each of your keypairs, this key will be generated for this one conversation and that conversation only, and then deleted forever."
BitTorrent Chat is still in alpha stages of development, but users can apply to become early testers.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.