Technology Stack
Permissionless, DAG, non-SQL database
MystSafe messages are packed into individual blocks which are generated by MystSafe apps, processed by the MystSafe relay nodes, and stored in MystSafe database. It features open read-write access through relay nodes, with content deletion managed via unique garbage collection by these nodes. Data is organized into interconnected blocks and blockchains, concealing any association between users and their data. The database is synchronized between the relay nodes and ensures transmission of messages between users, simultaneous operation of multiple user devices, and recovery of secret records and chat history.
Stealth addresses
MystSafe blocks have stealth addresses that only the recipient of the message can decode. The network does not know where a message is going and who has sent it. The stealth addresses are not linked to any sender’s or recipient’s public addresses. The public addresses never appear in the network database in clear text.
Blockchains
The daily chat message blocks are publicly linked to each other using blockchain technology, but they are not publicly linked to the sender or recipient. The network database consists of multiple blockchains, even more than one per chat as chat blockchains are initiated daily to allow the expiration of older messages. Multiple blockchains enable high scalability.
The chat history has a retention limit period which is defined depending on the license. Both the client apps and the relay nodes delete the message blockchains that belong to the expired portion of the chat daily. The chat history can be restored, if it is still within the retention period, by scanning the database. Unlike many chat apps, MystSafe client apps don't have to be always online to receive the messages and can connect to the network only when communication is needed.
End to end encryption
MystSafe messages are encrypted end to end, which means that only the chat participants can read them. Every chat is encrypted using a unique, randomly generated key pair that is not directly linked to the sender’s or recipient’s address. The encryption keys are generated and used in the client app and never exposed outside of the user's device in clear text.
Digital signatures
Chat messages are signed twice by the sender. The public signature allows the network node to validate the integrity of the messages and blockchains to prevent spoofing and DDOS attacks. The hidden signature, which is encrypted, allows the recipient to authenticate the sender and prevent spoofing.
Ring signatures
A major privacy concern with any paid service is the disclosure of a user's identity through payment details. When a payment is made using privacy-preserving cryptocurrencies such as Monero (XMR) or Zcash (ZEC), the identity of the payer can remain hidden. However, what if the user wishes to pay with a privacy-exposing coin or token, such as Bitcoin, or any other of the 99% of cryptocurrencies? Or even worse, what about payment with a credit card, which solidly links the payment to the user's identity?
MystSafe does not publicly expose payment information. But what if MystSafe's payment records are hacked? And how can the data records, linked through the license key, be decoupled from the payment information that points to user identity?
MystSafe incorporates a special layer of protection. It utilizes cryptographic technologies, such as ring signatures and stealth addresses, to separate the license blocks, issued by MystSafe, from the user accounts. After payment is processed, MystSafe issues a special encrypted block with the account license key, which can only be decrypted by the account owner. This owner finds this block by scanning the license database and looking for a stealth address that matches their account address.
Furthermore, when creating a license proof and attaching it to a new data block, the system employs a ring signature that conceals the actual license block behind multiple 'decoy' license blocks. The ring signature contains one real public license key, which belongs to the user account, and several 'decoy' public keys from other users' license blocks. Since all these license blocks are valid, MystSafe verifies that all the license keys in the ring belong to valid licenses, but it cannot determine which one is the actual user's. Thus, by examining the license and data blocks, it is impossible to discern who created the secrets or messages.
Proof of work
Each block has a small PoW (proof of work) generated by the client before it is allowed to broadcast a new message to the network. PoW data has a time-sensitive dependency element to prevent replay and pre-generated DDOS attacks.
Environmental keyless encryption (beta)
Application Secrets (Beta) are secured using environmental encryption, without hardcoded credentials or cryptographic keys.
Last updated