| On the other hand, setting up https is a different skill set from the types of distributed systems that Umbra is trying to be, and I still find it to be confusing even though things like Let's Encrypt have made the process a lot easier. Still, I've been around the space for a long time and I don't remember hearing too much about the Umbra project before today. That's usually a bad sign, especially given that they don't have a whitepaper. There are a few major problems that slaughter projects like this: 1. They don't respect scalability constraints. 2. They don't actually understand what it takes to achieve privacy. 3. They don't realize that they've set up a centralized system. 4. They don't understand a lot of things about decentralization. This stuff is hard. The only whitepaper I could find for the whole system was for ShadowChat, which says they use AES-256-CBC to encrypt the chat. AES is a symmetric encryption algorithm, and a strange choice for a chat protocol. Furthermore, CBC is not great at hiding patterns, and chat will often have a lot of patterns. Not necessarily going to cause problems, but it's another decision that I think is pretty weak, especially when there are better standards already out there. https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&c... http://crypto.stackexchange.com/questions/25089/plaintext-bl... As for anonymous cryptocurrency, there have been a lot of attempts at creating anonymous cryptocurrency and they are generally garbage. Either the mixing leaks information, or there is a reliance on central services, or other major problems. Shadowcash claims to be a Proof-of-Stake cryptocurrency, which is a consensus system that has been pretty highly discredited among the more well respected researchers. The threat model is definitely different, and in general is a lot weaker both in terms of attack-resistance and in terms of decentralization that traditional Proof-of-Work. Even Ethereum has yet to come up with a Proof-of-Stake algorithm that they feel comfortable committing to, and they were so certain they'd get there that they added a feature which will break the currency unless they hardfork to PoS (at least that was the idea - given that PoS is not ready, they will probably just hardfork to a not-intentionally-broken PoW). https://download.wpsoftware.net/bitcoin/pos.pdf
https://download.wpsoftware.net/bitcoin/old-pos.pdf A few worth taking seriously are Monero, Zcash (though Zcash depends on new/fancy/less-trusted crypto - zkSnarks), and JoinMarket. Everything else that's got academic strength behind it is too early to have a user-ready implementation. That's just my two cents. Maybe in a few weeks there will be a whitepaper that covers the full strategies of Umbra and it ends up being pretty good. But I don't think so, given that the few decisions that I could find already suggest that this is a platform built by amateurs. |
Okay.
> AES is a symmetric encryption algorithm, and a strange choice for a chat protocol.
No, it's the standard choice.
Signal uses AES-256-CBC + HMAC-SHA-256, for example.
> Furthermore, CBC is not great at hiding patterns, and chat will often have a lot of patterns.
That's not true. CBC mode isn't great at hiding patterns with IV reuse. Solution: Don't reuse IVs.
The problem with CBC mode is that it's unauthenticated, and as a result is often susceptible to padding oracle attacks that allow messages to be decrypted byte-at-a-time.
https://paragonie.com/blog/2015/05/using-encryption-and-auth...
A better mode would be GCM, or maybe GCM-SIV, or scrap AES entirely in favor of ChaCha20-Poly1305.