20: Ethereum Direct Message with Waku v2 #365
Conversation
content/docs/rfcs/19/README.md
Outdated
| contributors: | ||
| --- | ||
|
|
||
| This specification explains the Waku v2 Direct Message protocol which enables a peer to send a direct message to another peer using the Waku v2 network. |
There was a problem hiding this comment.
I'd probably making this into something more Ethereum specific
There was a problem hiding this comment.
Happy to do so and not fall in the "generalised too early" trap. Interestingly enough, only the derivation is Ethereum (actually ecdsa) specific.
There was a problem hiding this comment.
Well, as anywhere else "Ethereum" is mentioned and not the actual key scheme used, the same could be should be done here. Or the other way around and remove Ethereum everywhere.
content/docs/rfcs/19/README.md
Outdated
| @@ -0,0 +1,101 @@ | |||
| --- | |||
| slug: 19 | |||
There was a problem hiding this comment.
content/docs/rfcs/19/README.md
Outdated
| @@ -0,0 +1,101 @@ | |||
| --- | |||
| slug: 19 | |||
| title: 19/WAKU2-DIRECT-MESSAGE | |||
There was a problem hiding this comment.
Hm, I wonder how we want to distinguish between more application layer and Waku v2 protocols here. For EIPs, there is a different track for ERC, but might be too complex. In any case, I'd put something Ethereum specific here probably? Also feel free to acronym this stuff because it might get too long otherwise (20/WAKU2-APP-ETH-DIRECT-MESSAGE -> WAETHDM? :D probably better ones...)
cc @jm-clius @staheri14 re app/waku v2 level distinction
There was a problem hiding this comment.
I agree that we need to make explicit the semantic difference between the Waku v2 suite of protocols and any application built on top of it.
To my mind this is ETH-DIRECT-MESSAGE (EDM 😎) protocol over Waku v2. Perhaps the spec title can then even omit WAKU2 and just state its relation to WAKU2 as part of the spec body? If we want to be more explicit, all such WAKU2-APP protocols can be prefixed and referred to as something like W2A protocols. Theoretically, chat2 is already a W2A protocol as it operates on a higher layer than WAKU2.
There was a problem hiding this comment.
Oh, I like EDM (well, not the music, too commercial)
There was a problem hiding this comment.
I went for "ETH-DM" for now. Reasoning:
- Removed
WAKU2as suggested, keeping this for waku protocol level specs only - "DM" is a common acronym for "Direct Message",
- "ETH" is a common acronym for "Ethereum".
While in most cases, one who reads "EDM" would need to be explained that it stands for "Ethereum Direct Message". However, I believe that one that reads "ETH-DM" can more easily understand its meaning without being told that it stands for "EThereum Direct Message".
I may be wrong of course :)
There was a problem hiding this comment.
ETH is typically used to refer to the actual coin, Ether. Eth to refer to Ethereum (see for example usage of Eth1 and Eth2). So in that sence, perhaps EDM was a better choice :)
|
PR description can probably be more accurate too to make it a spec/protocol level concern |
content/docs/rfcs/19/README.md
Outdated
| `contentTopic` `/waku/2/direct-message/eth-pubkey/Bw/proto`, | ||
| with `Bw` in hex format (`0xAb1..`), | ||
| 6. Alice publishes `Mw` via [11/WAKU2-RELAY](/spec/11), | ||
| 7. Bob captures messages received messages via [11/WAKU2-RELAY](/spec/11) that have `contentTopic` `/waku/2/direct-message/eth-pubkey/Bw/proto`, |
There was a problem hiding this comment.
| 7. Bob captures messages received messages via [11/WAKU2-RELAY](/spec/11) that have `contentTopic` `/waku/2/direct-message/eth-pubkey/Bw/proto`, | |
| 7. Bob captures messages received via [11/WAKU2-RELAY](/spec/11) that have `contentTopic` `/waku/2/direct-message/eth-pubkey/Bw/proto`, |
content/docs/rfcs/19/README.md
Outdated
| 4. Alice encrypts `M'` using `Bw`, resulting in `m'`, TODO: define encryption method, | ||
| 5. Alice creates waku message `Mw` with | ||
| `payload` `m'` and | ||
| `contentTopic` `/waku/2/direct-message/eth-pubkey/Bw/proto`, |
There was a problem hiding this comment.
Not sure if it would be a concern now or not, but note that the inclusion of Bw will break anonymity and unlinkability of the recipient of the message i.e., Bob in here.
There was a problem hiding this comment.
Yes it is a concern. I initially marked this concern as "out of scope" but the wording I used seemed confusing. I'll re introduce the scoping with improved wording.
content/docs/rfcs/19/README.md
Outdated
|
|
||
| ## Steps | ||
|
|
||
| 1. Alice MUST derive Bob's waku public Key `Bw` from `B`, |
There was a problem hiding this comment.
Wondering why such a derivation is needed? i.e., from B to Bw?
There was a problem hiding this comment.
My understanding is that it is hard to compute B from Bw. Which means that just by observing the waku traffic, one cannot deduce which Ethereum addresses are receiving message.
However, we know that as highlighted in #365 (comment) if one knows B, it is easy to know whether Bob is receiving messages.
I also expect that as we evolve the protocol, we use new ways to derive keys from B to allow unlinkability.
What do you think?
There was a problem hiding this comment.
If the derivation is based on a deterministic function F i.e., F always output the same Bw when receiving B, then anonymity is still at risk. This is regardless of the derivation function F being unlinkable/one-way (one-way: computing B from Bw is hard).
The anonymity is compromised since all the network messages are linkable to their receiver by only looking at the embedded pk i.e., Bw.
@D4nte
content/docs/rfcs/19/README.md
Outdated
|
|
||
| ### Reply | ||
|
|
||
| To ascertain the fact that Alice receives Bob's reply, she could include connection details such as her peer id and multiaddress in the message. |
There was a problem hiding this comment.
Ditto, inclusion of peerId is against anonymity and reveals both ends of communication
content/docs/rfcs/19/README.md
Outdated
| ### Reply | ||
|
|
||
| To ascertain the fact that Alice receives Bob's reply, she could include connection details such as her peer id and multiaddress in the message. | ||
| However, this leads to privacy concerns if she does not use an anonymizing network such as tor. |
There was a problem hiding this comment.
If she attempts to include her PeerId in the message, using Tor will not help in preserving anonymity (unless there is another level of encryption/randomization)
There was a problem hiding this comment.
Can you please clarify what information would be revealed that doesn't preserve anonimity?
There was a problem hiding this comment.
PeerId is unique for each user, when PeerID of Alice e.g., PA is included in her replies, combined with Bw, which is also part of the reply, one can learn how many messages are transmitted between these two parties i.e., between PA and Bw. This leaks the network communication graph which would ultimately break anonymity and allows deidentification of the users i.e., Alice and Bob. Can't exactly say how fast such inference can be, but certainly opens up the hole for that.
There was a problem hiding this comment.
I assumed that PA would be encrypted with Bw as part of the payload so that only Bob would learn PA.
oskarth
changed the title
There was a problem hiding this comment.
Just curious as I've not been following this development, but what is the context related to this direct messaging specifically based on Ethereum Keys?
The name "Direct" is rather confusing here to me, as it is not actual direct messaging and still goes over the relay/store. When I first read the title I thought it was about adding a direct request/response mechanism for messaging in Waku v2. Instead it is a layer on top of relay/store on how to use a specific Key scheme to communicate.
Also, privacy concerns as already mentioned by @staheri14 . Additional to that, I don't know the context here, but there is a reason why the status app uses different addresses for wallet and Waku communication.
content/docs/rfcs/19/README.md
Outdated
| contributors: | ||
| --- | ||
|
|
||
| This specification explains the Waku v2 Direct Message protocol which enables a peer to send a direct message to another peer using the Waku v2 network. |
There was a problem hiding this comment.
Well, as anywhere else "Ethereum" is mentioned and not the actual key scheme used, the same could be should be done here. Or the other way around and remove Ethereum everywhere.
|
The origin of this idea was thinking about how to do an application layer protocol for messaging to Ethereum public keys that don't use Waku yet, as part of the general Ethereum Dapp roadmap. You are right that it might not be Ethereum specific, at least not in its current form. This is using Ethereum dapps as consumers, as opposed to just thinking about Status wallet. From a user POV, Metamask is a vastly bigger target. Of course, the key structure should be reusable and compatible, etc. @D4nte Since this is a raw spec, I suggest making the minimal necessary changes (name, id etc) and then address the things you can think of now, then add the other comments/concern as either TODO in-line or as follow up issues. Then we can merge this as in progress, and revisit it once it becomes more priority/we push it to draft. |
D4nte
changed the title
|
I usually avoid push forcing on documentation PRs, however as my master was not up to date (spec 19 already exists) I believe a push force is best in this case. |
Sounds good. Now ready for re-review. |
|
@oskarth already replied but I thought I'd provide some details.
The idea of this protocol is to allow one party to reach another party, only knowing their Ethereum address. E.g., Alice could want to reach Bob to privately buy a NFT they hold.
I think your comment is similar to #365 (comment). I addressed it by changing the protocol name. Let me know what you think.
Yes, in this instance Alice wants to specifically reach Bob only knowing his Ethereum Address. This is not a case of Alice and Bob know each other and want to use waku to talk to each other (in this instance, we should propose a protocol where they generate brand new keys unrelated to their Ethereum keys). |
We will squash it anyway so not an issue I think |
| @@ -0,0 +1,113 @@ | |||
| --- | |||
| slug: 20 | |||
There was a problem hiding this comment.
Add to menu as well so it shows up in preview https://github.com/vacp2p/rfc/blob/master/content/menu/index.md
OK, thanks for the context, makes sense. I was thinking in that direction, but rather of a use case where one wants to for example proof the holding of an NFT or some other asset by sending a message under the key that holds it. Similar use cases.
Thanks, that's clear. It is messaging related specifically to potential information linked with the Eth account. It doesn't mean however that we shouldn't be wary of any metadata leaking outside of the Alice - Bob link. |
| 4. Alice encrypts `M'` using `Bw`, resulting in `m'`, | ||
| 5. Alice creates waku message `Mw` with | ||
| `payload` `m'` and | ||
| `contentTopic` `/waku/2/eth-dm/child-pubkey/Bw/proto`, |
There was a problem hiding this comment.
Not sure I fully understand here having child-pubkey and Bw in this topic. Aren't they the same?
(same remark for all contentTopics below.
There was a problem hiding this comment.
child-pubkey is literally the string child-pubkey. The aim is to qualify the data used here, ie, what is Bw.
We know that by having Bw there, we are breaking unlinkability so maybe in the future we may use a different data type instead of Bw, let's say foo that permits unlinkability. In this case, the contentTopic would then become /waku/2/eth-dm/qualifier-for-foo/foo.
Please let me know if you have an idea on how I could make this clearer.
Introduces 20: ETH-DM, the Ethereum Direct Message protocol which enables a peer to send a direct message to another peer using the Waku v2 network, and the peer's Ethereum Address.
Related to #72.