Merge branch 'stable'

2026-05-24 08:45:31 +00:00 · 2024-03-23 18:42:53 +00:00
parent 52803ae976 84fbff6148
commit eb36704f59
21 changed files with 163 additions and 22 deletions
@@ -234,6 +234,8 @@ You can use SimpleX with your own servers and still communicate with people usin

 Recent and important updates:

+[Mar 23, 2024. SimpleX network: real privacy and stable profits, non-profits for protocols, v5.6 released with quantum resistant e2e encryption and simple profile migration.](./blog/20240323-simplex-network-privacy-non-profit-v5-6-quantum-resistant-e2e-encryption-simple-migration.md)
+
 [Mar 14, 2024. SimpleX Chat v5.6 beta: adding quantum resistance to Signal double ratchet algorithm.](./blog/20240314-simplex-chat-v5-6-quantum-resistance-signal-double-ratchet-algorithm.md)

 [Jan 24, 2024. SimpleX Chat: free infrastructure from Linode, v5.5 released with private notes, group history and a simpler UX to connect.](./blog/20240124-simplex-chat-infrastructure-costs-v5-5-simplex-ux-private-notes-group-history.md)
@@ -377,8 +379,9 @@ Please also join [#simplex-devs](https://simplex.chat/contact#/?v=1-2&smp=smp%3A
 - ✅ Using mobile profiles from the desktop app.
 - ✅ Private notes.
 - ✅ Improve sending videos (including encryption of locally stored videos).
+- ✅ Post-quantum resistant key exchange in double ratchet protocol.
+- 🏗 Improve stability and reduce battery usage.
 - 🏗 Improve experience for the new users.
- 🏗 Post-quantum resistant key exchange in double ratchet protocol.
 - 🏗 Large groups, communities and public channels.
 - 🏗 Message delivery relay for senders (to conceal IP address from the recipients' servers and to reduce the traffic).
 - Privacy & security slider - a simple way to set all settings at once.
@@ -15,7 +15,7 @@ This is a major upgrade for SimpleX messaging protocols, we are really proud to
 This post also covers various aspects of end-to-end encryption, compares different messengers, and explains why and how quantum-resistant encryption is added to SimpleX Chat:

 - [Why do we need end-to-end encryption?](#why-do-we-need-end-to-end-encryption)
- [Why encryption is even allowed?](#why-encryption-is-even-allowed)
+- [Why is encryption even allowed?](#why-is-encryption-even-allowed)
 - [End-to-end encryption security: attacks and defense.](#end-to-end-encryption-security-attacks-and-defense)
  - Compromised message size - mitigated by padding messages to a fixed block size.
  - Compromised confidentiality - mitigated by repudiation (deniability).
@@ -40,7 +40,7 @@ End-to-end encryption is an important component of our individual and business s

 It's very sad to see the same people who keep their financial affairs private to protect from financial crimes, lock their doors to protect from thieves, and curtain their windows to protect from the occasional prying eyes, when it comes to protecting their personal lives from the data criminals say "we don't care about privacy, we have nothing to hide". Everybody's safety depends on keeping their affairs and relations private, not visible to a vast and ruthless data gathering machines, that abuse our data for commercial gain, without any regard to our interests or even [the safety of our families and children](https://nmdoj.gov/press-release/attorney-general-raul-torrez-files-lawsuit-against-meta-platforms-and-mark-zuckerberg-to-protect-children-from-sexual-abuse-and-human-trafficking/).

-## Why encryption is even allowed?
+## Why is encryption even allowed?

 <img src="./images/20240314-djb.jpg" class="float-to-right">

@@ -75,7 +75,7 @@ While the content encryption is the most important, concealing the actual messag

 The only effective mitigation to these attacks is to pad all messages to a fixed size. Using space-efficient schemes like Padme, or padding to encryption block size is ineffective for mitigating these attacks, as they still allow differentiating message sizes.

-To the best of our knowledge the only messenger other than SimpleX Chat that padded all messages to a fixed packet size was [Pond](https://github.com/agl/pond) - SimpleX design as an evolution of it.
+To the best of our knowledge, the only messengers other than SimpleX Chat that pad all messages to a fixed packet size are Cwtch and no longer developed [Pond](https://github.com/agl/pond) - SimpleX design can be seen as an evolution of Pond design.

 ### 2. Compromised confidential messages - mitigated by repudiation (deniability)

@@ -97,15 +97,15 @@ This property is well understood by the users, and most messengers that focus on

 ### 4. Compromised long-term or session - mitigated by break-in recovery

-This attack is much less understood by the users, and forward secrecy does not protect from it. Arguably, it's almost impossible to compromise individual message keys without compromising long-term or session keys. So the ability of the encryption to recover from break-in (attacker making a copy of the device data without retaining the ongoing access) is both very and pragmatic - break-in attacks are simpler to execute on mobile devices during short-term device access than long-term ongoing compromise.
+This attack is much less understood by the users, and forward secrecy does not protect from it. Arguably, it's almost impossible to compromise individual message keys without compromising long-term or session keys. So the ability of the encryption to recover from break-in (attacker making a copy of the device data without retaining the ongoing access) is both very important and pragmatic - break-in attacks are simpler to execute on mobile devices during short-term device access than long-term ongoing compromise.

-Out of all encryption algorithms known to us only Signal double ratchet algorithm provides the ability to encryption security after break-ins. This recovery happens automatically and transparently to the users, without them doing anything special even knowing about break-in, by simply sending messages. Every time one of the communication parties replies to another party message, new random keys are generated and previously stolen keys become useless.
+Out of all encryption algorithms known to us only _Signal double ratchet algorithm_ (also referred to as _Signal algorithm_ or _double ratchet algorithm_, which is not the same as Signal messaging platform and protocols) provides the ability for the encryption security to recover after break-ins attacks. This recovery happens automatically and transparently to the users, without them doing anything special or even knowing about break-in, by simply sending messages. Every time one of the communication parties replies to another party message, new random keys are generated and previously stolen keys become useless.

-Signal double ratchet algorithm is used in Signal, Cwtch and SimpleX Chat. This is why you cannot use SimpleX Chat profile on more than one device at the same time - the encryption scheme rotates the long term keys, randomly, and keys on another device become useless, as they would become useless for the attacker who stole them. Security always has some costs to the convenience.
+Double ratchet algorithm is used in Signal, Cwtch and SimpleX Chat. This is why you cannot use SimpleX Chat profile on more than one device at the same time - the encryption scheme rotates the long term keys, randomly, and keys on another device become useless, as they would become useless for the attacker who stole them. Security always has some costs to the convenience.

 ### 5. Man-in-the-middle attack - mitigated by two-factor key exchange

-Many people incorrectly believe that security of end-to-end encryption cannot be broken by communication provider. But end-to-end encryption is as secure as key exchange. While any intermediary passing the keys between senders and recipients cannot recover the private keys from the public keys, they can simply replace the passed public keys with their own and then proxy all communication between the users having full access to the original messages. So instead of having an end-to-end encrypted channel, users would have two half-way encrypted channels - between users and their communication intermediary.
+Many people incorrectly believe that security of end-to-end encryption cannot be broken by communication provider. But end-to-end encryption is only as secure as key exchange. While any intermediary passing the keys between senders and recipients cannot recover the private keys from the public keys, they can simply replace the passed public keys with their own and then proxy all communication between the users having full access to the original messages. So instead of having an end-to-end encrypted channel, users would have two half-way encrypted channels - between users and their communication intermediary.

 Pictures below illustrate how this attack works for RSA encryption.

@@ -143,7 +143,7 @@ Post-quantum cryptography, or encryption algorithms that are resistant to quantu
 - many of post-quantum algorithms have known patent claims, so any system deploying them accepts the risks of patent litigation.
 - the silver lining to these limitations is that the risk of appearance of commercially viable quantum computers in the next decade may be exaggerated.

-So, to put it bluntly and provocatively, post-quantum cryptography can be compared with a remedy against the illness that nobody has, without any guarantee that it will work. The closest analogy in the history of medicine is _snake oil_.
+So, to say it provocatively, post-quantum cryptography can be compared with a remedy against the illness that nobody has, without any guarantee that it will work. While there is a reasonable hope that it _might_ work, so it's not exactly a _snake oil_, these limitations and risks have to be much better communicated to the end users than they are.

 <img src="./images/20240314-datacenter.jpg" width="400" class="float-to-right">

@@ -164,8 +164,8 @@ The main objective here is to establish the framework for comparing the security
 Some columns are marked with a yellow checkmark:
 - when messages are padded, but not to a fixed size.
 - when repudiation does not include client-server connection. In case of Cwtch it appears that the presence of cryptographic signatures compromises repudiation (deniability), but it needs to be clarified.
- when 2-factor key exchange is optional, via security code verification.
- when post-quantum cryptography is only added to the initial key agreement, does not protect break-in recovery.
+- when 2-factor key exchange is optional (via security code verification).
+- when post-quantum cryptography is only added to the initial key agreement and does not protect break-in recovery.

 ## Adding quantum resistance to Signal double ratchet algorithm

@@ -201,7 +201,7 @@ The reason it is released as opt-in is because once the conversation is upgraded
 - enable _Show developer options_ toggle.
 - now you will see _Post-quantum E2EE_ toggle - enable it as well.

-Now all new contacts you add to the app will use quantum resistant Signal double ratchet algorithm.
+Now all new contacts you add to the app will use quantum resistant double ratchet algorithm.

 Once you have enabled it for the new contacts, you can also **enable it for some of the existing contacts**:
 - open the chat with the contact you want to upgrade to be quantum resistant.
@@ -211,7 +211,7 @@ Once you have enabled it for the new contacts, you can also **enable it for some

 ## Next for post-quantum crypto - all direct chats, small groups and security audit

-We will be making quantum resistance default for all direct chats in v5.7, and they will be upgraded for all users without any action.
+We will be making quantum resistance default for all direct chats in v5.7, and we plan that all existing direct chats will be automatically upgraded when both contacts install v5.7.

 We will also be adding quantum resistance to small groups up to 10-20 members. Computing cryptographic keys is much slower, in comparison, and it would be very inefficient (and completely unnecessary) for large public groups.

@@ -1,20 +1,128 @@
 ---
 layout: layouts/article.html
-title: "SimpleX network: real privacy and stable profits, non-profit protocol governance, v5.6 released with quantum resistant e2e encryption and simple profile migration"
+title: "SimpleX network: real privacy and stable profits, non-profits for protocols, v5.6 released with quantum resistant e2e encryption and simple profile migration"
 date: 2024-03-23
-# previewBody: blog_previews/20240314.html
-preview: TODO
-draft: true
-# image: images/20240314-kem.jpg
-# imageWide: true
+previewBody: blog_previews/20240323.html
+image: images/20240323-post-preview.png
+imageBottom: true
 permalink: "/blog/20240323-simplex-network-privacy-non-profit-v5-6-quantum-resistant-e2e-encryption-simple-migration.html"
 ---

-# SimpleX network: real privacy and stable profits, non-profit protocol governance, v5.6 released with quantum resistant e2e encryption and simple profile migration
+# SimpleX network: real privacy and stable profits, non-profits for protocols, v5.6 released with quantum resistant e2e encryption and simple profile migration

-This is a stub for release permalink
+**Published:** Mar 23, 2024

-TODO
+SimpleX network: deliver real privacy via a profitable business and non-profit protocol governance:
+- [community and business interests are aligned](#community-and-business-interests-are-aligned).
+- [the journey to the decentralized non-profit protocol governance](#the-journey-to-the-decentralized-non-profit-protocol-governance).
+- [welcome, Esra’a](#welcome-esraa)!
+
+What's new in v5.6:
+- [quantum resistant end-to-end encryption](#quantum-resistant-end-to-end-encryption-beta) (BETA) – enable it for the new contacts.
+- [use the app during the audio and video calls](#use-the-app-during-the-audio-and-video-calls).
+- [migrate all app data to another device via QR code](#migrate-all-app-data-to-another-device-via-qr-code).
+
+There are many other improvements and fixes in this release:
+- group admins can block a member for all other members.
+- filtering chats no longer includes muted chats with unread messages.
+- and more - see the [release notes](https://github.com/simplex-chat/simplex-chat/releases/tag/v5.6.0).
+
+## SimpleX network: deliver real privacy via a profitable business and non-profit protocol governance
+
+### Community and business interests are aligned
+
+Some people in our users' community believe that there is a conflict between the business and the community interests. This view fails to see a bigger picture of how these interests are aligned. I wrote a blog post about it [here](https://www.poberezkin.com/posts/2023-10-31-why-privacy-impossible-without-venture-funding.html). Our goal is to grow the network and the ecosystem while enriching all stakeholders involved, both the community and the business shareholders. This strategy relies on the strengths and opportunities of both the business and the decentralized network we build, with its vibrant community of individuals and organizations. It positions the business not as a controller but as a supporter of the community growth, resilience and sustainability.
+
+By leveraging access to investment resources, its ability to provide stock-based incentives beyond salaries, operating as a business will satisfy users' and community needs more effectively, ensuring the long-term viability and growth of the network, while remaining true to the mission. A purely nonprofit model with no avenue to sustain this growth is simply not possible. Sustainability requires profits, that is simply spending less than earning, as every responsible individual and organization should aim for, and these profits must be based on users' payments, and not on some other sources of revenue or funds. And building the software product that customers are willing to pay for requires substantial business investments. We will accomplish it while maintaining transparency and the commitment to keep SimpleX network and its protocols open and free to use.
+
+### The journey to the decentralized non-profit protocol governance
+
+At the current early stage of network growth the protocols will benefit most from the rapid evolution and centralized design. Many protocols that decentralized their evolution too early failed to evolve and to adapt to the product requirements of the majority of users, causing them to stall in growth. Even the open web became possible only thanks to Netscape, a venture funded company, that developed browsers and web server software taking it upon themselves to rapidly evolve web specification to make it into a robust application platform as we now know it. It is very unlikely that it would have happened if it was managed by a nonprofit or community, in a decentralized way.
+
+Once SimpleX network protocols stabilize and reach the required maturity, we plan to transition its governance to several new nonprofit entities, ensuring its continued evolution aligns more closely with our vision of community-driven, independent and transparent governance. We and our investors believe that this is a win-win strategy. It both maximizes the business value, by creating a product built on protecting privacy and users' trust - a model that we see as the only viable path forward. It also maximizes the value created for the user community.
+
+### Welcome, Esra’a!
+
+To help us deliver these goals, Esra’a Al Shafei joined SimpleX Chat team - we are excited to welcome her!
+
+Esra'a is a longtime privacy and human rights advocate from Bahrain. She is the founder of [Majal.org](http://majal.org), a network of platforms that amplify under-reported and marginalized voices in the Middle East and North Africa. She is also the co-founder of the [Numun Fund](https://numun.fund/), the first dedicated fund for women-led tech in the Global South. Esra’a is currently the Vice Chair of the Board at the [Wikimedia Foundation](https://wikimediafoundation.org/), the nonprofit which hosts Wikipedia. She is also on the Board of the [Tor Project](https://www.torproject.org/), developers of one of the world’s strongest tools for privacy and freedom online. Previously, she served on the Board of [Access Now](https://www.accessnow.org/), an international nonprofit dedicated to an open and free Internet.
+
+In her own words: *"Privacy and security have been the center of my work as a human rights advocate for the last 20 years in one of the most surveilled countries in the world where staying safe remains a burden. Our privacy is our dignity. It is something that belongs to us and something we should treasure - as people, as companies, as governments. Despite messaging being the most intimate aspect of our digital lives, the leading protocols in this space are centralized and we deserve a web that operates on the core principles of genuine privacy and security in a fully decentralized framework. SimpleX network will play a critical role towards that vision."*
+
+Executing the plan towards decentralized nonprofit protocol governance will be Esra’a’s primary responsibility. Our primary objective with this plan is to ensure that no single entity can control or have unrestricted ownership of the protocols, so it can maintain its integrity.
+
+## What's new in v5.6
+
+### Quantum resistant end-to-end encryption (BETA)
+
+Adding post-quantum resistance to the double ratchet end-to-end encryption algorithm in SimpleX Chat is a major upgrade to messaging protocols, and it creates the security against the future quantum computers.
+
+I wrote in detail in the previous post about various properties of end-to-end encryption and how exactly quantum resistance is implemented in SimpleX Chat - currently SimpleX Chat has [the most secure end-to-end encryption design](./20240314-simplex-chat-v5-6-quantum-resistance-signal-double-ratchet-algorithm.md#how-secure-is-end-to-end-encryption-in-different-messengers) against the present and future attacks.
+
+We plan to perform a security audit of this design and implementation later this year.
+
+Post-quantum encryption is currently added as opt-in and has to be separately enabled to be active for the new contacts, and, additionally, can be enabled for the existing contacts.
+
+<img src="./images/20240314-pq1.png" width="288"> <img src="./images/20240314-pq2.png" width="288"> <img src="./images/20240314-pq3.png" width="288">
+
+**To enable quantum resistance for the new conversations**:
+- open the app settings (tap user avatar in the top left corner).
+- scroll down to _Developer tools_ and open them.
+- enable _Show developer options_ toggle.
+- now you will see _Post-quantum E2EE_ toggle - enable it as well.
+
+Now all new contacts you add to the app will use quantum resistant Signal double ratchet algorithm.
+
+Once you have enabled it for the new contacts, you can also **enable it for some of the existing contacts**:
+- open the chat with the contact you want to upgrade to be quantum resistant.
+- tap contact name above the chat.
+- tap Allow PQ encryption.
+- exchange several messages back and forth with that contact - the quantum resistant double ratchet will kick in after 3-5 messages (depending on how many messages you send in each direction), and you will see the notice in the chat once it enables.
+
+We will be making quantum resistance default for all direct chats in v5.7, and we plan that all existing direct chats will be automatically upgraded when both contacts install v5.7.
+
+### Use the app during the audio and video calls
+
+<img src="./images/20240323-call1.png" width="220" class="float-to-left"> <img src="./images/20240323-call2.png" width="220" class="float-to-left">
+
+Since we added the audio and video calls in 2022 a lot of work was done to improve the stability of calls. One of the usability downsides until this release was that it was impossible to use the app during the call.
+
+This version solved this problem - now you can return back to the app without interrupting the call and use any of the app functions - for example, you can send the messages or files to the person you are in the call with. If this is a video call, you will continue seeing your contact in a small picture-in-picture view.
+
+### Migrate all app data to another device via QR code
+
+We always believed that cross-platform data portability is very important for any software. Users own their data, and they should have a way to export it from any software they use. So from the version of SimpleX Chat [released in July 2022](./20220711-simplex-chat-v3-released-ios-notifications-audio-video-calls-database-export-import-protocol-improvements.md#database-export-and-import) it was possible to export the database as a self-contained file, including all contacts, messages and files, and import it on a new device.
+
+_"How can I migrate my data to another device?"_ was one of the most frequent user questions, but until this release this process was [quite complex](), requiring too many steps, and most non-technical users were not willing to try it, as even though it was reliable, it appeared risky.
+
+This release made the app data migration very simple, see the steps below.
+
+**Start the migration on the source device**
+
+<img src="./images/20240323-migrate-from1.png" width="170"> <img src="./images/arrow.png" width="24"> <img src="./images/20240323-migrate-from2.png" width="170"> <img src="./images/arrow.png" width="24"> <img src="./images/20240323-migrate-from3.png" width="170"> <img src="./images/arrow.png" width="24"> <img src="./images/20240323-migrate-from4.png" width="170"> <img src="./images/arrow.png" width="24"> <img src="./images/20240323-migrate-from5.png" width="170">
+
+On the device you migrate your app data from, follow these steps:
+- choose _Migrate to another device_,
+- if necessary, set the database passphrase (initially, the database is encrypted with a random passphrase), or, if it's already set, verify it - for security and to ensure that the archive will be usable on the new device,
+- tap _Archive and upload_ to and upload the app data in chunks to the XFTP servers configured in the app,
+- the app will show the QR code that should be scanned from the new device.
+
+**Migrate data to the target device**
+
+<img src="./images/20240323-migrate-to1.png" width="170"> <img src="./images/arrow.png" width="24"> <img src="./images/20240323-migrate-to2.png" width="170"> <img src="./images/arrow.png" width="24"> <img src="./images/20240323-migrate-to3.png" width="170"> <img src="./images/arrow.png" width="24"> <img src="./images/20240323-migrate-to4.png" width="170"> <img src="./images/arrow.png" width="24"> <img src="./images/20240323-migrate-to5.png" width="170">
+
+On the device you migrate your data to, follow these steps:
+- on the first app page choose _Migrate from another device_,
+- scan the QR code shown on the source device,
+- once the archive downloads, enter the database passphrase and tap _Open chat_,
+
+**Finalize migration on the source device**
+
+<img src="./images/20240323-migrate-from6.png" width="170" class="float-to-left">
+
+When the chat starts on the target device, make sure to tap _Finalize migration_ and then _Delete database_ on the source device.
+
+The database cannot be used on two devices at the same time, doing so would make it impossible to decrypt the received messages. This is a security measure - the break-in recovery property of double ratchet algorithm.

 ## SimpleX network

@@ -1,5 +1,19 @@
 # Blog

+Mar 23, 2024 [SimpleX network: real privacy and stable profits, non-profits for protocols, v5.6 released with quantum resistant e2e encryption and simple profile migration](./20240323-simplex-network-privacy-non-profit-v5-6-quantum-resistant-e2e-encryption-simple-migration.md)
+
+SimpleX network: deliver real privacy via a profitable business and non-profit protocol governance:
+- community and business interests are aligned.
+- the journey to the decentralized non-profit protocol governance.
+- welcome, Esra’a!
+
+What's new in v5.6:
+- quantum resistant end-to-end encryption (BETA) – enable it for the new contacts.
+- use the app during the audio and video calls.
+- migrate all app data to another device via QR code.
+
+---
+
 Mar 14, 2024 [SimpleX Chat v5.6 (beta): adding quantum resistance to Signal double ratchet algorithm](./20240314-simplex-chat-v5-6-quantum-resistance-signal-double-ratchet-algorithm.md)

 This is a major upgrade for SimpleX Chat messaging protocol stack, I am really proud to present this work of the whole team.
@@ -0,0 +1,16 @@
+<p><strong>SimpleX network: deliver real privacy via a profitable business and non-profit protocol governance:</strong></p>
+
+<ul class="mb-[12px]">
+    <li>community and business interests are aligned.</li>
+    <li>the journey to the decentralized non-profit protocol governance.</li>
+    <li>welcome, Esra&apos;a!</li>
+</ul>
+
+<p><strong>v5.6 is released:</strong></p>
+
+<ul class="mb-[12px]">
+    <li>quantum resistant end-to-end encryption (BETA) - enable it for the new contacts.</li>
+    <li>use the app during the audio and video calls.</li>
+    <li>migrate all app data to another device via QR code.</li>
+    <li>blocking members and many other improvements.</li>
+</ul>