Trisha Shetty (Editor)

Bitmessage

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit
Original author(s)
  
Jonathan Warren

Development status
  
Active

Developer(s)
  
Bitmessage Community

Bitmessage

Initial release
  
November 2012; 4 years ago (2012-11)

Stable release
  
0.6.1 / August 21, 2016; 6 months ago (2016-08-21)

Written in
  
Python, C++ (POW function)

Bitmessage is a decentralized, encrypted, peer-to-peer, trustless communications protocol that can be used by one person to send encrypted messages to another person, or to multiple subscribers. Bitmessage encrypts each user's message inbox using public-key cryptography and replicates it inside its P2P network, mixing it with inboxes of other users in order to conceal user's identity, prevent eavesdropping and allow the network to operate in a decentralized manner. The Bitmessage communications protocol avoids sender-spoofing through authentication, and hides metadata from wiretapping systems.

Contents

In June 2013, the software experienced a surge of new adoptions after news reports of email surveillance by the US National Security Agency.

As of June 2014, the network processes several thousand private messages per day.

Official client

PyBitmessage is the official instant messaging client designed for Bitmessage.

Bitpost client

An alternative client for OSX.

E-mail services

A number of services provide email endpoints to the BitMessage network. Bitmessage.ch is a service that supports sending and receiving Bitmessages over the email protocol.

IMAP/POP and SMTP bridges

A number of applications provide bridges between the PyBitmessage client and email applications via the IMAP/POP and SMTP protocols. BitMail is an application that bridges the IMAP, POP, and SMTP protocols.

Operation

Bitmessage works by encrypting all the incoming and outgoing messages using public-key cryptography so that only the receiver of the message is capable of decrypting it. In order to achieve anonymity:

  • Bitmessage replicates all the messages inside its own anonymous P2P network, therefore mixing all the encrypted messages of a given user with all the encrypted messages of all other users of the network, thus making it difficult to track which particular computer is the actual originator of the message and which computer is the recipient of the message.
  • Bitmessage uses cryptographically generated addresses (for example, BM-BcbRqcFFSQUUmXFKsPJgVQPSiFA3Xash). Bitmessage addresses resemble bitcoin addresses, and its keys are compatible with bitcoin keys.
  • Bitmessage uses public-key cryptography, designed such that only a recipient of a message is capable of decrypting it. This encryption algorithm works in such a way that even the original sender is not able to decrypt their own message due to different keys being used for encryption and decryption. More specifically, Bitmessage uses 256-bit ECC keys and OpenSSL for cryptographic functions.
  • Outgoing messages do not contain the explicit address of the recipient of the message. Therefore, every network participant attempts decryption of every message passing through the network even if the message was not originally intended for that network participant. Since only the actual recipient can successfully decrypt the messages intended for them, all network participants know that if they fail to decrypt the message then the message was not intended for them.
  • The original sender knows whether the recipient received the message or not (through an acknowledgement system), but the sender cannot discover which network participant is the actual recipient since all the network participants will have this encrypted message stored on their computer irrespective of whether the message was intended for them or not.
  • Bitmessage nodes store the encrypted messages only for two days before erasing them, therefore, messages are not archived in the network. New nodes joining the network can only download and broadcast the pool's messages from the last two days. Any messages which did not result in a receipt acknowledgement can be re-sent by the originator of the message after the two-day period.
  • Bitmessage uses a proof-of-work system to protect the network from flooding.

    • Bitmessage can be accessed via Tor or via I2P

    Chans

    Starting from version 0.3.5, Bitmessage introduced an additional feature called a chan, a decentralized anonymous mailing list. Unlike traditional mailing lists used via email:

  • a chan cannot be shut down by taking down any server or a group of servers due to decentralized nature of chans.
  • a chan cannot be effectively censored since any Bitmessage user who knows the chan passphrase can read the chan or post any message into the chan.
  • within a chan, user messages are anonymous to such a degree that messages contain neither the sender's nor the receiver's Bitmessage address.

    • A number of publicly known chans currently exists dedicated to the topics ranging from online privacy to politics to chess games.

    Development

    The concept for Bitmessage was conceived by software developer Jonathan Warren, who based its design on the decentralized digital currency, bitcoin. The software was released in November 2012 under the MIT license.

    The source code is written in Python and uses the Qt cross-platform application framework as well as OpenSSL for cryptographic functions. It is available for Microsoft Windows, macOS, and Linux.

    Public reception

    Bitmessage has gained a reputation for being out of reach of warrantless wiretapping conducted by the National Security Agency (NSA) due to the decentralized nature of the protocol, and its encryption being difficult to crack. As a result, downloads of the Bitmessage program increased fivefold during June 2013 after news broke of classified email surveillance activities conducted by the NSA.

    Bitmessage has also been mentioned as an experimental alternative to email by Popular Science and CNET.

    Some ransomware programs instruct affected users to use Bitmessage to communicate with the attackers.

    Security

    BitMessage's security has not been independently audited. The official Bitmessage website states: "Bitmessage is in need of an independent audit to verify its security. If you are a researcher capable of reviewing the source code, please email the lead developer... ."

    References

    Bitmessage Wikipedia
    (Text) CC BY-SA