Privy tech stack

  • Privy: a distributed chat app
  • OrbitDB: a distributed database
  • IPFS: a distributed file system
  • libp2p: networking, kademlia dht implementation
  • Internet Protoll

User identity

  • No central server to store usual username, password records
  • Passwords will not be stored anywhere but the user's memory
  • Instead, an RSA keypair will be derived from password(preferably pass phrase)
  • This will be used for digital signatures and encryption
  • Users will be stored in a public OrbitDB table, UsersDB
  • User record:
{
	userId: string, //hash of username
    publicKey: string,
    signature: string, //to prevent impersonation
    nonce: string //to limit span accounts
}
  • Remember: this OrbitDB table is public, readable and writeable by anyone
  • Hence we need to limit the amount of info stored in table => only store hash of username: you can find public key of user if you know their username, but only looking at the table won't tell you who it belongs to (plus they are pseudonyms anyway)
  • Username needs to be unique, but there is no way to prevent people from adding records to this database => only consider the first record of any given username as valid. Any subsequent records with that user name will be considered impersonation

Messaging

  • Over IPFS pubsub
  • IPFS nodes can subscribe to a topic (a string)
  • IPFS nodes can publish messages (byte streams) to a given topic
  • All subscribed nodes receive said message in a callback function
  • Make the topic unique (a shared secret between participants, a long random string) to a conversation=> 1:1 chat. Both participants publish and listen to that topic. Nobody else should know of the topic's name. Of course, if somebody learns the topic, they can still listen in. This is where public keys come in: we can lookup the public key of our friend and encrypt our messages with it. Also encrypt with our private key, this way the friend can verify the message did in fact come from us

Persistence

  • Use 'private' orbitDB tables
  • Write protection: user signs every record. If anyone else adds records to it, the user will know it wasn't added by them and discards the fake record
  • Read protection: orbitdb records are stored in the public=> need to encrypt messages. Use symmetric encryption here, like AES, with key derived from user's passphrase

deck

By Godra Adam

Made with Slides.com

deck

  • 12

More from Godra Adam