Privy project planning

About

• Privy is a distributed, cryptographically secured chat application
• Decentralized means that there is no central server
• Instead it relies on a peer-to-peer network architecture, where every user is both a client and a server
• Instead of trusting the server for the security of user data, users trust in the security of cryptographic encryption standards (virtually unbreakable at the moment and for a long time to come)

Privy requirements

• Communication:
  • users can exchange messages without the need of a relay service such as a server
• Privacy:
  • messages are strongly encrypted such that only the participants can read the contents
• Persistence:
  • users can login from different devices and still access their previous messages

Privy WBS - top level

1. Research
   • Feasibility research
   • Market research
   • Technical research
2. Backend - functionality
   1. Encryption
   2. Communication
   3. Persistence
3. Frontend - presentation
   1. Privy CLI
   2. Privy Desktop
   3. Privy Mobile
4. Documentation
   1. User manual
   2. Technical documentation

Privy WBS - backend

1. Encryption

   1. Implement symmetric encryption

   2. Implement asymmetric encryption

      1. Key Exchange

      2. Signatures

2. Communication

   1. 1 : 1 messaging

      1. message sending -publish

      2. message handling -subscribe

      3. encryption : asymmetric encryption

   2. group messaging

      1. message sending

      2. message handling

      3. encryption : symmetric encryption with initial key exchange

3. ​​Persistence

   1. ​persist public data - unencrypted, write all

      1. ​store user info : userId and public key

   2. ​persist private data - encrypted write restricted

      1. ​store friends list

      2. store messages

Privy WBS - frontend

1. Privy CLI
   1. Privy Daemon
      1. Listen for messages
      2. Save messages 
   2. Privy CLI parser
      1. implement commands: login, logout, friend add, friend list, friend remove, send message, show messages, show user info, run privy daemon
2. Privy Desktop
   1. Create design spec
   2. Create mockups
   3. Implement features
      1. Login page
      2. Messages page
         1. Add friends
         2. Remove friends
         3. Show messages
      3. Settings page
         1. Logout
         2. View user info
         3. Delete account
3. Privy mobile
   1. Privy Android - same as Desktop but optimized for smaller screen size
   2. Privy iOS - same as Desktop but optimized for smaller screen size

Estimations

• Cryptography module, symmetric key encryption: implementation
  • The algorithm is a well defined one (AES), with several reference implementations. Therefore it is only a matter of implementing the algorithm in given target language and fine tuning it to our specific needs (such as key length etc)
  • I estimated a maximum of one week for this task, which translates to 40 hours
• Cryptography module, asymetric key encryption : implementation
  • This algorithm is also well defined (RSA) but a little more complicated, it involves more steps and more complicated maths. Also, we need to modify it considerably from standard implementation, since instead of generating a random key pair, we want a password seeded keypair. (Same password will generate same keypair, independent of time or place). This implies swapping out the truly random seeded CSPRNG to a seeded CSPRNG.
  • Therefore I estimated this task to take at least two weeks. Cryptography is hard and it is easy to get it wrong, so it is better to overestimate here. => 80 hours.