Security
BatChat
What security layers does BatChat use?
• Channel Encryption
• Content Encryption
• Server Database Security
• Key Security
BatChat Encryption Details
1. Channel Encryption
What encryption algorithms are used in channel encryption?
Channel encryption uses RSA, ECDHE, AES256_CBC, SHA256, SHA1, etc. (see diagram below).
Steps:
(1. The client and server each generate random numbers.
(2. The server sends its random number to the client.
(3. The client encrypts its random number using RSA and sends it to the server.
(4. The server decrypts the client's random number using RSA (RSA is used to prevent man-in-the-middle attacks).
(5. Both the client and server use their own and each other's random numbers to generate a temporary key TempKey and temporary offset TempIV (both parties now hold the same TempKey and TempIV).
(6. Both the client and server use ECDHE to generate their respective public-private key pairs.
(7. The client encrypts its ECDHE public key using TempKey and TempIV, and sends the ciphertext to the server.
(8. The server receives and decrypts the client's ECDHE public key ciphertext.
(9. The server encrypts its own ECDHE public key using TempKey and TempIV, and signs it using RSA.
(10. The server uses ECDHE with the client's ECDHE public key and the server's ECDHE private key to generate a ShareKey.
(11. The client receives the server's ECDHE public key ciphertext and signature, decrypts and verifies the signature. If valid, it uses the client's ECDHE private key and the server's ECDHE public key to generate a ShareKey.
(12. The server initializes parameters and sends them to the client, including:
• AuthKeyID: A temporary client identifier randomly generated by the server
• MsgKey: The SHA256 value computed from the sum of ShareKey, AuthKeyID, MsgID, SessionID, Salt, SeqNo, and the actual message content
This parameter is used for:
(a. Verifying data integrity to prevent tampering
(b. Combined with ShareKey to generate an AES256 key and IV for encrypting each message.
• MsgID: A time-based message ID used to prevent replay attacks and deduplication.
• SessionID: A unique session ID per login.
• Salt: A unique salt value per login.
• SeqNo: Used to prevent replay attacks.
(13. Each subsequent message has different MsgID, SessionID, Salt, SeqNo, and actual content; these changing values cause MsgKey to differ each time. This ever-changing MsgKey combined with ShareKey generates a unique 32-byte key and offset for each message.
(14. ShareKey expires after a period, after which a new key negotiation must be performed.
2. Content Encryption Details
BatChat Asymmetric Encryption:
(1. The user generates an ECDHE public-private key pair and stores it locally.
(2. The public key is uploaded to the server; the private key remains on the device.
(3. Upon login, the user fetches updates for all contacts, including each contact's public key.
(4. When sending or receiving messages, both parties use their own private key plus the other's public key to generate a ShareKey.
(5. The ShareKey is used to derive an AES256 key for encryption and decryption.
BatChat Double Ratchet Algorithm:
Messages sent by Alice (A) carry her new public key. Eventually, Bob (B) will receive one of these messages and perform the second DH ratchet step. The DH output from each ratchet step is used to derive new sending and receiving chain keys. As the parties take turns performing DH ratchet steps, they alternately introduce new sending chains, and so on.
3. Server Database Security
The server database is protected against manual tampering
(1. The database includes a signature field.
(2. An ECDSA public-private key pair is generated on the server.
(3. When the server code performs create, update, or delete operations on sensitive fields such as password, userID, and friend, it generates an ECDSA signature and updates the signature field.
(4. When the server code reads or evaluates data such as password, userID, and friend, it performs ECDSA signature verification. Only data that passes verification proceeds to the next step; otherwise, an error is returned to the client.
(5. The server program is protected by encryption and digital signatures.
4. Key Security
(1. User login passwords, secondary passwords, and auto-login passwords all use the SRP algorithm. The server never stores user passwords.
(2. The user's encryption private key is stored only on the user's device.
(3. Users can manually update their content encryption keys on the client at any time.
What are Public and Private Keys?
A public key (PubKey) and a private key (PriKey) form a key pair. Data encrypted with a public key can only be decrypted with the corresponding private key. Because encryption and decryption use two different keys, this is called asymmetric encryption. RSA and ECDHE mentioned above are asymmetric encryption algorithms.
How Does Asymmetric Encryption Work?
(1. For A to send information to B, both A and B must generate a public-private key pair for encryption and decryption.
(2. A keeps its private key secret and shares its public key with B; B keeps its private key secret and shares its public key with A.
(3. When A wants to send a message to B, A encrypts the message using B's public key.
(4. A sends the message to B (already encrypted with B's public key).
(5. Upon receiving the message, B decrypts it using its own private key. No one else who receives the data can decrypt it, because only B has B's private key.