There is a lot of Hype about Crypviser, the first Blockchain Authenticated, 100% Anonymous Instant Messenger. But there are many unanswered questions.
How does it function?
What Encryption Protocal does it use?
Deep Technical questions.
So without further ado here are some answers to these questions.
Question: Crypviser Claims to be Anonymous, though it does not implement any Proxy, such as Tor, how can this be?
Crypviser: The app is anonymous because it doesn’t require any personal details,
No name, no phone number, no sms verefication.
Creating an account in Crypviser is similar to creating a blockchain wallet.
Moreover Crypviser is the first messaging app which doesn’t require access to your phones address book! Everything within Crypviser is stored within its own ecosystem.
Question: In the Whitepaper it says that Crypviser “distributes crucial encryption keys among thousands of computers”? What does that mean, is the decryption process distributed, or that the key storage is distributed?
Crypviser: We have introduced decentralized public distirubution algorithms through the blockchain, to enable the most realible way of authentication and protection against MiTM attacks.
Question: Why is Crypviser ignoring the industry-standard practice of public key fingerprints that can be verified via off-band out-of-band channels, and reinventing the wheel with block-chain technology that has very good reason to exist in the world cryptocurrency, but has no role in secure (i.e. preferably ephemeral) messaging
Crypviser: There is only ONE exisiting industry standard of public key authentication which is crucial for all cryptographic models — PKI model, but it’s suitable for enterprise network only.
For cloud based networks there has only been only ONE decent attempt to offer a solution made by the legendary PGP inventor Phill Zimmerman .
He introduced WoT (WEB OF TRUST) with his PGP protocol in 1990’s, but it hasn’t became an industry standard or became popular due to many issues.
So, Crypviser has implemented the dream of Zimmerman by introducing the WoT on Blockchain.
The key management and exchange done through central servers are vulnerable for MITM attacks. You can not trust any third party when we are talking about CLOUD based instant communications.
But the issue is not only the authentication, it is also when public keys are generated and managed through the central servers then can be easily manipulated on the served side in the way that the fingerprints will be the same on the both side.
Question: Is my Public Key uploaded to the blockchain using TLS/SSL?
Crypviser: Most will find this Shocking, but, NO. SSL/TLS has been the industry standard for decades but its time is over. This would be fine for an everyday basic messenger but not for us.
Crypviser implements a light weight blockchain client which stores all the headers, and syncs with the main nodes. This was a difficult challenge, delays were caused when the headers were synchronising, and delays when using an Instant Messaging App were not aceptable. Therefore we use the Graphene Blockchain where there are no delays.
Question: What is the crypto primitive used for key exchange?
Crypviser: We use Curve383187, SHA512 hash, Argon2 for password hash deriviation. For symmetric chiper we use the most reliable and fast stream SALSA20/20.
Question: You are using The Diffie Hellman protocol, correct?
Crypviser: The Diffie Hellman protocal has been used AS IS since the 1970’s. We have improved it with blockchain, by introducing a trustless decentralized public key exchange mechnism which Zimmermann was trying to do with WoT.
Question: Does Crypviser send the whole Public Key over a blockchain?
Crypvsier: No, only half of the PK is sent via Blockchain, the other half is exchanged peer to peer.
Question: Is Crypviser Open Source?
Crypviser: Crypviser runs on a business model. We have recieved no Grants or Government funding, we were born in the Cryptocurrency world. We understand that this can be an issue with some, however Crypviser, just like thousands of other companies in the world has trade secrets. We are a self finaced company and to stay independent we need a source of income. To be OpenSource would mean to ask our developers and other employees to work for free at times. We don’t look for big investors, for they might in-turn decided to change our business model, which is to offer Private, Secure, Anonymous Communication for everyone. We are also against any Government grants for that could pave the way for back doors being implemented into the software. Even RSA Security received 10 mln US$ from the NSA to insert a backdoor in Kernel pseudo random generator. No, we want to remain Private, though at some point in the future, yes we can see becoming an OpenSource software. However our nodes are open source and the authentication part the core modules are also possible to be open source.
Question: Isn’t it difficult to create trust among the users if you keep it proprietary?
Crypviser: We understand and can see this point of view, but this is а kind of stereotype. We are determined to make our business model successful by protecting users privacy. Where others are making money by stealing or selling users data, we want to be successful by protecting it.
Question: Is there a market for that?
Crypviser: We believe there is, we believe that there are people out there who are willing to pay a fee to have their communications kept Private, Anonymous, Secure, to ensure that no one else is listening in on their conversations, reading their messages, looking at their photos, etc. We will be known as the Company which has given back the right to privacy to the people.