ERC-7627: Secure Messaging Protocol

End-to-end encryption for sending messages between users.


Metadata
Status: ReviewStandards Track: ERCCreated: 2024-02-19
Authors
Chen Liaoyuan (@chenly) (cly@kip.pro)

Abstract


This proposal implements the capability to securely exchange encrypted messages on-chain. Users can register their public keys and encryption algorithms by registration and subsequently send encrypted messages to other users using their addresses. The interface also includes enumerations for public key algorithms and a structure for user information to support various encryption algorithms and user information management.

Motivation


With the emergence of Layer 2 chains featuring sub-second block times and the introduction of account abstraction, the use of end-to-end encrypted communication has facilitated the proliferation of real-time communication and online chat dApps. Providing a unified interface enables easy integration of encrypted communication into smart contracts, thereby fostering innovation. Standardization promotes interoperability, facilitating seamless communication across platforms.

Specification


Objectives

  • Provide a standardized interface for implementing messaging systems in smart contracts, including user registration and message sending functionalities.
  • Enhance flexibility and scalability for messaging systems by defining enumerations for public key algorithms and a structure for user information.
  • Define events for tracking message sending to enhance the observability and auditability of the contract.
  • Using a custom sessionId allows messages to be organized into a conversation.
  • Encrypt message content using the recipient's public key during message transmission.

Interface

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 and RFC 8174.

Implementers of this standard MUST have all of the following functions:


Rationale


Event Emission for Off-Chain Integration

By emitting events when messages are sent or public keys are updated, the implementation facilitates seamless integration with off-chain dApps. This enables these dApps to easily track and display the latest messages and updates, ensuring real-time responsiveness and enhancing user interaction.

End-to-End Encryption Security

The design ensures that only the owner of an address can update their public key. This restriction preserves the integrity of the end-to-end encryption, making sure that only the intended recipient can decrypt and read the messages, thereby securing communication.

Session ID for Conversation Organization

The use of session IDs in message transactions allows multiple messages to be grouped under specific conversations. This feature is crucial for organizing and managing discussions within a dApp, providing users with a coherent and structured messaging experience.

Reference Implementation



Security Considerations


Utilization of Latest Secure Encryption Algorithms

When selecting encryption algorithms, it is essential to stay informed about the latest security news and recommendations. Avoid using asymmetric encryption algorithms with known vulnerabilities or those not recommended to ensure the confidentiality and integrity of messages. Regularly update encryption algorithms to address evolving security threats.

Strict Encryption Using Public Keys for Message Content

To maintain message confidentiality, the content of sent messages must be strictly encrypted using the recipient's public key. Any plaintext information transmitted could lead to information leakage and security risks. Encrypt message content at all times during transmission and storage to prevent unauthorized access to sensitive information.

Key Management and Protection

Robust key management and protection measures are necessary for both user public and private keys. Ensure secure storage and transmission of keys to prevent leakage and tampering. Employ multi-factor authentication and key rotation strategies to enhance key security and regularly assess key management processes to mitigate potential security risks.

Copyright


Copyright and related rights waived via CC0