Today, most of our communications are conducted online using messaging applications on smartphones and computers. But it is becoming more and more difficult for our messages to remain private and secure, which is why business users and consumers are now turning to encrypted messaging. The encrypted communication application Signal is the leader in end-to-end encrypted communication software.
Signal encrypted communication software
Millions of people around the world use Signal every day for free instant messaging. Send and receive trusted messages, make high-definition video and voice calls, allowing people to stay connected at any time. With Signal’s continuous advanced privacy protection technology, you can concentrate on sharing important moments with people important to you. So what are the technical implementations of Signal (based on server version 3.21)?
Communication is based on WebSocket protocol
First of all, let me talk about the advantages of using WebSocket communication:
- The true full-duplex mode. The client and server are completely equal after the connection is established and can actively make requests to each other. Traditionally this connection is based on HTTP, in which the client initiates a request to the server.
- Reduce the amount of communication. As long as the WebSocket connection is established, the connection will be maintained, and messages can be continuously transmitted during this period until the connection is closed. This avoids the non-state nature of HTTP. Compared with HTTP, not only is the total overhead of each connection is reduced, but also the amount of information in the header of a WebSocket connection is also small, reducing the amount of communication.
- Reduce resource consumption. The program we use has to go through two layers of proxies, that is, the HTTP protocol is parsed by servers such as Nginx, and then transmitted to the corresponding Handler (i.e. PHP). Simply put, we have a very fast Operator (Nginx) who is responsible for forwarding to the corresponding Handler. The Operator is plenty fast but gets stuck with the Handler, which has a much slower processing speed. WebSocket solves such a problem, allowing you to establish a persistent connection with the Operator. When there is information, the Handler will find a way to notify the Operator, and then the operator will pass it on to the customer. This solves the problem of the slow processing speed of the Handler.
Signal encrypted communication software is based on the WebSocket protocol to realize end-to-end communication. The client only needs to establish a long connection with the server, and can then receive and send messages in real-time. Instead of the traditional HTTP request-response mode, the server just plays the role of forwarding messages.
No processing is done on the message, the delay of the message is greatly reduced, and the real-time nature of the message is guaranteed.
Using Protocol Buffer serialization method
Protocol Buffer, like XML and JSON, are both tools for serializing structured data, but their data formats are quite different:
- First, the data obtained after Protocol Buffer serialization is not a readable string, but a binary stream
- Secondly, the data information in XML and JSON format is included in the serialized data, and no other information is needed to restore the data after serialization. But to use Protocol Buffer, you need to define the data format (.proto protocol file) in advance and restore the serialized data using this defined data format.
- Finally, in scenarios where the amount of data to be transmitted is large, using Protocol Buffer is smaller (3 to 10 times) and faster than XML and JSON (20 to 100 times). It can be used across platforms and is easier to use and maintain.
The Signal encrypted communication software uses Protocol Buffer to realize the serialization and deserialization of data transmission between the Handler terminal and the service so that the transmission of data is smaller, faster, and more efficient.
Store offline messages temporarily
Signal realizes message forwarding through Redis publish/subscribe. In the process of publishing messages, there will inevitably be a situation where one end goes offline. In this case, publishing a message will fail. Signal will write the failed message to the Redis cache first, then temporarily store the message in the PostgreSQL database. When the user goes online again, the message will be read from the database and pushed to the user. After the message is pushed successfully, the data in the database will be deleted without any retention.
End-to-end encryption: X3DH key algorithm
The core of Signal is “Speak freely.” For Signal, privacy is not optional, but indispensable. Every message and every communication is important and its contents should be protected at all times. Signal uses the X3DH key agreement protocol to encrypt each session, ensuring that each message is private. Let’s use a simple scenario to introduce the DH key algorithm: Alice and Bob want to share a key in an insecure channel, to create a secure channel. The key, which can be used for other subsequent operations, is only known to Alice and Bob, and cannot be known to a third party. A simple method is that the whole world knows a value P=100. Alice generates a random value of 5 (private key), then multiplies it by P, and then sends Pa = 500 to Bob; Similarly, Bob generates a random value of 6 (private key), then multiplies it by P, and then sends Pb = 600 to Alice.
Thus, Alice has 100, 5, and 600, and Bob has 100, 6, 500.
Alice calculates: Random value 5 (own private key) * 600 (other’spublic key) = 3000
Bob calculates: random value 6 (own private key) * 500 (other’s public key) = 3000
In this way, Alice and Bob share a value s=3000 (public key), and both parties use s to encrypt the message, then use their own random values (Private key) for decryption. This is a simple application scenario of the DH key algorithm. The X3DH key algorithm used by Signal is based on the DH key algorithm. The key algorithm is derived from the EC-DH algorithm, which is more secure.
For those of you who are interested in the X3DH key agreement protocol, you can read more about it in the official Signal document: The X3DH Key Agreement Protocol. Alternatively, I’d like to recommend an article written by my colleague How does the Signal Protocol achieve end-to-end encrypted communication?
Problems with Signal
Because all end-to-end communication of Signal is forwarding messages via the server, this involves immense pressure on the server.
An example scenario:
There is a high-speed passage S from point A to point B. All cars pass through this highway from point A to point B. When the traffic volume increases, a single lane can no longer meet our traffic demand. At this time, we must widen our lanes and turn a single lane into a two-lane.
As the traffic volume continues to increase, gradually the dual-lane cannot meet the traffic demand, so the dual-lane is widened to four-lane and eight-lane.
Although widening lanes can temporarily solve the problem of increased traffic volume, it will reach a critical point one day.
The server is like our one-lane road. As the number of users increases, we have to increase the number of servers to support our services. While increasing the number of servers, we also make them bigger and bigger.
Signal’s server is not only used for message forwarding but also does other work. If one day the server goes down like January 2021, it means all services handled by that machine are unavailable.
Is Signal’s phone number login really private?
Signal’s registration and login are simple and fast. You can log in to Signal by using your mobile phone + verification code to start a private chat. But, is it really private for Signal to log in with a phone number?
The registration information of Signal’s group members, including mobile phone numbers, will be displayed and the phone’s address book will be displayed in the contact interface. For many countries, real-name phone numbers have been implemented, and each phone number corresponds to a real person. If I want to know, “Is my friend registered with Signal?” I just search for his phone number in the contact interface. Is this privacy enough? For those who are interested and have enough determination, it is not difficult to find the true information of a person through a phone number.
Coming encrypted communication software
First, let’s compare the similarities and differences between Signal and Coming.
As can be seen from the table, there are two big differences between Coming and Signal:
1. Dependence on the server: Coming will use WebSocket communication method like Signal in the early stage, but will add SMS communication mode in a later stage, allowing users to freely switch between the two communication modes, reducing reliance on the server, even if the server is offline due to issues. After that, communication can still be carried out with true end-to-end encrypted communication.
2. Support for BTC: Coming supports payments in multiple currencies. The biggest difference from Signal is that Coming supports payments in BTC.
Coming uses the public and private key pair on the chain to log in, instead of using the phone number + verification code. It is truly decentralized.
We are committed to making Coming a decentralized, server-reliant end-to-end encrypted communication platform that supports payment in multiple currencies including BTC.
Coming, an encrypted messaging app with digital asset transfer function. Our communication module is built on the end-to-end encryption protocol to ensure the privacy of communication , and the transfer module will use X-BTC (BTC after cross-chain) as the circulating currency in the system with extremely low transaction fee.