Blockchain-Enabled End-to-End Encryption for Instant Messaging Applications
This addresses privacy concerns for messaging app users by reducing reliance on service providers, though it appears incremental as it builds on existing encryption methods.
The paper tackles vulnerabilities in current end-to-end encryption for messaging apps by proposing a blockchain-based framework that decentralizes key management, resulting in enhanced privacy without high costs.
In the era of social media and messaging applications, people are becoming increasingly aware of data privacy issues associated with such apps. Major messaging applications are moving towards end-to-end encryption (E2EE) to give their users the privacy they are demanding. However the current security mechanisms employed by different service providers are not unfeigned E2EE implementations, and are blended with many vulnerabilities. In the present scenario, the major part of the E2EE mechanism is controlled by the service provider's servers, and the decryption keys are stored by them in case of backup restoration. These shortcomings diminish the user's confidence in the privacy of their data while using these apps. A public Key infrastructure (PKI) mechanism can be used to circumvent some of these issues, but it comes with high monetary costs, which makes it impossible to roll out for millions of users. The paper proposes a blockchain-based E2EE framework that can mitigate the contemporary vulnerabilities in messaging applications. The user's device generates the public/private key pair during application installation, and asks its mobile network operator (MNO) to issue a digital certificate and store it on the blockchain. A user can fetch a certificate for another user from the chat server and communicate securely with them using a ratchet forward encryption mechanism.