6 Privacy Approaches: An Insight Into The Decentralized Encrypted Sid Security Concept

Sid Secure Team Messenger Privacy Concept

The concept of the Sid protocol is that private communication data, sensitive or not, only belongs to the users eyes and should always be transferred with high security standards directly to the communication partners. In cases where data is stored on servers, for offline delivery or for backup purposes, all data is always stored in encrypted form which can only be decrypted by the sender and designated recipient of the data, holding their secure keys on their own devices.

Conceptual Approach 1: Zero Knowledge

We can truly assure that we can not read, analyze or alter any of your data that is transferred or stored within the Sid messaging system. We will soon publish more information about the technology behind Sid and we plan to open our protocol and core sources for review and audit.

Conceptual Approach 2: End-to-End Encryption

With common secure web solutions only the connection from your device to the server is encrypted, using the so called 'Secure Hyper Text Transfer Protocol' (https). On the server side, the transferred data is available in clear text, so at least the provider of the service and to the provider of the web servers (the 'cloud') or any other party which has access to this cloud system can potentially read the stored messages.

Additionally the https protocol is known for weaknesses in the use of untrusted and forged certificates [1] and has design weaknesses by supporting to many encryption standards in parallel, some of them are outdated and have know security issues [2], [3] which already makes the transfer of your data to the cloud more or less reliable.

Sid's end-to-end encryption is in stark contrast to this: The complete transfer chain is encoded with a trusted strong encryption so only the communication partners with the corresponding keys can decrypt and read their sent data.

Conceptual Approach 3: Encryption Implementation using secure open standards

A common pitfall for encryption is the use of weak random number generators, as they are the nuts and bolts of any encryption system. Sid uses its own random number generator implementation based on the Whirlpool512 hash with a 4096 bit entropy pool.

All secret keys are generated with Sids strong random number generator directly on your device. Your secret keys are stored on your devices only and are distributed through secure channels among your devices.

These secret keys are also used for authentication and as signatures for contacts, group members and devices so that only if the signature of your communication partner matches, received data is accepted. This ensures that you can rely on only communicating with your trusted contacts.

Whenever keys are exchanged between communication partners, asymmetric key exchange is used. Sid uses Curve25519 elliptic curve for all key exchanges, where the secret keys for each communication end-point is unique.

For all stream/transfer encryption Sid uses Salsa20 from renowned cryptographer Daniel J. Bernstein, who is also the creator of Curve25519. For the implementation of Curve25519 and Salsa20 algorithm the unmodified and audited C reference implementations are used.

Stream encryption is always in place and can not be turned off.

Conceptual Approach 4: Peer-to-Peer File Transfer

Sid enables peer-to-peer transfer when sending files of any kind like images, photos, documents and videos of any size. The file is send directly from the senders device to the recipient devices, in case of group and multi client transfers all devices act as sender to backup the network availability. When data is exchanged between devices within a local network, like in an office situation, the data is transferred at highest speed possible, circumventing the bottleneck of the upstream speed and capabilities of the internet connection.

Additionally to this speed increase the most direct network connection also represents a security advantage for the transferred data as it is taking the most direct route. Using Sid means that in many cases your transferred data does not have to leave your local or office network.

Conceptual Approach 5: The Sid Address

Most common communication solutions use a signup process that expect the entry of private data like your email address or your telephone number. Sid is different. Setting up Sid only takes seconds and Sid can be used completely without the indication of any private data. For that Sid has its own address scheme, the so called Sid Address which is formed by the given username and appended with an Asterisk (*) and a 5 digit unique number.

This means that your favorite username is always available and you keep full control over who you make contact with for communication: This prevents SPAM before it is happening.

Conceptual Approach 6: Code Reviews

We will soon publish more information about the technology behind Sid and we plan to open our protocol and core sources for review and audit. In case you are interested to do a review of our source or need more information please don't hesitate to write us at security@sid.co or make contact to sid*01134.