Re-Establishable Group End-to-End Encryption with Post-Compromise Security
End-to-end encryption has become a de facto standard in messengers, especially after the outbreak of the highly secure messaging protocol – Signal. However, this high adoption of secure end-to-end communications has been limited to messengers, and has not yet seen a noticeable trace in social network platforms, despite the increase in users’ privacy violations. The Stick protocol is an end-to-end encryption protocol, based on the Signal protocol, specifically designed for social networks. The Stick protocol supports re-establishable "many-to-many" encryption sessions in an asynchronous and multi-device setting while preserving forward secrecy and introducing backward secrecy. Performance evaluation of the Stick protocol shows that it causes no noticeable compromise on usability or performance. The Stick protocol's scientific foundation is 📄 published in IEEE for those interested in the project’s technical and research motivations.
Stick is the protocol used in Sticknet - a secure social storage platform.
Click here for technical documentation of the Stick protocol.
Click here for usage documentation of the Stick protocol.
The Stick protocol was implemented to be a superset to the Signal protocol making the Stick protocol logic external to the Signal protocol. This allows the Signal protocol to be used in parallel with the Stick protocol, from just the Stick protocol library. The stick protocol was implemented to be a fully comprehensive Android and iOS library (rather than just a Java and C library) which can be simply dropped into a social network application, and provide E2EE using re-establishable "sticky sessions", with as low development overhead as possible. The Stick protocol implementation is composed of 4 libraries:
- Android Library (Gradle Package)
- iOS Library (CocoaPod Framework)
- Server Library (PIP Package)
- Client Handlers Library (NPM Package)
The Android library and the iOS library are the 2 main libraries of the Stick protocol. They have most of the logic needed on the client-side. There is also a server library for the Stick protocol in Python. In addition, there is a client handlers library in JavaScript which contains common handler methods needed for the Stick protocol client-side.
Gradle:
dependencies {
implementation 'com.github.sticknet:stick-protocol:+'
}The main StickProtocol java class file has usage documentation as well. It includes all the methods that you would need.
Check iOS installation guide.
The main StickProtocol Swift class file has usage documentation. It includes all the methods that you would need.
This is a server library for the Stick protocol in Python for Django. If you have a Django server you can use this library. If not, you can easily implement your own. The main StickProtocol python class includes full usage documentation needed on the server.
pip3 install stick-protocol-server
The Stick protocol implementation features a client handlers library in JavaScript. It contains common handler methods needed for the Stick protocol client-side. These handlers may differ from one application to another. A developer is free to write their own handlers. They can be implemented in any programming language. The main javascript class contains full usage documentation.
npm install stick-protocol-handlers
The Stick protocol has a set of verification tests that can be run to verify the correctness of the protocol.
These tests are written using Verifpal, a formal verification tool for cryptographic
protocols. The tests are located under FormalVerification directory. After installing the Verifpal tool, the tests
can be run as follows:
verifpal verify test_file.vp
Tests 01->04 are expected to pass, while test 05 is expected to fail.
Copyright © 2018-2024 Sticknet
Licensed under the GPLv3: http://www.gnu.org/licenses/gpl-3.0.html