Whisper, a Protocol You Can't Just Shh About

This post is intended for non-tech users who are trying to understand Ethereum and p2p networks on a deeper level but don't have the time or tech background to understand these geeky concepts. To feel more comfortable, you do need to know what blockchain and Ethereum is.

Why privacy matters?

People like talking and exchanging information probably even more than they like working. Communication is something that makes us who we are, and it's our right to make sure that our data is not exposed to the outside world and used against our will.

Apparently, this is not always the case and even if you've isolated yourself from TV and media, there's no way you haven't seen Snowden, The Great Hack or similar movies that reveal the actual truth.

Privacy matters, a lot but people tend to ignore it. By setting a weak password, clicking on spam email or leaving your laptop opened you put your personal data at risk. And there's nothing wrong with this simply because nobody teaches this at college, nor they mention it in our families. Hopefully with new technologies, such as blockchain, it's easier to achieve better privacy, so let's see how.

What is Whisper?

In simple words, Whisper is a secure way of communicating on Ethereum blockchain. It is a protocol. That means you can't open or play with it as an app or a game but you can build apps on top of it. The most used implementation of Whisper is a Status app, something most of the blockchain community has been familiar with for quite a while now.

What issues Whisper is trying to solve?

To understand the purpose behind Whisper design, we need to know the biggest vulnerabilities of existing communication systems. Typically, they include:

  • Centralized storage of keys and content. This probably goes to all of the software that is built on Web2.0 technology. Emails, tweets, posts, chat discussions are typically stored on one server. Apparently, modern techniques allow you to distribute the data between several repositories and make redundant backups but it's not always the case, thus you never know when your data can be gone for good.
  • An exposure of sender and recipient identities. Even if a hacker can't read the content of the messages, one knows for fact who are you communicating with and how often you do that. It's enough for performing social attacks that might involve people closest to you.
  • An exposure of metadata of each identity. Most of the time your mobile device sends lots of info about you from the app you give certain permissions to. Often metadata includes your location, contact list, camera, storage, etc. This is something you don't want other people to know just in case.

Whisper flow

Let's see how Whisper solves these problems and achieves a greater level of privacy.

Envelopes

First and foremost, all of the data is being transferred and stored over a decentralized network Ethereum. This is the second biggest blockchain after Bitcoin and has been used by dozens of companies and organizations in IT, finance, medicine, and even government.

Each Message sent over such a network will be sent to all nodes (aka servers or computers where the data is stored and processed) despite whether this node can read the Message or not. In case of a messenger, for instance, Whisper would send the Message to all of your friends, instead of the one you're talking to. I know it doesn't sound logical but this prevents revealing the identity of the receiver. Below you'll see how.

On top of that, all Messages are sent in packages that are called Envelopes. This helps to add extra info used to determine if the Message can and has to be read in the first place.

Messages

Apparently, it would be inconsiderate to send the Message body as plain text which is why it goes through encryption process. In plain words, encryption is nothing but a fancy word for transforming data into a non-readable way (e.g. instead of whisper you'll receive 0Anlj+xShwTAQdNOpqgLJzHlSYc7sCj3LJfTwhAfUiQ=). It is the most common way to secure sensitive data (passwords, bank details, etc.) to transfer it safely across any network.

Please hold on here, there's more. Encryption can be of two modes: symmetric and asymmetric. Both of them can be used in Whisper to encrypt the Message depending on whether the recipient of the Message was mentioned by the sender (please refer to the official Whisper spec for more details on that). It's important to notice however that asymmetric uses two keys (public and private), while symmetric encryption uses only one (private) to perform the encryption procedure.

To simplify it for you, you can think of public key as your login or email and private key as your password. Therefore, you can send your public key to other nodes in open Whisper channel because there's nothing worthwhile there but you must keep your private key to yourself and send it over secure channel only. This is a golden rule not only in blockchain but anywhere where you hear a phrase private key or any key in general.

Anyways, if sending involves encryption that makes the Message look sophisticated, then it would make a lot of sense that a reverse process would be applied before reading a Message. You would be totally right, this method is called decryption and can only be done by a node that has the appropriate private key to decrypt it.

Using encryption and decryption mechanisms we ensure that the Message we send out to everyone can be read only by node(s) that can decrypt this particular Message with its private key. I hope this should make more sense now. If you have a key which is basically your password, you can read the Message. If you don't, it's a sure guess that it wasn't addressed to you.

Topics

Both encryption and decryption are very heavy computational tasks, thus they take time. And knowing that each of the nodes has to receive the Envelopes and decrypt them, it makes it even more expensive and time-consuming.

To prevent such delay and unnecessary work, some great minds introduced Topics. Instead of blindly sending Envelopes to everyone, you add special Topic in the header of the Envelope that contains a hint for the type of key to decrypt the Message (symmetric or asymmetric), as well as the code phrase or hashtag that the recipient node has to subscribe to.

In this case, only the node that listens to the selected topic will receive the Message. Otherwise, it will assume that the Topic collision occurred. It's important not to use any part of your public, nor your private key in your topic to prevent any form of attack.

Filters

In order to subscribe to certain Topics, you can use Whisper API. It will allow setting an array of these, as well as the sender and recipient addresses and your agreement or disagreement on accepting messages from trusted nodes (a node you communicate with often and can reply on its reputation). To do all of this work you will use the last concept in today's new vocabulary, Filters. It's similar to how you set filters while looking for products on Amazon or Alibaba.

There's also one more thing, each Whisper node needs to set up a Proof of Work criteria which is a number below which an Envelope won't be accepted at all. Proof of Work (PoW) in this context is a small task that a sender node needs to accomplish before broadcasting anything to the network. This prevents spam and reduces the burden on the network. PoW is also used as one of the metrics that determine the rating of each Message, along with its size and the time of life of this particular Message.

With the current design model, it's quite a challenge to build a real-time messaging system that can fulfill the needs of billions. However gradually as the protocol evolves and scaling solutions arise, we'll be able to compete with existing communication protocols.