Please login or register.

MoneroMail, private messaging extension for Monero

Update: Someone has wisely recommended renaming this project to "MoneroPosto" in keeping with Monero's Esperanto leitmotif.

What

A private mailing application could be created utilizing Monero, couldn't it? It might work as follows

Important note: - Alternatives utilizing payloads and range proofs have been proposed by community members; these alternatives seem to be better solutions, thus we might use one of them instead of the original method I describe below).

  1. Alice wants to send a private message to Bob.

  2. Bob and Alice already have each others' public wallet addresses (and thus they can easily derive each others' public spend keys).

  3. Alice writes an ASCII message M that she wishes to send to Bob. M is also the concatenation of k substrings, IOW M = M_1 + M_2 + ... + M_k

  4. Let A_sign(x) mean "the result of Alice signing x with her private spend key".

  5. Let B_crypt(y) mean "the result of encrypting y using Bob's public spend key"

  6. Then for each i in [1..k], let PrivMsgChunk_i = B_crypt(A_sign(M_i)).

  7. We chose k large enough such that each PrivMsgChunk_i is small enough to fit in a payment ID.

  8. Alice stores an alphanumeric timestamp in variable A_Time

  9. Alice sends k transactions T_1, ... T_k to Bob, where the payment ID of T_i is (letting '+' denote concatenation) "MAIL" + PrivMsgChunk_i + A_Time + i, where i is just the integer index.

  10. Bob receives the transactions, extracts PrivMsgChunk_i, A_Time, and i from each payment ID, decrypts and verifies each PrivMsgChunk_i (yielding M_i), then arranges the message chunks according to i, yielding Alice's message M!

    • Note: The purpose of A_Time is to indicate that all "MAIL" transactions with that exact timestamp are part of the same message.

Notes from /u/gingeropolous:

I know various mail ideas have been discussed. apparently you can pack a message in the range proof of a ringct transaction. it could also be possibl to attach payloads to transactions that arent included in the blockchain

Notes from /u/knaccc

The best place to put messages is the range proof, and this storage is effectively free (if you're making a transaction anyway) because a range proof has to exist for each output. The payload that the range proof can carry will be automatically encrypted using the shared secret. Luigi is working on a new, more compact range proof. Therefore if you spend time adapting the current range proof to carry data, you might incur some wasted effort. It would be therefore worth dropping luigi1111 a message on IRC to coordinate. I'd imagine that after the range proof is adapted to carry an encrypted payload, all Monero wallets will allow for a freeform text area which will accompany each transaction. It will be able to contain a message, a payment ID, JSON text, whatever you want. It'd be about 1800 characters, and it would not add to the cost of a transaction. It'd also not make the transaction stand out on the blockchain, which it would if you'd put the message in the txextra.

Scope

  • Either a separate command line monero-mail utility or we build it as an extension of monero-wallet-cli, pending feedback.
  • GUI integration
  • An included "contacts list" allowing users to add/remove nicknames and their associated XMR addresses.

Motivation

It seems that this is something only Monero can do, e.g. Bitcoin could encrypt a message and send from Alice's address to Bob's, but even if eavesdroppers cannot read the encrypted message contents they still see that Alice is sending mails to Bob. That in itself is a violation of Alice & Bob's privacy.

Who

  • Riiume - A senior software developer with a bachelor's in pure mathematics from MIT (see signatures); creator of the "Monero Tracking Challenge" and the tool (from before Segwit was locked in) SegwitPoolsData.

  • Possibly other devs who express a commitment to work on the project.

Amount

Tentative estimate: 50 XMR

Sigs:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This is [email protected] = /u/riiume = [email protected]
Email me to confirm.
PGP fingerprint: 394CCBC67B0EC0AA519AB6E62C2EBB579DD637C8
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZjZgEAAoJECXDNTkzG2QGaRsIAJzp6vPWweInTklSs72aoKMU
ftk87SHNK2V0VbvevH1jwowDwE1MbSe8XD3F+ZT34ljUcz2Ar1D4MZVpNpIos2D0
rAHeRL5iGmUFhl6QxiiJXnm0u4Ok1KsDBZXRZjOQtmxaE1PlZpE7lhByKYEZAGGZ
TNEfNkrbifLuImN2kkoFlQ+mHvpiXk3Ydj0mTAC/3+kBTCOUEV81VXSyrl7oYCeR
u69FqWesdBbW2Bx7J+SX6Wm/Q5tdVFLyit0qfatG4b7qEg6w1hwC6CwxoP0KKk4y
sTOBpfQxQ+ANwLejgvD6iSHHNsmy7Gn65kj96BWMQkduv3ACczqkQgn8ju+XIhw=
=pjgS
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

MoneroMail proposal, 2017/08/11 04:14 UTC
This is /u/riiume ([email protected])
PGP fingerprint: 394CCBC67B0EC0AA519AB6E62C2EBB579DD637C8
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZjS9EAAoJECwuu1ed1jfIqT0IAK5PiNmZa0WlowRMGAuPcAGI
8eJzn7N2EiYXVJwzCTL2vHiqL+1ug7aK3PcwQ4bL8WrtC46gPboDupdT+C3JuP7I
UyYc5Y1ihlPHwMUPacWuddh/KX9YZWe61bhFjgUQxZfNVIGegxGVrlu7JcmEmwuW
LkHvR8Ud+HpBUT34LFxqnXZrDWzviNN6s6olQ8ntKA7WIZxXFI5tLw+rWdPkHFZu
84i+aCnGfEhAB7a2Nw82Af9s22g4zmp8AJBE6rS10DGnkm9tuh/CI2qgZWGFJAoI
1oe1TV25eyAvfSI+1cMfIVp56jhx7EF5tGuEtkQvOu25mNUzSwMF0EufIXSDiu4=
=KHZ+
-----END PGP SIGNATURE-----

Additional Discussions

Replies: 1
etam edited 1 month ago Weight: 380 | Link [ - ]

Hi, I'm interested in having a closer look at this topic.

> Luigi is working on a new, more compact range proof.

What's the status? Is it already described in chapter 4.4 of "Zero to Monero" v1.0.0?

Edit: I just learned about bulletproofs. How does that affect the proposal?