The Port Protocol - Version 1
Introduction
This document outlines the basis of the first version of the Port Protocol which forms the basis of communication over “Port, by Numberless”, a messaging app that allows connections to form without users having to share any persistent unique identifiers (email addresses, phone numbers or usernames).
The Port Protocol is used to form authenticated connections in Port using the flagship connection instrument, a Port.
Goals of the protocol
Parties
There are 3 parties to the Port protocol
Alice: the initiator
Bob: the peer to connect with Alice, also known as the connector
Server: Port servers, a glorified relay mechanism
Eve: an adversary trying to impersonate Alice or Bob
Initiating the protocol
Initiating the protocol begins with Alice choosing to create and share a Port with Bob.
Alice requests the server to issue her a "link". This is a token she can share with someone. On the server, this link is associated with Alice for later use.
Finalizing the Port and sharing it
Alice now needs to generate some metadata and share it with Bob.
Alice generates an x25519 keypair, pr_key_a, pub_key_a
Alice generates a high-entropy random number called the Random Authentication Data (RAD), rad_1
Alice then shares {link_1, rad_1, pub_key_a} with Bob out of band through some secure channel, for example by scanning a QR code containing this in person.
At this point, from Bob's perspective, goal 3b is met.
Bob gets the server involved
Bob can not consent to forming a connection with Alive by using the Port. Bob begins by constructing an introductory message for Alice
Bob generates an x25519 key pair, pr_key_b, pub_key_b
Bob mixes pr_key_b with pub_key_a to get (not yet) shared secret, ss_1
Bob encrypts rad_1 with ss_1 using AES-CBC to get ct_1
Bob now submits {ct_1, pub_key_b, link_1} to the server and is issued a routing id, line_1. This routing id represents a line of communication through the server between Alice and Bob.
The server forwards {ct_1, line_1, link_1, pub_key_b} to Alice and subsequently "forgets" link_1. The server forgetting link_1 is not essential to the security (including replay prevention) of the Port protocol, it only helps provide earlier feedback preventing re-use of previously consumed Ports.
During the computation of ss_1, Bob also achieved goal 3a.
Alice catches up
Alice begins authenticating the data she's received as belonging to Bob.
Alice combines pr_key_a with pub_key_b to get ss_2
She decrypts ct_1 with ss_2 to get rad_2
rad_2 = rad_1 ⇒ ss_2 = ss_1 ∧ pub_key_b belongs to Bob, the only person beside Alice who knows rad_1
You may notice that this is a twist on AEAD where a known encrypted secret is used to verify the authenticity of the sender.
At this point Alice meets goals 3a abd 3b.
Everyone cleans up
To prevent a replay attack, Alice "forgets" all data associated with the Port and only remembers {line_1, ss_1, pub_key_b, pr_key_a}. Bob does the same and only remembers {line_1, ss_1, pub_key_a, pr_key_b}
If the Port is discovered at a later point by an adversary, Alice will not accept any new connections since link_1 and rad_1 no longer mean anything to her.
MITM prevention and Goal 2
If the server becomes a bad actor who co-operates with Eve, Alice will reject connections from her while she impersonates Bob since only the real Bob possesses rad_1. If Eve impersonates Alice, Bob will have sufficient data constructed directly with Alice out-of-band (pub_key_a and ss_1) to reject future messages from Eve pretending to be Alice. This comes under the purview of YAP, not the Port protocol.
Sharing of sensitive data
The primary goal of Port, and hence the protocol is to prevent the need to share sensitive personal identifiers with peers. You will notice that to achieve goals 2, 3a and 3b only ephemeral, non-identifying data was shared between Alice and Bob. As such, goal 1 is met and the Port protocol has been successfully executed.
Sending encrypted messages
Alice, bob and a cooperative server can now send messages back and forth. If Alice of bob submit {message, line_1} to the server, it can calculate the counter-party and route message to them.
Encryption of messages is beyond the scope of the Port protocol, however, Port uses the YAP, Yet Another Protocol to encrypt messages using the keys and secrets that are authenticated by this protocol.
