Scout: Securely Locate Peers Without Central Servers

As part of our encrypted messaging application Bleep, we wanted to make it possible for peers to locate each other securely using only the BitTorrent distributed hash table (DHT). To support this we added some DHT extensions which we’re now open sourcing under the name Scout. Scout is useful for applications where small groups of mutually trusted peers want to stay in contact with each other.

Scout uses the DHT to provide secure storage which is indexed using a shared secret. Scout derives a symmetric encryption key and a public/private key pair from the shared secret. Stored items are encrypted with the symmetric key and signed by the private key, so only peers who possess the secret can read or write information related to it. Scout has a separate API which allows strings to be stored indexed by their secure hash, so the DHT can be used as a shared storage medium. There is currently a limit of 1000 bytes total for data stored in the DHT, and the default implementation is to keep data for two hours. It is expected that DHT storage will be used for IP addresses, cryptographic key material, and other small pieces of information which can be used as an entry points for further communication.

In Bleep, peers all have public keys and find their shared secret with another peer by doing a Diffie-Hellman key exchange. The peer then uses Scout to read the corresponding data from the DHT, parses it to a list of IP addresses for the contact’s devices, appends the client’s own IP to the list, and Scout writes it back to the DHT. This allows a single Bleep client to be logged in with several devices at once. To send messages offline Bleep uses Scout’s index by secure hash storage and keeps the messages as a linked list of immutable data. The head of the linked list is stored in the mutable shared data along with the contact information of both peers.

For convenience, Scout provides the functions Bleep uses to generate shared secrets using public/private key pairs and Diffie-Hellman key exchange. Scout also includes a complete BitTorrent DHT implementation with a high level wrapper so that you do not need to worry about the intricacies of setting up and running a DHT node. See the readme in the github repository for detailed usage instructions.

 Related Posts: