[cryptography] TFC - instant messaging with endpoint security

Markus Ottela oottela at cs.helsinki.fi
Tue Oct 25 20:37:05 EDT 2016

Thought I'd share my three-year project with the community.


The tl;dr is TFC is an end-to-end encryption plugin for Pidgin IM client 
where the TCB is split and separated on two isolated computers behind 
unidirectional, data-diode enforced RS232 gateways. This configuration 
prevents infiltration of malware to transmitter computer and 
exfiltration of keys/pt from receiver computer. The networked computer 
running Pidgin never has access to private keys or plaintexts.

The cipher is XSalsa20-Poly1305, where the symmetric key is either 
pre-shared or exchanged with Curve25519 ECDHE. MACs provide deniable 
authentication and PBKDF2-HMAC-SHA256 provides per-message forward 
secrecy with hash-ratchet.

Key generation uses Linux kernel CSPRNG but also allows mixing in 
entropy from a HWRNG sampled by Raspberry Pi via GPIO natively or over 
SSH. (Both HWRNG and data diodes are free hardware design).

Group messaging is done by multi-casting messages to each recipient 
provided all members have exchanged a key pair for private messaging.

The last feature I'd like to highlight is trickle connection where user 
sends a constant stream of noise packets to recipient / group, inside 
which messages can be delivered. Files can be sent to recipient(s) in 
background during the conversation.

Written in Python, licensed under GPL. I hope you find it interesting.


More information about the cryptography mailing list