GroupFi
  • Introduction
    • Group overview
    • Chat
  • GroupFi Chatbox Integration Guide
    • Group registration
    • Chatbox configuration
    • Technical document
  • GroupFi Chatbox User Guide
    • Access GroupFi chatbox
    • Mint your web3 name NFT
    • Join or leave a group
    • Subscribe to a group
    • My reputation in the group
    • Group status and vote
  • Use Cases
    • Web3 Marketing
    • DeFi
    • NFTs
    • Gaming
    • AI
  • Roadmap
  • Security
  • Partnership
  • Ambassador Program
  • Brand Assets
  • Official Links
  • Contact Us
  • Related Articles
    • Boosting dApp Retention with Web3 Chat: Why GroupFi is the Ultimate Solution
    • The Importance of Real-Time Communication in Web3 Ecosystems
    • How Web3 Chat is Revolutionizing dApp User Engagement
    • How Web3 Chat Can Accelerate Web3 Adoption
    • Building the Next Killer dApp with GroupFi’s Web3 Chat Protocol
Powered by GitBook
On this page

Security

PreviousRoadmapNextPartnership

Last updated 10 months ago

We ensure that GroupFi is fully decentralized and, most importantly, safe to use. Here's why:

Open source:

Both the GroupFi protocol and trollbox are open-source. You can always verify our code on GitHub and raise your questions and concerns there.

Data encrpytion

Given identity Px, who owns NFTs under collection NCy together with a group of identities PA= {P1, P2, P3, … Pn}, Px can share messages with PA with the following steps.

Shared

  1. Topic/Group discovery

Given the list of current owned NFTs for Px, show the virtual group for each NFT collection.For each collection, show preview of the very recent message.Hide collections without messages.

  1. Group membership discovery

Given the NFT collection, locate the current identities (addresses) of owners, as {P1, …, Pn} with {{PubKey1, PriKey1}, … {PubKeyn, PriKeyn}} as their crypto keys. Sender

  1. Message m provided by Px

  2. Data encryption key preparation.

An encryption key Ks is randomly generated by Px.

  1. Message payload construction a. Payload_PartA = {schema_version, type, recipients_count} b. Payload_PartB = [(P1, encrypt(Ks, PubKey1)), …, (Pn, encrypt(Ks, PubKeyn))] c. Payload_PartC = encrypt(Ks, m) d. Payload=Payload_PartA+PayloadPartB+PayloadPartC

  2. Message is posted to crypto network a. sign by Px b. tagged with {magic_prefix, unique-nft-collection-id}

Receiver

  1. Subscribe to events a. Listen to messages with {magic_prefix, unique-nft-collection-id} tag

  2. Decrypt message a. Locate (Px, encrypt(Ks, PubKeyx)) and decrypt Ks with PriKeyx b. Decrypt encrypt(Ks, m) with Ks

SDK Security:

The primary security goals of our open-source Web3 messaging protocol SDK include confidentiality, integrity, availability, authentication, and non-repudiation.

Our protocol aims to ensure that all messages are securely encrypted, properly authenticated, and tamper-proof, providing users with a secure and reliable messaging experience. Identified potential threats include man-in-the-middle attacks, data breaches, denial-of-service attacks, unauthorized access, and on-chain data retrieval vulnerabilities. Accordingly, we mitigate these threats through robust cryptographic techniques and secure coding practices.

Compared to existing Web2 solutions replying on centralized servers, our protocol offers a higher level of security of privacy by leveraging blockchain technology such that no single entity can control or access the communications. We are committed to continuous improvement and are exploring additional features such as quantum-resistant cryptography and more advanced privacy-preserving techniques to further enhance the security and resilience of our protocol.

The in GroupFi are formed using inmutable on-chain data only, such as token holdings and NFT ownership. Messages in the private groups are directionally encrypted, and can only be decrpted by the members in the group. Here are the details:

groups
GitHub - TanglePay/GroupFi-ChatboxGitHub
Logo
Image Source: Freepik