Photo by Priscilla Du Preez on Unsplash

There are many parts to becoming a web3 ninja. One of those building blocks is understanding public key cryptography. Now, I will be the first to admit that I am far from an expert on cryptography, or even the narrow subset of it called public key cryptography. If you want a deep dive on that, you won't find it here. That said, it helps to understand at least a little about it in order to understand the basics of blockchain and how decentralized systems work. Since a decentralized system doesn't have a centralized actor that everybody trusts to keep accounts safe, to tell the truth and ensure that others are telling the truth, whatever, web3 replaces that with strong cryptographic proofs that ensure that things are what they say they are. Public key cryptography is part of that in that it allows anybody to take a public key, which is just a long string of alphanumeric characters that happen to posess the magical, mathematical power to prove that one specific private key, another, longer string of alphanumeric characters, used some more mathematical magic to "sign" something. Furthermore, not only can anyone use a given public key to verify that the corresponding private key signed a given transaction, they can also encrypt any data or message with the public key so that only the holder of the the corresponding private key can decrypt and read the message/data. So, yay, now I've got a very cursory understanding of public key cryptography. So what?

So who cares about all this stuff? Setting aside PGP, TLS, and all of the modern Web 2.0 world that we live in that relies on public key cryptography to trust that people on the Internet are who say they say they are and that it really is only you and me and whoever else is on our Whatsapp group who can read these messages (until recently anyway), you and I can build some pretty neat things with public key cryptography, like the ability to send inside jokes to each other that only live as long as we keep a browser window open and that hopefully nobody apart from us can trace or even know who sent it to who. Never say never as there are no guarantees in life, but thanks to Web3, I believe I've managed to build a reasonably untraceable, encrypted chat app that isn't far removed from burner phones in how it works. And, it has reasonably funny robot faces.

Inside Joke is a very simple web app I built that leverages libp2p to generate ephemeral libp2p nodes in browser that connect via a webRTC star server after exchanging public keys via QR code and then allow you to send encrypted messages back and forth in a reasonably decentralized manner.

As noted above, we're using libp2p to make all this work under the hood. Basically, here's what happens:

1. When you first start the app, it creates a libp2p node that generates a 1024 bit RSA key pair and then connects to one of the two Protocol Labs sponsored STAR servers which are used as an initial connection point for the two browsers. This is admittedly not really decentralized but it's the only realistic option at the type I built this app to get us started. Read more about how that works here

2. Once the two nodes make initial contact, we're creating a custom protocol to create a bidirectional connection that's loosely based on the canonical libp2p chat example.

3. To encrypt and decrypt messages, I'm using the cryptographic primitives exposed by libp2p-crypto to encrypt and decrypt the messages passed back and forth as obnoxiously long hexadecimal strings.

4. Most importantly, the app lets you know when the other person is talking by showing something equivalent to the bouncing ellipses in iMessage when someone is typing back to you (though admittedly the Skeleton component from Chakra-UI is a little less impressive than bouncing ellipses)

Addendum: If you're wondering about those funny robot faces, they are programmatically generated based on a hash of your public key, using this library

So, joke away!

Photo by Priscilla Du Preez on Unsplash

There are many parts to becoming a web3 ninja. One of those building blocks is understanding public key cryptography. Now, I will be the first to admit that I am far from an expert on cryptography, or even the narrow subset of it called public key cryptography. If you want a deep dive on that, you won't find it here. That said, it helps to understand at least a little about it in order to understand the basics of blockchain and how decentralized systems work. Since a decentralized system doesn't have a centralized actor that everybody trusts to keep accounts safe, to tell the truth and ensure that others are telling the truth, whatever, web3 replaces that with strong cryptographic proofs that ensure that things are what they say they are. Public key cryptography is part of that in that it allows anybody to take a public key, which is just a long string of alphanumeric characters that happen to posess the magical, mathematical power to prove that one specific private key, another, longer string of alphanumeric characters, used some more mathematical magic to "sign" something. Furthermore, not only can anyone use a given public key to verify that the corresponding private key signed a given transaction, they can also encrypt any data or message with the public key so that only the holder of the the corresponding private key can decrypt and read the message/data. So, yay, now I've got a very cursory understanding of public key cryptography. So what?

So who cares about all this stuff? Setting aside PGP, TLS, and all of the modern Web 2.0 world that we live in that relies on public key cryptography to trust that people on the Internet are who say they say they are and that it really is only you and me and whoever else is on our Whatsapp group who can read these messages (until recently anyway), you and I can build some pretty neat things with public key cryptography, like the ability to send inside jokes to each other that only live as long as we keep a browser window open and that hopefully nobody apart from us can trace or even know who sent it to who. Never say never as there are no guarantees in life, but thanks to Web3, I believe I've managed to build a reasonably untraceable, encrypted chat app that isn't far removed from burner phones in how it works. And, it has reasonably funny robot faces.

Inside Joke is a very simple web app I built that leverages libp2p to generate ephemeral libp2p nodes in browser that connect via a webRTC star server after exchanging public keys via QR code and then allow you to send encrypted messages back and forth in a reasonably decentralized manner.

As noted above, we're using libp2p to make all this work under the hood. Basically, here's what happens:

1. When you first start the app, it creates a libp2p node that generates a 1024 bit RSA key pair and then connects to one of the two Protocol Labs sponsored STAR servers which are used as an initial connection point for the two browsers. This is admittedly not really decentralized but it's the only realistic option at the type I built this app to get us started. Read more about how that works here

2. Once the two nodes make initial contact, we're creating a custom protocol to create a bidirectional connection that's loosely based on the canonical libp2p chat example.

3. To encrypt and decrypt messages, I'm using the cryptographic primitives exposed by libp2p-crypto to encrypt and decrypt the messages passed back and forth as obnoxiously long hexadecimal strings.

4. Most importantly, the app lets you know when the other person is talking by showing something equivalent to the bouncing ellipses in iMessage when someone is typing back to you (though admittedly the Skeleton component from Chakra-UI is a little less impressive than bouncing ellipses)

Addendum: If you're wondering about those funny robot faces, they are programmatically generated based on a hash of your public key, using this library

So, joke away!