Skip to content

Proof-of-concept of a cryptographic Twitter clone. Each user is a keypair, and all data is signed.

Notifications You must be signed in to change notification settings

wgoodall01/emblem

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

emblem

PoC for a cryptographic Twitter clone.

What is Is

Emblem was my final project for AP CS. It implements a very limited version of Twitter, where every single aspect of the site is backed with crypto. Every user is represented by a keypair, every post is signed for authenticity, and every action a user can take is verified against this keypair. It is impossible for the owner of the site to make any change, or do anything, on behalf of any user, because each client verifies that all data the server sends is signed by its author.

When a user signs up for the service, they generate an RSA keypair which stays on the client. Then, to make a post or change their profile, they sign that request with the keypair. The server uses this signature to authenticate the change, and also gives the signature out along with the data any time a client requests it. It is impossible for a malicious sysadmin to falsify or modify any content.

Because I had to put this together in like a week and a half, it isn't perfect. There is no kind of protection against the server administrator deleting anything, so the platform can't prevent censorship. There isn't a way to sign in and out of an account short of ripping the keypair from LocalStorage. If you lose your keys, you're hosed. It isn't a production-ready social network, but I think it's a pretty neat proof-of-concept of a zero-trust microblogging platform.

Architecture

It has two main parts -- the server, running on App Engine, and the client, implemented as React SPA. The server talks to the database (Cloud Datastore), storing posts and validating API requests. The client talks to the server over a REST API, using its keypair to authenticate everything.

About

Proof-of-concept of a cryptographic Twitter clone. Each user is a keypair, and all data is signed.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published