Kibu White Paper: Ensuring Genuine Human-to-Human Communication in the Digital Age
March 2024
Overview
Kibu is at the forefront of addressing the fundamental challenges posed by the convergence of artificial intelligence and human interaction within digital spaces. Recognizing the necessity for verified personal identity and trust online, Kibu introduces a robust communications platform underpinned by advanced cryptographic protocols. This platform is designed to assure users of the integrity of their data and to certify the authenticity of their human interactions.
The digital age necessitates a reevaluation of trust - traditionally established through in-person interactions - in the context of online engagements. Kibu acts as a critical intermediary, translating this traditional trust to the digital sphere. It facilitates the transition of established offline relationships to online environments, thereby creating secure and trusted networks. Kibu addresses the inefficiency of relying on physical verification for trust in the digital domain by offering a suite of human validation, verification, and authorization tools and processes.
The platform is architected to deliver key functionalities, delivered over a phased rollout, tailored to enhance trust and secure communication:
Proof of Humanity: A combination of biometric validation and additional offline checks ensures users are verifiably human.
Secure Messaging: Encrypted channels for private and group messaging protect the confidentiality of communication, with a user-centric, rather than device-centric, framework that eliminates email addresses and phone numbers as attack vectors.
Private Media Sharing: A secure framework for sharing sensitive media in selected groups.
Consensus-based Authorization: Mechanisms for permitting actions based on a quorum vote, e.g. sharing content outside of an organization, pushing code into production, changing access permissions for an internal resource or system.
Public Broadcasting: Features for users to share content broadly, with customizable privacy settings and categorization.
Provenance Auditability: Verifiable tracing of the user that introduced a piece of content into the Kibu ecosystem and any subsequent alterations or modifications to that content.
Financial Transactions: A transparent financial transaction system with established payment gateways and detailed logging.
Digital Assets: A platform-supporting securely holding, recovering and transfer of digital assets, including cryptocurrencies and NFTs, with underlying value exchange mechanisms.
Central to the platform's innovation is the concept of 'pods'—digitally encapsulated networks of a priori trusted contacts that emulate the collaborative and democratic ethos of real-world social structures. Within these pods, members collectively govern; entry, information dissemination, and transactional activities, ensuring that the platform's digital interactions inherit the trust and integrity of offline engagements. Through this, Kibu establishes a digital ecosystem where trust is not just an attribute but the foundational characteristic, mirroring the innate confidence of trusted personal and organizational networks.
Introduction
The foundation of our societies is trust; it underpins every interaction we undertake. In the fabric of human society, credibility is established through the steadfast fulfillment of promises, the exhibition of empathy and transparency, and the fostering of rapport among individuals. In modernity, a significant shift has occurred: societal exchanges increasingly unfold within the digital sphere. Conversations that once took place over coffee are now exchanged via texts; photographs that were physically shared among friends are now disseminated through digital galleries; monetary transactions no longer rely on tangible currency and instead digital money. Even assets have transitioned from the material to the digital, as evidenced by the proliferation of NFTs and comparable digital properties.
The evolution towards digital interaction is not novel, and a myriad of digital spaces have surfaced to support this new paradigm. Encrypted messaging applications like WhatsApp, Telegram, and Signal have made secure communication commonplace, while social media platforms such as Facebook and TikTok have expanded the landscape for direct messaging, content sharing, and global broadcasting. Platforms like DropBox and Google Drive facilitate not only storage but collaborative engagements. Financial exchanges have also been revolutionized by online services like Stripe and PayPal, alongside mobile applications such as Venmo and CashApp that simplify digital monetary transfers. Cryptocurrencies and blockchain technology have introduced a new era of digital assets, managed and transacted through platforms like Coinbase and Circle, expanding the financial ecosystem beyond traditional fiat currencies.
As we gravitate towards a digital-centric existence, with diverse platforms enabling communication, transactions, and collaboration, the question of trust within these digital spaces becomes paramount. While encrypted messaging applications may secure conversations, the lack of open-source transparency remains a concern. Social media is beleaguered by bots and content of dubious origin. Cloud storage and collaboration tools often overlook the critical aspect of content provenance. Financial applications, though reliable in transferring funds, are fraught with vulnerabilities to fraud. Moreover, crypto platforms tend to favor anonymity over transparent, trust-based transactions, and are susceptible to theft or the loss of digital assets due to insecure storage or the misplacement of keys.
The intensification of online deception amplifies these issues. Misrepresented identities, AI-generated content, and the advent of deep fakes have engendered a crisis of trust in the digital domain. These dynamics pose significant threats to the authenticity and reliability of online content and interactions. Kibu is poised to confront these complexities, with a resolute commitment to reinstating trust and human-centricity in online communities.
Open-Source Commitment
Kibu's software development framework is predicated on the principles of open development. The framework combines core, open-source cryptographic primitives in novel ways, providing security while ensuring auditability. Kibu is built on top of the open-source cryptography library NaCl, which provides a high-performance solution for network communication, encryption, decryption, and signatures. Further, Kibu tooling incorporates open-source contributions from Psiphon, a globally leading Internet freedom platform providing open, uncensored Internet access to over 15 million active users per day across 142 countries. The Kibu platform is designed to provide interoperability with existing and emerging industry standards, such as OAuth for access delegation and passkeys for user authentication.
The Kibu development team has a history of contributing to the open-source ecosystem, having released numerous libraries that now support software used by millions of users each month. This practice underscores Kibu’s commitment to transparency and the collaborative ethos that are known to advance the robustness and security of software systems. In alignment with a commitment to openness, the Kibu protocol itself is open-source. This allows for community scrutiny and collaborative development, enhancing the protocol's integrity and utility.
User Verification on Kibu
In Kibu, the user verification protocol is grounded in establishing both the authenticity of an individual's identity and confirming their human nature. In the digital era, where the nuances of trust are ever-evolving and fragile, this dual-focused verification method is integral to the platform's integrity.
User Onboarding and Authentication
User onboarding and authentication in Kibu integrates identity verification with device authentication.
Account Creation and Verification: When Alice decides to join Kibu, she begins by creating an account on the Kibu Server. During account creation, Kibu generates a unique public key for her user account.
Unique User ID Assignment: After her account is set up, Alice receives a unique User ID, which is inextricably linked to her public key.
Device Integration and Authentication:
Alice can connect multiple devices to her Kibu account. Each device she connects has a distinct device key.
To add a device, the device key requires validation from Alice's primary user key.
Suppose Alice wishes to introduce a new device. In that case, she will engage in a local data exchange between the devices. Her existing device, which houses her primary identity key, will then validate the new device's key.
Establishing a Secure Connection: Before interacting within a Pod, Alice's device establishes a connection to the Kibu Server. This connection is encrypted using standard TLS, bolstered by a recognized certificate. For authenticating Alice's identity, Kibu employs Web Authentication (WebAuthn), a web standard published by the World Wide Web Consortium. In this mechanism, both the server and Alice's device securely hold the required data and key materials.
Human Verification Process:
Alice must be invited by an existing Kibu member, say Bob, to join a pod. Bob is tasked with authenticating Alice's identity using various methods that bridge digital and offline activities. For instance, Bob might pose questions that reference past shared experiences like, “What was the venue of our last lunch?” Alternatively, invitations might be confirmed through proximity-based technology such as Bluetooth or RFID in physical locations.
When Alice joins, she is required to undergo biometric verification. This process necessitates that Alice submit a facial photograph for review. Additionally, she has the option to register a fingerprint or utilize mobile app based facial recognition (.
Pod members, including Bob, are responsible for verifying the authenticity of Alice’s photograph, checking its congruence with her real-world appearance, and confirming her engagement with other biometric verifications like Touch ID or Face ID. They are also able to assess Alice's trustworthiness by noting the extent of her verification by other Kibu users.
Alice is afforded the opportunity to augment her verification status by linking her identity to other online platforms. Furthermore, specific user demographics, such as government employees, might be subject to supplementary verification measures, including the use of CAC cards.
User Recovery Protocol
Suppose Alice gets locked out of her Kibu account. In that event, Kibu's emphasis remains on ensuring secure recovery. Notably, unlike many encrypted messaging applications, when Alice recovers her account, she will retain access to the complete history of each pod that she was a part of.
Re-Initialization: Alice doesn't recover her old keys. Instead, she starts anew. She registers again on Kibu, receiving a new User ID and associated key materials.
Seeking Recovery Invitation: When Alice initially registered with Kibu, she designated a ‘Recovery Pod’. Let’s assume Bob was a member of her Recovery Pod. Now, Alice reaches out to Bob and requests a recovery invite.
This invite functions similarly to a regular pod invitation. The difference lies in its designation: it indicates that Alice, with her new ID, will replace her previous identity within the pod.
At this juncture, Bob plays a pivotal role. He vouches for Alice, recognizing her as the user who previously interacted within the pod.
Automated Recovery Designation: Once Alice's identity has been re-verified, the server systematically dispatches recovery invitations to every pod of which Alice was formerly a member. Subsequently, each pod can independently evaluate Alice’s newly submitted credentials, validate her identity, and facilitate her re-entry. This protocol effectively obviates the necessity for Alice to individually petition for re-admittance to each pod she was associated with, thereby streamlining the recovery process.
Processing Invitations: When Alice accesses her Kibu account, she finds a list of pending invites from all previous pods that she was a part of that have reconfirmed her identity. She can address these invites as though she was entering new pods.
Kibu’s Pods, Quorum, and Consensus-based Authorization
Kibu provides an advanced 'pod' system that governs interactions ranging from simple messaging to complex, quorum-based decision-making processes relevant for both individual and corporate entities. This architecture is not limited to group messaging but is instrumental in managing a spectrum of activities including content distribution, executive decision-making, data access permissions, and the execution of financial transactions.
Consensus-based Authorization
The pod structure is engineered to enhance privacy, establish trust, and validate authenticity through collective agreement—thereby mitigating the risks inherent in unilateral decision-making. This is exemplified in scenarios where data access is required; instead of a single administrator granting permissions, Kibu supports a consensus-driven decision among designated pod members. For instance, if Alice needs access to a shared Google Drive, Kibu can be configured such that a quorum involving multiple pod members is required to approve this access, effectively distributing trust and authority.
This mechanism draws parallels to the safety deposit box system—access to sensitive information, akin to the contents of a deposit box, requires multiple keys. Each stakeholder holds a key, and access is only granted within a predefined time frame when all necessary parties are present and consent to proceed. In addition to data access, the pod structure is adept for data validation tasks, where members concur on the veracity of information, such as validating the authenticity of a photograph or confirming the accuracy of a piece of intelligence. This communal verification endorses the data's integrity and is critical for operations relying on high-stakes information.
The Kibu consensus-based authorization framework is designed to easily integrate with current authorization processes. Utilizing JSON Web Tokens (JWTs) — a widely accepted method for generating data payloads that can be signed and, optionally, encrypted to assert specific claims — this framework introduces a sophisticated layer of security and verification. In practice, Kibu intercepts the JWTs issued by organizations, enterprises, or third-party applications, encapsulating the original claims and re-signing them with its own secure keys. This ensures not only enhanced security but also embeds additional contextual information, such as the consent of pod members to the actions proposed within the claims.
Kibu's pod architecture, therefore, is not merely a feature but a foundational component that supports a robust framework for secure, decentralized, and collaborative actions across various organizational layers.
Pod Definitions and Characteristics
A 'pod' is a unique group entity in the Kibu system.
The uniqueness of each pod is established through a pod ID, a 256-bit random value assigned by the Kibu Server.
Encryption of pod messages is facilitated via a shared symmetric key, the Group Key. Unlike architectures like Messaging Layer Security (MLS) and Signal, this method provides ease of access to historical messages for newcomers or recovering users via the Group Key.
Key Components of a Pod
Pod ID: A unique identifier.
Membership Lists: This encompasses the current list of pod members and a sequential history of previous lists. Each list is supported by a series of digital signatures using the User's Pod Key.
Pending Invites: A mechanism to streamline member addition, consisting of details like Invite ID, User IDs, and an encrypted response.
Invite Response Public Key Ring: This cryptographic tool ensures only pod members can view the responses from invitees.
Associated Messages: Every piece of communication within the pod, each encrypted using the Group Key.
Pod Invitations
Any member of a pod can extend an invitation to another user. This is facilitated through a link containing a unique Invite ID.
The process respects user autonomy: upon receiving an invite, the invitee can choose to either join the pod or decline the invitation. If the user accepts the invitation, the invitee's details are encrypted and verified by the Kibu server, after which the user is added to the pod.
Member Removal and Pod Rekeying
Any member can propose the removal of another, but this action necessitates cryptographic updates: rekeying of the Group Key and the Invite Response key pair.
Similar to pod invitations, all member removal proposals are subject to a quorum.
Pod Consensus Mechanisms
Central to the Kibu system is the idea of collective decision-making, achieved through quorum. The exact number of members required to reach quorum is set by pod members at the pod level. The initial quorum requirement is one, representing the pod creator
Members use the Vote message stream to initiate proposals, and these could range from membership changes to content broadcasts.
Each proposal encompasses details like the type of vote, the proposal's unique ID, and the data under consideration.
Handling Concurrent Votes
Kibu recognizes the dynamic nature of group interactions and allows multiple broadcasts to proceed in parallel. However, for membership changes, concurrency is more restricted to prevent data inconsistencies and conflicts.
Public Broadcasts and Provenance Assurance
Within Kibu’s ecosystem, the broadcasting functionality extends beyond traditional paradigms of content distribution. It is expressly designed to not only share content but also to establish and validate its provenance. When pod members collectively decide to broadcast content publicly, they engage in a quorum-driven consensus process, which serves to authenticate the content and to ensure its verifiability outside the pod's private sphere.
In the initial release of the Kibu protocol, this mechanism of external verification incorporates a QR code system, integrating a public key directly into the content as a visual watermark. This watermark acts as a digital signature, allowing any viewer to ascertain the origin of the content by scanning the QR code. Possession of both the content and the signature is sufficient to validate the content’s provenance.
Looking ahead, Kibu is poised to implement a more sophisticated and immutable form of verification: a steganographic watermark embedded within the content itself. Unlike a visible QR code that might be cropped or edited out, steganographic techniques allow the embedding of an invisible watermark within the content’s data, imperceptible to viewers but detectable through Kbu-specific software. This advanced watermark will be woven into the very fabric of the content, providing a resilient method to verify the content’s provenance that is significantly more resistant to tampering.
Financial Transactions and Asset Transfers
Kibu's underlying architecture, built for robust content verification, seamlessly extends its capabilities to the domain of financial transactions and value transfers. This extension leverages the platform's existing security protocols and consensus mechanisms to ensure the integrity and provenance of transactions within the ecosystem.
Within a pod, financial decisions—such as authorizing a payment or endorsing the transfer of a digital asset—are made through collective agreement. This quorum approach ensures that every transaction reflects the consensus of the group, which not only democratizes the decision-making process but also adds a layer of accountability that is critical for financial operations.
Kibu connects with established payment services and blockchain networks, enabling straightforward transactions and digital asset management without developing new infrastructure. The platform's flexible design supports various payment methods and emerging digital currencies, with the quorum model providing a reliable foundation for group-verified transactions.
Message Encryption and Cryptography
Secure message transmission remains a cornerstone of digital security and trust. Kibu's cryptographic model employs a Pod Group Key to encrypt all communication within a pod, encompassing chat, file sharing, and vote signaling. While the end-to-end encryption approach mirrors that of WhatsApp and Signal, Kibu uniquely utilizes the NaCl Secret Box cryptographic library. This library offers a contrast to the Signal Protocol, deployed in applications like Signal or WhatsApp. It instead draws inspiration from the Web of Trust concept incorporated in the traditional PGP system.
In Kibu, Stream IDs serve to categorize and manage messages, marking a distinct approach from the unified message databases seen in other platforms while streamlining the key management process. Unlike the double ratchet mechanism used in Signal, which generates a unique key for every message, Kibu utilizes a shared symmetric key ring. This key remains in use as long as the pod members with access are considered trustworthy, thus differing from the Signal's approach where each message has a unique key, preventing historical recoverability. The end-to-end encryption (E2EE) in Kibu is anchored on two primary elements: 1) The employment of a shared symmetric key ring to encrypt messages within a pod, and 2) The capability for clients to authenticate the comprehensive chain of signatures that constitute the current and historical membership lists, tracing back to the inception of the pod.
Kibu employs AES-GCM and ChaCha20-Poly1305 algorithms for encryption, maintaining confidentiality and integrity while keeping PayloadMetadata visible for authentication. For larger attachments, a shared symmetric key and separate encrypted blob storage is used, diverging from PGP's single encrypted format and aligning more closely with WhatsApp and Signal's media handling, yet with enhanced key-data segregation.
Kibu's Pod Group Key rotation adds a layer of security, differing from the static key approach of PGP and introducing a security measure often absent in mainstream messaging apps. This is a proactive step in maintaining security against prolonged cryptographic attacks.
Alternatives Considered
Message Layer Security (MLS), RFC 9420:
Kibu considered MLS, which introduces forward secrecy through a double ratchet mechanism. However, this complexity does not align with Kibu's full recovery objectives from a client’s Encrypted User Data and Pod Keys. The key deletion schedule fundamental to MLS's forward secrecy would have been counterproductive to Kibu's design, necessitating a resend-to-recover method that would conflict with Kibu’s recovery model.
Signal Private Groups:
Signal's metadata privacy was not a focus for Kibu, as Kibu aims to support diverse user needs, including corporate needs, in which metadata privacy is incompatible with reporting standards. Moreover, Signal's framework is device-centric rather than user-centric, its Private Groups do not align well with Kibu's pod quorum concept, and Signal does not offer a good option for recovering lost data due to its ratchet scheme.
Threshold Signature Schemes:
Despite the potential of threshold signature schemes for broadcast and membership list voting, as suggested by various academic papers [1-3], many of these schemes have practical limitations. Some schemes had prolonged setup times, with interactive protocols necessitating waiting for peers to become available—potentially delaying processing. The complexity of these schemes, compared to every-user-signs models, along with uncertainties in protocol resumption, led to their exclusion from Kibu's cryptographic strategy.
Conclusion
In the constantly evolving digital landscape, trust, authenticity, and security stand paramount. Kibu is a testament to this, bridging the chasm between human-centric communication and the challenges posed by the digital age. By employing state-of-the-art cryptographic techniques, introducing the democratic and transparent 'pod' concept, and emphasizing genuine human-to-human interaction, Kibu sets a gold standard for digital communication platforms. The platform's open-source commitment, rigorous human verification, and sophisticated pod system underscore its dedication to ensuring that digital interactions are not only secure but inherently genuine. As artificial intelligence and other digital phenomena continue to shape our online experiences, Kibu stands as a novel platform to engage in digital spaces that emphasizes the importance of genuine human connection, integrity, and collaborative communication.
References
[1] Cramer, Ronald, Rosario Gennaro, and Berry Schoenmakers. "A secure and optimally efficient multi‐authority election scheme." European transactions on Telecommunications 8.5 (1997): 481-490
[2] Culnane, Chris, and Steve Schneider. "A peered bulletin board for robust use in verifiable voting systems." 2014 IEEE 27th Computer Security Foundations Symposium. IEEE, 2014.
[3] Narasimha, Maithili, Gene Tsudik, and Jeong Hyun Yi. "On the utility of distributed cryptography in P2P and MANETs: the case of membership control." 11th IEEE International Conference on Network Protocols, 2003. Proceedings.. IEEE, 2003.