Secure Scuttlebutt: some technical details

I’ve poked a bit at Secure Scuttlebutt (SSB). It’s a gossip protocol for syncing append-only cryptographically verified feeds. Its main application is social networking – I recommend giving Patchwork a go if you want to see it in action.

The protocol is mostly defined by the implementation, which is an archipelago of tiny Node.js modules. To make it easier for the next person trying to figure this out, let me give you a rough overview of the outer layers of the protocol:

  • All the cryptographic operations are performed with libsodium.
  • The connection starts with a Secret Handshake. It is used to authenticate the connecting parties and to agree on session keys. It’s implemented in the secret-handshake module.
  • After the handshake, everything is encrypted with the session keys using the framing documented and implemented in the pull-box-streams.
  • The encrypted content consists of muxrpc commands and data.
  • Concretely it’s a stream of packets encoded with the packet-stream-buffers module.

Edit: For more, check out the Scuttlebot Protocol guide. It looks super-infromative, but I didn’t know about it before writing this post! Thanks to André Staltz for pointing me to it.

I toyed around implementing SSB in Pony and this is how far I got. I suppose it’d be simple to implement a client that connects to a Scuttlebot server to publish a message.

I don’t how much it’d take to implement a full-blown SSB node. At least you’d need the feed synchronization. I think it’s implemented by the ssb-friends module, but I’m not 100% sure.


Comments or questions? Tweet to me or send me an e-mail.