{"id":18783580,"url":"https://github.com/sticknet/stick-protocol","last_synced_at":"2025-04-13T12:11:32.169Z","repository":{"id":57370893,"uuid":"336864198","full_name":"sticknet/stick-protocol","owner":"sticknet","description":"Re-Establishable Group End-to-End Encryption with Post-Compromise Security","archived":false,"fork":false,"pushed_at":"2024-07-24T08:04:09.000Z","size":8464,"stargazers_count":14,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-13T10:01:50.110Z","etag":null,"topics":["cloud-storage","cryptography","end-to-end-encryption","security-protocol","social-network"],"latest_commit_sha":null,"homepage":"https://sticknet.org","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sticknet.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-02-07T18:52:33.000Z","updated_at":"2024-09-11T09:59:14.000Z","dependencies_parsed_at":"2023-12-24T14:26:51.884Z","dependency_job_id":"ff08b2a0-9d56-40c9-8f76-7952c7c74a69","html_url":"https://github.com/sticknet/stick-protocol","commit_stats":{"total_commits":215,"total_committers":2,"mean_commits":107.5,"dds":"0.023255813953488413","last_synced_commit":"a89ed63682209b25156bcaae4836e4058d1eac90"},"previous_names":["stiiick/stick-protocol"],"tags_count":100,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sticknet%2Fstick-protocol","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sticknet%2Fstick-protocol/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sticknet%2Fstick-protocol/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sticknet%2Fstick-protocol/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sticknet","download_url":"https://codeload.github.com/sticknet/stick-protocol/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248710445,"owners_count":21149190,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud-storage","cryptography","end-to-end-encryption","security-protocol","social-network"],"created_at":"2024-11-07T20:39:47.791Z","updated_at":"2025-04-13T12:11:32.151Z","avatar_url":"https://github.com/sticknet.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003eStick Protocol\u003c/h1\u003e\n\u003cp align=\"center\"\u003eRe-Establishable Group End-to-End Encryption with Post-Compromise Security\u003c/p\u003e\n\n## Motivation\n\nEnd-to-end encryption has become a de facto standard in messengers, especially after the outbreak of the highly secure\nmessaging protocol – Signal. However, this high adoption of secure end-to-end communications has been limited to\nmessengers, and has not yet seen a noticeable trace in social network platforms, despite the increase in users’ privacy\nviolations. The Stick protocol is an end-to-end encryption protocol, based on the Signal protocol, specifically designed\nfor social networks. The Stick protocol supports re-establishable \"many-to-many\" encryption sessions in an asynchronous\nand multi-device setting while preserving forward secrecy and introducing backward secrecy. Performance evaluation of\nthe Stick protocol shows that it causes no noticeable compromise on usability or performance. The Stick protocol's\nscientific foundation is 📄 \u003ca href=\"https://www.sticknet.org/stick-protocol.pdf\"\u003epublished in IEEE\u003c/a\u003e for those\ninterested in the\nproject’s technical and research motivations.\n\nStick is the protocol used in \u003ca href=\"https://www.sticknet.org\"\u003eSticknet\u003c/a\u003e - a secure social storage platform.\n\n## Security Features\n\nThe Stick protocol benefits from the security features of the \u003ca href=\"https://signal.org/docs/\"\u003eSignal protocol\u003ca/\u003e, and adds the following new features, or as summarized in \u003ca href=\"https://omarbasem.com/PDFs/StickProtocolPoster.pdf\"\u003ethis diagram\u003c/a\u003e:\n\n1. \u003cb\u003e♻️ Re-establishable\u003c/b\u003e: A user will be able to securely re-establish their encryption sessions when re-installing the application, or installing on a new device\n\n2. \u003cb\u003e📱💻 Multi Device\u003c/b\u003e: Stick protocol provides end-to-end encryption for all of a user's devices.\n\n3. \u003cb\u003e🔐 Perfect forward \u0026 backward secrecy for sharing sender keys\u003c/b\u003e: provided by multiple pairwise sessions\n\n4. \u003cb\u003e🔗 Many-to-many backward secrecy\u003c/b\u003e: sticky sessions provides backward secrecy for group communications every a maximum of N Encryptions.\n\n5. \u003cb\u003e💖 Identity Keys self-healing\u003c/b\u003e: A user's identity key refreshes every while to mitigate the effect of an identity key compromise\n\n6. \u003cb\u003e🛡️ Double-Hashing\u003c/b\u003e: for complete hiding of the user's password, even from the service provider at login\n\n## Technical Documentation\n\n\u003ca href=\"https://www.sticknet.org/stick-protocol\"\u003eClick here\u003ca/\u003e for technical documentation of the Stick protocol.\n\n## Usage Documentation\n\n\u003ca href=\"https://www.sticknet.org/stick-protocol/usage-documentation\"\u003eClick here\u003ca/\u003e for usage documentation of the\nStick\nprotocol.\n\n## Installation\n\nThe Stick protocol was implemented to be a superset to the Signal protocol making the Stick protocol logic external to\nthe Signal protocol. This allows the Signal protocol to be used in parallel with the Stick protocol, from just the Stick\nprotocol library. The stick protocol was implemented to be a fully comprehensive Android and iOS library (rather than\njust a Java and C library) which can be simply dropped into a social network application, and provide E2EE using\nre-establishable \"sticky sessions\", with as low development overhead as possible. The Stick protocol implementation is\ncomposed of 4 libraries:\n\n- Android Library (Gradle Package)\n- iOS Library (CocoaPod Framework)\n- Server Library (PIP Package)\n- Client Handlers Library (NPM Package)\n\nThe Android library and the iOS library are the 2 main libraries of the Stick protocol. They have most of the logic\nneeded on the client-side. There is also a server library for the Stick protocol in Python. In addition, there is a\nclient handlers library in JavaScript which contains common handler methods needed for the Stick protocol client-side.\n\n### Android\n\nGradle:\n\n```gradle\ndependencies {\n   implementation 'com.github.sticknet:stick-protocol:+'\n}\n```\n\nThe \u003ca href=\"https://github.com/sticknet/stick-protocol/blob/main/android/app/src/main/java/com/stiiick/stickprotocol/main/StickProtocol.java\"\u003e\nmain StickProtocol java class file\u003c/a\u003e has usage documentation as well. It includes all the methods that you would need.\n\n### iOS\n\nCheck iOS installation [guide](./ios_installation.md).\n\nThe \u003ca href=\"https://github.com/sticknet/stick-protocol/blob/main/ios/StickProtocol/StickProtocol/Main/StickProtocol.swift\"\u003e\nmain StickProtocol Swift class file\u003c/a\u003e has usage documentation. It includes all the methods that you would\nneed.\n\n### Server\n\nThis is a server library for the Stick protocol in Python for Django. If you have a Django server you can use this\nlibrary. If not, you can easily implement your own.\nThe \u003ca href=\"https://github.com/stickapp/stick-protocol/blob/main/server/stick_protocol/stick_protocol.py\"\u003emain\nStickProtocol python class\u003ca/\u003e includes full usage documentation needed on the server.\n\n```\npip3 install stick-protocol-server\n```\n\n### Client Handlers\n\nThe Stick protocol implementation features a client handlers library in TypeScript. It contains common handler methods\nneeded for the Stick protocol client-side. These handlers may differ from one application to another. A developer is\nfree to write their own handlers. They can be implemented in any programming language.\nThe \u003ca href=\"https://github.com/sticknet/stick-protocol/blob/main/client-handlers/src/StickProtocolHandlers.ts\"\u003emain\nTypeScript class\u003c/a\u003e contains full usage documentation.\n\n```\nyarn add stick-protocol-handlers@1.2.2\n```\n\n## Verification Tests\n\nThe Stick protocol has a set of verification tests that can be run to verify the correctness of the protocol.\nThese tests are written using \u003ca href=\"https://verifpal.com/\"\u003eVerifpal\u003c/a\u003e, a formal verification tool for cryptographic\nprotocols. The tests are located under `FormalVerification` directory. After installing the Verifpal tool, the tests \ncan be run as follows:\n```\nverifpal verify test_file.vp\n```\nTests 01-\u003e04 are expected to pass, while test 05 is expected to fail.\n\n## License\n\nCopyright © 2018-2024 \u003ca href=\"https://www.sticknet.org\"\u003eSticknet\u003c/a\u003e\n\nLicensed under the GPLv3: http://www.gnu.org/licenses/gpl-3.0.html\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsticknet%2Fstick-protocol","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsticknet%2Fstick-protocol","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsticknet%2Fstick-protocol/lists"}