December 3

Citium & InfoSec


A recent decision by the US District Court for the Northern District of California notes the importance of using ephemeral communication tools as early as possible to avoid being accused of spoliation of evidence:

WeRide Corp. v. Huang, 2020 WL 1967209, 9, 11 (N.D. Cal., Apr. 24, 2020), presents what the court described as a “staggering” amount of spoliation, “so sweeping that [the] case [could not] be resolved on its merits.” One of the spoliation factors the court considered was senior management’s specific direction to use ephemeral messaging months after the litigation was filled – apparently in an attempt to evade discovery. Ultimately, the court ordered terminating sanctions under Fed. R. Civ. P. 37(b) and (e).

Citium is an SPICED instant messaging platform, where SPICED is a mnemonic that stands for SecurePiggybackingImperviousCircumventiveEphemeral, and Deniable:

  • Secure. Messages are encrypted on your own device with ECDSA, BLOWFISH, and XXTEA, which are time-tested and provably secure algorithms in the open source community.
  • Piggybacking. A unique feature that enables inconspicuous transmission of data through BitTorrent and Bitcoin networks, which are the world’s most popular P2P protocols with millions of active nodes.
  • Impervious. You can send and receive messages even if all Citium nodes are removed. Service availability of Citium is impervious to takedown.
  • Circumventive. No one can stop you and your contacts from communicating even if you are situated in the most pervasive level of Internet censorship.
  • EphemeralCleartext messages self-destruct, which preempts spoliation of evidence and data breach due to devices fallen into the wrong hands.
  • Deniable. The last line of defense is its technically feasible/plausible deniability, which preempts coercion, eavesdropping, such as man-in-the-middle (MITM) attack, and post-quantum computing cryptanalysis of archived surveillance data by government mass surveillance projects.

System Design Premises

Don’t let its blandly designed client app interface mislead you into thinking that Citium is an underdeveloped software. In fact, it is so powerful that it guarantees the communications with your intended contacts are quantum-resistant and plausibly deniable. It is well-known that innovative system design often introduces new forms of failure. And yet, despite that, most system designers embrace innovation because it is human nature to resolve recurring annoyances. Sadly, more often than not, the well-meaning changes in secure communication systems create unexpected failures, such as security vulnerabilities. The higher the complexity, the more error-prone they are. Therefore, the design philosophy of Citium is, foremost, to reduce system complexity. When the use of some complex encryption algorithms is irreducible, we compartmentalize them into modular components. Given that modular designs become susceptible to failure when issues arise that bridge the divisions, Citium makes sure those failures are nothing but acceptable cost at the expense of speed. It might all sound too abstract so let us put these in more concrete terms and examples.

Citium in Layman’s Terms

Encryptions and transmission mechanisms of BitTorrent and Bitcoin protocols are time-tested decentralized P2P technology. The BitTorrent protocol has been around for two decades with billions of users worldwide. The Bitcoin protocol has demonstrated its reliability in the high-stakes financial environment. Citium rides on the back of them to realize quantum-resistant confidentiality, user anonymity and deniability. Imagine “messages in bottles” senario. Instead of putting pieces of papers into bottles, we put individual jigsaw puzzles in them. The message that you want to send to your intended recipient is analogous to the custom photo of a jigsaw puzzle. First, the message is encrypted by your own device and is cryptographically split into small slices. It is like die-cutting the photo into jigsaw puzzles then bottling them individually. Then, they are randomly casted to the nodes in the Citium network, the BitTorrent network and the Bitcoin network. They are located all over the world in different countries. It is like casting the bottles into the seven seas.

Dynamic Data

Note that the dynamic transmission of data to the Citium network along with those that piggyback on BitTorrent and Bitcoin networks resembles the tens of millions of fake seeding and dusting attacks that happen every moment on the Internet. In other words, the data transmission is harmless and is hiding perfectly in the plainsight of mundane Internet traffic. Most of the BitTorrent and Bitcoin nodes neither examine nor block data casting from individual Citium nodes because they are too small in size and low in frequency to be obtrusive. Usually, they just stack the newly arrived data into their own buffers and/or pass them onto someone else. That’s why Citium can circumvent all kinds of Internet censorship and users can communicate freely on Citium.

Static Data

Moreover, the static data–all the ciphertext slices–that are sitting on the decentralized network of Citium, BitTorrent client and Bitcoin network nodes look similar, just like you can hardly tell apart one floating bottle from another in the seas. Everyone can bottle a jigsaw puzzle and cast it into the seas and everyone is allowed to pick it up. Yours, too, can be picked up by anyone! However, no one, except your intended recipient, has any clue of which bottles contain the essential puzzles, not to mention how to piece them back to the original message even if they somehow manage to recover every essential slice. Yet all the while, you and the intended recipient can communicate smoothly in Citium because only your intended recipient knows which are the essential slices (bottles) to retain, has the required keys to decrypt (unlock) them and to piece the ciphertexts (jigsaw puzzles) back together into the original message (photo). In addition, you ripe the full benefit of plausible deniability no matter how things turn out, even your intended recipient decides to turn on you. Thanks to the inherent design of Citium, your intended recipients cannot hold you accountable to whatever you have said to him/her because it is technically impossible to prove irrefutably that the messages were ever casted by you.

InfoSec Design Premises

All popular and even seemingly innovative encryption algorithms and features (e.g. AES, forward secrecy) in the hope of preventing man-in-the-middle (MITM) and cryptanalysis is elusive if not futile because any belief in anti-MITM technology is unfalsifiable, not to mention that none of them can withstand attacks by quantum computers and/or coercions. We can only wish those who have faith in anti-MITM technologies good luck while we take the design premises of Citium to extremes because traditional data security assumptions have not served well especially to those who communicate sensitive information online and are overpowered by adversaries (i.e. threat actors) in terms of resources and determinations. One cannot fathom the extent of MITM that some resourceful and patient threat actors will go until it is too late. One can never know when state level intelligence agencies start using quantum computers to decrypt archived transmission data, so whatever you feel secure today is no guarantee of not getting back at you by more powerful cryptanalysis technology tomorrow. Last but not the least, unless your body is as nimble as Ethan Hunt in Mission: Impossible, unless your mind is as ingenious as Keyser Söze in The Usual Suspects, or unless you are always ready to bite and ingest Hydrogen Cyanide (HCN), at the point of being coerced to divulge your secrets, you are doomed. On the other hand, if you have used Citium to communicate private and confidential information, technically feasible/plausible deniability will defend you from being a sitting duck.

Inevitable Eavesdropping, Surveillance & Coercion

Can Citium free users from eavesdropping and surveillance? No, because eavesdropping and surveillance are everywhere. For instance, in 2013, whistleblower Edward Snowden revealed the US NSA PRISM surveillance program to the world. We cannot face the reality without learning a lesson from it that everyone is subject to eavesdropping, surveillance and even coercion by government mass surveillance projects. What Citium does, paradoxically, is to offer deniability so that eavesdropping and surveillance is rendered meaningless because no one knows for sure who sent what from which devices in the vast ocean of “bottles of messages’’ hidden in the plain sights of the Citium network of nodes. In other words, Citium utilizes a blend of deniable encryption schemes so that eavesdropping and surveillance become innocuous if not entirely inconsequential. In most circumstances, coercion is tantamount to total defeat. Your attempts to protect the confidentiality of your communications have been in vain. The purpose of deniability is not at all to “convince” the coercer that any surrendered transcript is real; indeed, it is common knowledge that transcript can easily be faked. Instead, the goal is to preempt coercion in the first place by making surrendered transcripts useless. Citium users simply have to “stick to their stories”. No data analyst or forensic expert can irrefutably prove who is involved in which message in Citium. The use of Citium has enabled a major paradigm shift to deniable encryption schemes as the last defense of confidentiality. Simply put, as long as you communicate through Citium, you are free to deny every evidence against you. It is not your duty to prove that you are innocent. It is someone else’s duty to prove that you have done something wrong that leads to your charges. But rest assured that no one is capable of doing so.

Unrealiable Centralized Regime

As we all know, it is fallacious thinking to appeal to centralized authority and novelty. But unfortunately, this knowledge cannot prevent seemingly trustworthy centralized governing bodies and self-proclaimed experts from peddling ever fancier InfoSec technologies to their users. A laundry list of disappointments has been blindsiding these users, such as

In view of these repeated incidents, Citium proposes three (3) pessimistic yet stringent InfoSec design premises.

  1. Trust No One: Participant is fallible.
  2. Power Corrupts: Rights are exploitable.
  3. No Secrecy: Cipher is vulnerable.

In face of an intruder successfully uncovering private data in Citium through 1. inciting defection2. power abuse; or 3. ciphertext hack, Citium users can still justifiably deny that they have ever been involved because all security forensics are futile, no matter how extensive and meticulous they are. Citium inevitably makes the data source obscured and inadmissible. Besides, Deniability, as an InfoSec feature, greatly reduces the desire of any competitor or judicial authority to investigate or obtain evidence against users of Citium.


Can someone use an unimaginably large amount of resources to attack Citium so that it fails? No, because Citium client app messaging is always available even if all the other Citium nodes have been taken down because dynamic transmission of Citium data piggybacks on BitTorrent and Bitcoin networks. Yes, you heard correctly. Not only that Citium has no central servers, which essentially renders raiding, shut down, or forces to turn over data impossible, but also that its data transmission relies on someone else’s P2P network infrastructures. Thus, say goodbye to the server and node outages! A threat actor needs to physically seize ALL devices, such as phones, routers and content servers in ALL countries, where the Citium nodes are situated, to hamper the performance of the Citium network in transferring large files, such as image, voice and video. Not to mention that the takedown is not only highly improbable but a glaring act bound to draw attention. It is just too pyrrhic for most of the threat actors to contemplate. In contrast, law enforcement who is targeting popularized secure chat service, such as EncroChat, would only require a one-time, yet discreet, takedown of their centralized messaging relay or contact directory servers. Most users may unknowingly continue to use the service while their IDs and data have already been covertly compromised. Luckily, Citium users never have to worry about this kind of mishaps. The number of connected device nodes in the Citium network are only growing day by day because every online Citium client app is an active node that serves itself as well as everyone else in the decentralized network. Therefore, crippling or compromising the Citium decentralized network is only getting geometrically harder and harder as time passes while centralized service providers, such as SkyECC, inevitably heighten their data breaching risk as they gain in popularity. Technically, in the infoSec sense, the decentralized network of Citium nodes is a layered defense on top of the PGP-encryption scheme, making Citium communications deniable and quantum-safe. This is a unique service unavailable by any other provider.

InfoSec Highlights

Conventionally, compromising with usability, centralized stakeholders of a cryptosystem hold users’ account ID, password, and personal information to authorize access and service, which may all lead to irreparable blowback, such as data breaches, coercion and blackmail attacks. Luckily, modern cryptography technologies enable designers to create better cryptosystem: do away with these rights and power while still retaining the overall usability of cryptosystems!

Citium take full advantage of these time-tested proven technologies to establish a free, open-source, fully decentralized, permissionless blockchain that features cryptanalytically unbreakable cryptosystems and InfoSec mechanisms, such as Hybrid Cryptosystemthreshold cryptosystemindiscriminate mesh-tree multicast (IMTM), and sockpuppetry. Citium’s current build is capable of serving textimagevideo and real-time voice data. Decentralized Apps (dApps) built on Citium can enjoy extraordinary data security features, such as deniability, which is well-suited to build Off-the-Record Messaging (OTR) Instant Messenger System.

Server IP Obfuscation: Server IP Obfuscation (SIPO) is a unique feature of Citium. It can hide a server’s originating IP address from its visitors while letting them visit HTML5-based content on the server seamlessly. Not only can SIPO effectively prevent distributed denial-of-service (DDoS) attacks, but it can also curtail IP intelligence gathering (e.g. geolocation lookup), effectively preventing web server takedown and seizure.

Security Tradeoff

Why do I observe occasional delay sending and receiving message(s) thru Citium? The short answer is that the occasional delay is the price we pay for the extra peace of mind in security. The extent of a delay highly depends on the size of a message. If it is a text message, which is small in size, the delay will normally be resolved in a few seconds. But if it is a picture, voice clip or video, which is large in size, the delay will be slightly longer but not longer than a couple of minutes. While you are waiting, Citium is busy encrypting your message with a triple layer of encryption, namely ECDSA, BLOWFISH, and XXTEA. Notably, ECDSA is the encryption scheme used by the Bitcoin network, which has stood the test of time. As the market capitalization of Bitcoin is already in the hundreds of billions of dollars, cracking even a fraction of it means jackpot or attestation to a hacker’s ability. In spite of the incentives, no one has been able to crack it. The only reason why ECDSA has not been adapted more widely is due to its hunger for computational power. Mobile devices need time to process the encryption which contributes to the occasional delay. Furthering the delay is the casting of sliced ciphertexts to the P2P networks (i.e. Citium, BitTorrent, Bitcoin) because the ETA in decentralized systems is not as predictable as those in centralized ones. Not to mention, all the while the recipient end is busy fetching these tiny encrypted pieces of message, then decrypting and reassembling them back to the original, readable format. The transmission process is slower than most of the other instant messengers but it is the necessary performance and security tradeoff for Citium users who value confidentiality above all. Technically, the slicing of messages is a concept in threshold cryptography which makes Ctium post-quantum resistant. In plain English it means that even threat actors who come back from the future, armed with quantum strength deciphers, cannot reveal the original text.

Differs from FREE App

Free apps, such as Signal, Telegram, WhatsApp, Facebook Messenger and WeChat, obtain and make use of at least one personal identifier(s), such as through email, SMS or phone, to keep track of you. They can lead back to your real identity. Privacy policies of these companies dictate that their user information is insecure. To make matters worse, their centralized-managed business models make them vulnerable to coercions. It means that they are more than ready to give away your information for their own sake as they have the right to release user information to third parties without user permission. On the other hand, paid apps, such as SkyECC, assign user ID to you so anyone with your ID could potentially locate you and knock on your door. Citium guarantees your privacy by absolutely NOT ASKING for anything about you from the process of payment, installation and to customer service. Our customer service agents do not know about your existence unless you reach out to us. A private e-cert will weld to your phone instead of user ID and password. It will free you from username and password combination leaks, ID theft, phishing, malicious random ping of messages and trash ads. We have no central server so any DDoS attack or attempt to data kidnapping is, by design, impossible. You are the only one who controls when, how and with whom you are chatting.

Sockpuppeting Accounts

Apart from privacy issues, from the encryption algorithm point of view, all these free apps issue the public keys that their users use to encrypt the messages so that the companies know who the users are simply by knowing who’s using which public key. In contrast, each Citium user issues his/her own public key. In fact, every one of your Citium Contacts are communicating with you through some proxy accounts which Citium created for your Contacts individually during out-of-band verifications. Your Contacts do not know if the accounts are only for them or they’re for someone else as well. This scheme essentially disallows your Contacts from turning against you in the future because they cannot prove irrefutably that they are talking to you. Everyone talks through “sockpuppeting accounts” which no one knows for sure who’s talking through them so that everyone in Citium can maintain plausible deniability at all times.

Deniability ✓

Many centralized communication systems claim to have non-repudiability as one of their FnfoSec features because their users purposely want to systematically hold their communicating parties legally accountable. Citium does not cater to that purpose. In fact, Citium offers the complete opposite: deniability, which is the last line of defense against forced disclosure and its repercussions.

Some service providers, such as Facebook, are trying to offer deniability but they fail to rule themselves out of the picture. Here a direct quote from the Technical Whitepaper of Messenger Secret Conversations in Facebook Messenger published on May 18, 2017:

“[T]he third-party deniability property ensures that no party outside of Facebook can cryptographically determine the validity of a report.”

It implies that Facebook can still be vulnerable to forced disclosure and or even voluntarily submitting to surveillance, not to mention the chance of data breach. Thus, Secret Conversations of Facebook’s Messenger offers half-baked deniability at best. In contrast, Citium offers full deniability; no participant or mediatory machine can compromise deniability in any way.

The primary motivation behind Citium decentralized system protocol is to provide a deniable communication network for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with some other centralized communication systems that produce output which can be later used as a verifiable record of the communication event and the identities of the participants.

SafeMail & SDTP

Citium is inherited from the open-source projects: Bitmessage and SafeMail. Although the Citium Instant Messenger project is fully compatible with SafeMail protocol, we decide to call it Citium Instant Messenger (CIM)  instead of Citium Mail because it is in many ways (e.g. the user interface and operation) more akin to most of the popular instant messengers in the marketplace.

The communication mechanism used by both CIM and SafeMail is the “Safe Data Transfer Protocol” (Safe Data Transfer Protocol). SDTP dictates that all forms of communication push the same generic notification to the intended recipients. Once notified, the intended recipients are required to retrieve the messages on their own.

Push & Pull(Fitch)

Most instant messenger systems are designed that messages are directly pushed onto the client apps of the intended recipients. However, in Citium Instant Messenger (CIM) system , push notification is limited to a generic text reminder (i.e. “You have a new message.”) and a very thin slice of the message encrypted in a ciphertext being sent to the intended recipients. The intended recipients are required to actively fetch the remaining slices on their own from the sea of Citium nodes  (i.e. service & user nodes), and eventually, recombining with the thin slice at hand to acquire the original, correct message.

Threshold Cryptography

In any cryptographic system, the most important component of transforming plaintext messages to ciphertext and back is the key. The key is the foundation of the overall security of cryptography, which means that the protection of the key has also become an important issue. One of the methods that can reduce the risk of the key being compromised is threshold cryptography. The basic idea of threshold cryptography is that the key is divided into n shares before being distributed to the involved entities. In order to generate the key again, not all the shares are needed. Instead, an entity can combine only k shares (known as the threshold value) to reconstruct the key. In other words, even though the key is divided into n shares, only k out of shares is needed to reconstruct the key.

As Extra Security

Historically, only organizations with very valuable secrets, such as certificate authorities, the military, and governments made use of threshold cryptosystem technology. Threshold cryptography scheme in Citium is an advanced and extra step to securing the key and to preventing the key from being compromised. This is because an adversary will need to attack k node(s)  in order to obtain k shares to generate the key, rather than compromising one node  to obtain the key. This makes it more difficult for an attacker.

In Citium, not only the key, but also the ciphertext (i.e. encrypted message) itself are divided into n slices along with the n shares of the key. The shared ciphertexts are distributed indiscriminately to as many Citium nodes  (i.e. service & user nodes). In doing so, all contents are benign to the owner of all nodes . No one is needed to be held responsible for any message distributed. No one knows what/whence/to whom they are distributing on their nodes . In the Citium’s threshold cryptosystem, it is designed that k = n. It means all n shares have to be collected and combined. It is the most stringent InfoSec setting on the threshold cryptosystem.

InfoSec Summary

Here is a list of available InfoSec features on Citium. Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or at least reducing the probability of unauthorized/inappropriate access, use, disclosure, disruption, deletion/destruction, corruption, modification, inspection, recording or devaluation, although it may also involve reducing the adverse impacts of incidents (e.g. force disclosure / mandatory key disclosure).



You may also like

The Unsecure Email

Define: Message-oriented middleware (MOM)

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Subscribe to our newsletter now!