Idea

Allow the option to use asymmetric encryption for chat messages. Each player will have their own public private key pair, where the public key is shared to all other members of the server. Each player configures a list of public keys, corresponding to each other player who should be able to read messages that this player sends.

Reasoning

One benefit of this approach is that it allows each individual to set their "own" key, which can be used among multiple groups and multiple servers. Two servers may have different groups of people on it, and thus different key configurations. With an asymmetric approach, you can communicate the same public key to all members of all servers.

This technically could also be automated, where each client broadcasts its public key to all other modded clients, though this obviously does pose some risk.

Note: as the length of recipients increases, so does the length of the encrypted message. This perhaps makes this approach not viable for very large servers?

Other Information

No response

My concern with asymmetric encryption is that it drastically increases message length, especially if we are trying to broadcast encrypted keys as part of every message. Using binary encoding doesn't help that much, because in the end we still have to transmit messages over plaintext medium encoded with something like Base64.

If we place the burden of key exchange fully on the players then it also becomes quite hard to keep track of all those different keys.

I view this as an interesting idea nonetheless, but it is my opinion that it will only become practical when we have some kind of external service to handle relaying of keys (and perhaps even whole messages).

Like I suggest here: #235 (comment)

X25519 is a pretty good key exchange algorithm, considering its small size and pretty good security for in-game chat. I got a rough idea:

Every NCR user sends their message along with their public key along with the encrypted message, and each NCR client caches that public key. The private message would be easy, just calculate the common secrets (or shared secrets) and use that as AES-256 things (as a nerd, I'd prefer AES-256-GCM-SIV, but Mojang has already handled the HMAC things, I think any modern AES encryption would be sage enough for in-game chat unless FBI agents are in the server).

The public message would be messy. First, you don't know new players' public keys, so they don't know how to decrypt the message. But they do get your public key after receiving an undecryptable message from you. And the same thing happens to you. Your target must send at least one message so that you can get his public key.

Since I infer there is no way to know who use NCR or not in all possible server, we can't just broadcast public every time new players join. Symmetric pre-shared key encryption wouldn't suffer from this, but an asymmetric one would.

For message format, I suggest:

{
    "message": "encrypted message using a random key",
    "keys": {
        "A's public key": "the random key encrypted for this guy",
        "B's public key": "the random key encrypted for this guy"
    }
}

Encrypting a message multiple times would be bad in performance, but you can encrypt the key multiple times. It's called envelope encryption. To save more space, you can use some binary encoding like protobuf instead of JSON.

Here I have a simple demo program written in Kotlin:
https://gist.github.com/hurui200320/f86833eaaf0d33574562024f290ae861#file-x25519withpurebc-kt

Makes me wonder if we should skip MC chat entirely and make the chat instead just a in game matrix client 😛

Minecraft in-game chat is text-only, so using matrix would be an overkill. Also, the matrix needs some server to operate, it's federation, not decentralization.

So I would suggest we pack something like I2P or Briar into a mod and use that to implement a P2P in-game chat.

Although this conversation is not related to this mod, it's definitely interesting to see one. 😄

This mod is becoming too much, these things should be in a separate mod. I want to disable reporting, that's it.

yeah supporting a completely custom chat layer not related to minecraft's built in chat system should be a separate mod, but this is not the worst place to discuss this.

I bring up matrix as it could an interesting way to combine chat in and outside of minecraft, since some modded servers already have a minecraft-discord bridge, perhaps all chat could be centralized on a per-server, self-hosted matrix instance?

but this is not the worst place to discuss this.

But also not the best place to discuss. I noticed there is a new github feature called "discussions", which seems like a good place for general discussions.

Why don't we close this issue when the contributor already said this mod is becoming too much, and move to the discussion area to continue those creative but not super related ideas?