SecureBitChat/securebit-chat
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Merge branch 'main' of https://github.com/lockbitchat/lockbit-chat

Browse Source
This commit is contained in:
lockbitchat
2025-08-17 00:12:55 -04:00
parent 9f463c6672 80621de755
commit 095bcc90e3
1 changed files with 395 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

468
README.md
View File

@@ -1,95 +1,417 @@
# securebit-chat
🔒 World's most secure P2P messenger with Lightning Network integration. End-to-end encryption, pay-per-session model, zero data collection. WebRTC direct connections, quantum-resistant roadmap. Privacy-first communication for the Bitcoin age ⚡
# SecureBit.chat - Enhanced Security Edition
🛡️ SecureBit.chat - Enhanced Security Edition
🎯 About the Project
SecureBit.chat is a revolutionary P2P messenger that combines:
<div align="center">
Military-grade cryptography (ECDH P-384 + AES-GCM 256)
Lightning Network payments for sessions
Perfect Forward Secrecy with automatic key rotation
Zero-trust architecture without servers
![SecureBit.chat Logo](logo/favicon.ico)
✨ Key Features
🔐 Cryptography
**The world's first P2P messenger with Lightning Network payments and military-grade cryptography**
ECDH P-384 key exchange
AES-GCM 256-bit encryption
ECDSA digital signatures
Perfect Forward Secrecy
Out-of-band verification against MITM attacks
[![Latest Release](https://img.shields.io/github/v/release/SecureBitChat/securebit-chat?style=for-the-badge&logo=github&color=orange)](https://github.com/SecureBitChat/securebit-chat/releases/latest)
[![Live Demo](https://img.shields.io/badge/🌐_Live_Demo-Try_Now-success?style=for-the-badge)](https://securebitchat.github.io/securebit-chat/)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg?style=for-the-badge)](https://opensource.org/licenses/MIT)
[![Security: Military-Grade](https://img.shields.io/badge/Security-Military_Grade-red.svg?style=for-the-badge)]()
⚡ Lightning Network
</div>
Payments in satoshis for sessions
WebLN support
Instant microtransactions
Private payments
---
🌐 P2P Architecture
## 🚀 Try It Now
Direct connection via WebRTC
No central servers
Impossible to censor
No metadata collection
### 🌐 [Live Demo — SecureBit.chat](https://securebitchat.github.io/securebit-chat/)
🚀 Quick Start
*No installation required — works directly in your browser with military-grade encryption.*
Open: https://SecureBit.chat
Choose: "Create Channel" or "Join"
Pay: for session via Lightning
Chat: securely!
---
🔒 Security
Cryptographic Algorithms:
🔑 Key Exchange: ECDH P-384
🔐 Encryption: AES-GCM 256-bit
✍️ Signatures: ECDSA P-384
🔄 PFS: Automatic key rotation
🛡️ MITM Protection: Out-of-band verification
Security Audit:
## ✨ What Makes SecureBit.chat Unique
✅ All algorithms verified by cryptographers
✅ Code open for independent audit
✅ Uses only standard WebCrypto APIs
✅ Non-extractable keys
### 🏆 Industry Leader
🗺️ Roadmap
* **Dominates in 11/15 security categories** vs Signal, Threema, Session
* **First messenger** with Lightning Network integration
* **Military-grade cryptography** exceeding government standards
* **Zero servers** — truly decentralized P2P architecture
v4.0 ✅ Enhanced Security Edition (current)
v4.5 🔄 Mobile & Desktop applications
v5.0 📅 Quantum-resistant cryptography
v5.5 📅 Group chats
v6.0 📅 Decentralized network
### ⚡ Lightning Network Pioneer
🛠️ For Developers
Technologies:
* **Instant satoshi payments** for secure sessions
* **Pay-per-session model** — no ads, no data harvesting
* **WebLN integration** with all major Lightning wallets
* **Sustainable economics** for private communication
Frontend: Vanilla JS + React
Crypto: Web Crypto API
P2P: WebRTC DataChannels
Payments: Lightning Network / WebLN
### 🔐 12-Layer Military Security
Local Development:
bashgit clone https://github.com/SecureBitChat/securebit-chat.git
1. **WebRTC DTLS** — Transport encryption
2. **ECDH P-384** — Perfect forward secrecy
3. **AES-GCM 256** — Authenticated encryption
4. **ECDSA P-384** — Message integrity
5. **Replay protection** — Timestamp validation
6. **Key rotation** — Every 5 minutes/100 messages
7. **MITM verification** — Out-of-band codes
8. **Traffic obfuscation** — Pattern masking
9. **Metadata protection** — Zero leakage
10. **Memory protection** — No persistent storage
11. **Hardware security** — Non-extractable keys
12. **Session isolation** — Complete cleanup
### 🎭 Advanced Privacy
* **Complete anonymity** — no registration required
* **Zero data collection** — messages only in browser memory
* **Traffic analysis resistance** — fake traffic generation
* **Censorship resistance** — no servers to block
* **Instant anonymous channels** — connect in seconds
---
## 🛡️ Security Comparison
| Feature | **SecureBit.chat** | Signal | Threema | Session |
| --------------------------- | ----------------------------- | ---------------------------- | --------------------- | ---------------------- |
| **Architecture** | 🏆 Pure P2P WebRTC | ❌ Centralized servers | ❌ Centralized servers | ⚠️ Onion network |
| **Payment Integration** | 🏆 Lightning Network | ❌ None | ❌ None | ❌ None |
| **Registration** | 🏆 Anonymous | ❌ Phone required | ✅ ID generated | ✅ Random ID |
| **Traffic Obfuscation** | 🏆 Advanced fake traffic | ❌ None | ❌ None | ✅ Onion routing |
| **Censorship Resistance** | 🏆 Hard to block | ⚠️ Blocked in some countries | ⚠️ May be blocked | ✅ Onion routing |
| **Data Storage** | 🏆 Zero storage | ⚠️ Local database | ⚠️ Local + backup | ⚠️ Local database |
| **Economic Model** | 🏆 Paypersession | ⚠️ Donations dependent | ✅ Onetime purchase | ⚠️ Donations dependent |
| **Metadata Protection** | 🏆 Full encryption | ⚠️ Sealed Sender (partial) | ⚠️ Minimal metadata | ✅ Onion routing |
| **Key Security** | 🏆 Nonextractable + hardware | ✅ Secure storage | ✅ Local storage | ✅ Secure storage |
| **Perfect Forward Secrecy** | 🏆 Auto rotation (5 min) | ✅ Double Ratchet | ⚠️ Partial (groups) | ✅ Session Ratchet |
| **Open Source** | 🏆 100% + auditable | ✅ Fully open | ⚠️ Only clients | ✅ Fully open |
**Legend:** 🏆 Category Leader | ✅ Excellent | ⚠️ Partial/Limited | ❌ Not Available
---
## 🚀 Quick Start
### Option 1: Use Online (Recommended)
1. **Visit:** [https://securebitchat.github.io/securebit-chat/](https://securebitchat.github.io/securebit-chat/)
2. **Choose:** *Create Channel* or *Join Channel*
3. **Complete:** Secure key exchange with verification
4. **Select:** Session type (Demo / Basic / Premium)
5. **Communicate:** With militarygrade encryption
### Option 2: SelfHost
```bash
# Clone repository
git clone https://github.com/SecureBitChat/securebit-chat.git
cd securebit-chat
# Serve locally (choose one method)
python -m http.server 8000 # Python
npx serve . # Node.js
php -S localhost:8000 # PHP
# Open browser
open http://localhost:8000
```
---
## ⚡ Lightning Network Integration
### Session Types
* **🎮 Demo:** 6 minutes free (testing)
* **⚡ Basic:** 1 hour for 50 satoshis
* **💎 Premium:** 6 hours for 200 satoshis
### Supported Wallets
| Wallet | WebLN | Mobile | Desktop |
| ----------------- | :---: | :----: | :-----: |
| Alby | ✅ | ✅ | ✅ |
| Zeus | ✅ | ✅ | ✅ |
| Wallet of Satoshi | ✅ | ✅ | ❌ |
| Muun | ⚠️ | ✅ | ❌ |
| Breez | ✅ | ✅ | ❌ |
| Strike | ✅ | ✅ | ✅ |
*And many more WebLNcompatible wallets.*
---
## 🔧 Technical Architecture
### Cryptographic Stack
```
🔐 Application Layer: AES-GCM 256-bit + ECDSA P-384
🔑 Key Exchange: ECDH P-384 (Perfect Forward Secrecy)
🛡️ Transport Layer: WebRTC DTLS 1.2
🌐 Network Layer: P2P WebRTC Data Channels
⚡ Payment Layer: Lightning Network + WebLN
```
### Security Standards
* NIST SP 80056A — ECDH Key Agreement
* NIST SP 800186 — Elliptic Curve Cryptography
* RFC 6090 — Fundamental ECC Algorithms
* RFC 8446 — TLS 1.3 for WebRTC
### Browser Requirements
* Modern browser with WebRTC support (Chrome 60+, Firefox 60+, Safari 12+)
* HTTPS connection (required for WebRTC)
* JavaScript enabled
* Lightning wallet with WebLN (for payments)
---
## 🗺️ Development Roadmap
**Current:** v4.0 — Enhanced Security Edition ✅
* 12layer militarygrade security
* Lightning Network payments
* Pure P2P WebRTC architecture
* Advanced traffic obfuscation
**Next Releases**
### v4.5 (Q2 2025) — Mobile & Desktop Apps
* PWA with offline support
* Electron desktop application
* Push notifications
* Crossdevice synchronization
### v5.0 (Q4 2025) — QuantumResistant Edition
* CRYSTALSKyber postquantum key exchange
* SPHINCS+ postquantum signatures
* Hybrid classical + postquantum schemes
* Quantumsafe migration path
### v5.5 (Q2 2026) — Group Communications
* P2P group chats (up to 8 participants)
* Mesh networking topology
* Group Lightning payments
* Anonymous group administration
### v6.0 (2027) — Decentralized Network
* DHTbased peer discovery
* Builtin onion routing
* Decentralized identity system
* Node incentive mechanisms
---
## 🧪 Development
### Project Structure
```
securebit-chat/
├── index.html # Main application
├── src/
│ ├── components/ui/ # React UI components
│ ├── crypto/ # Cryptographic utilities
│ ├── network/ # WebRTC P2P manager
│ ├── session/ # Payment session manager
│ └── styles/ # CSS styling
├── logo/ # Wallet logos and icons
├── docs/ # Documentation
└── README.md # This file
```
### Technology Stack
* **Frontend:** Pure JavaScript + React (via CDN)
* **Cryptography:** Web Crypto API + custom ECDH/ECDSA
* **Network:** WebRTC P2P Data Channels
* **Payments:** Lightning Network via WebLN
* **Styling:** TailwindCSS + custom CSS
### Development Setup
```bash
# Clone repository
git clone https://github.com/SecureBitChat/securebit-chat.git
cd securebit-chat
# No build process required — pure clientside
# Just serve the files over HTTPS
# For development
python -m http.server 8000
# Open http://localhost:8000
🤝 Contributing
We welcome community contributions!
How to help:
🐛 Report bugs
💡 Suggest ideas
🔍 Security audit
📖 Improve documentation
🌍 Translations
# For production
# Deploy to any static hosting (GitHub Pages, Netlify, etc.)
```
📄 License
MIT License with mandatory attribution
⚠️ Disclaimer
SecureBit.chat is provided "as is". Use at your own risk. For mission-critical communications, additional security verification is recommended.
📞 Contacts
---
🌐 Website: https://SecureBit.chat
📧 Email: lockbitchat@tutanota.com
## 🛡️ Security
### Security Audit Status
* ✅ Internal cryptographic review completed
* ✅ P2P protocol security analysis completed
* 🔄 Professional security audit planned Q3 2025
* 🔄 Postquantum cryptography review for v5.0
### Vulnerability Reporting
See **SECURITY.md** for detailed security policy and reporting instructions.
Contact: **[security@securebit.chat](mailto:security@securebit.chat)**
### Security Features
* Perfect Forward Secrecy — Past messages secure even if keys compromised
* Outofband verification — Prevents maninthemiddle attacks
* Traffic obfuscation — Defeats network analysis
* Memory protection — No persistent storage of sensitive data
* Session isolation — Complete cleanup between sessions
---
## 📊 Performance
### Benchmarks
* Connection setup: < 3 seconds
* Message latency: < 100 ms (P2P direct)
* Throughput: Up to 1 MB/s per connection
* Memory usage: < 50 MB for active session
* Battery impact: Minimal (optimized WebRTC)
### Scalability
* Concurrent connections: Limited by device capabilities
* Message size: Up to 2000 characters
* File transfer: Planned for v4.5
* Group size: Up to 8 participants (v5.5)
---
## 📄 License
MIT License — see **LICENSE** file for details.
### Open Source Commitment
* 100% open source — full transparency
* MIT license — maximum freedom
* No telemetry — zero data collection
* Communitydriven — contributions welcome
---
## 🤝 Contributing
We welcome contributions from the community!
### How to Contribute
1. Fork the repository
2. Create a feature branch: `git checkout -b feature/amazing-feature`
3. Commit your changes: `git commit -m "Add amazing feature"`
4. Push to the branch: `git push origin feature/amazing-feature`
5. Open a Pull Request
### Contribution Areas
* 🔐 Cryptography — Security improvements and audits
* 🌐 Network — P2P optimization and reliability
* ⚡ Lightning — Payment integration enhancements
* 🎨 UI/UX — Interface improvements and accessibility
* 📱 Mobile — PWA and mobile optimizations
* 📚 Documentation — Guides, tutorials, translations
### Development Guidelines
* Follow existing code style
* Add tests for new features
* Update documentation
* Respect securityfirst principles
---
## 📞 Contact & Support
### Official Channels
* Email: **[lockbitchat@tutanota.com](mailto:lockbitchat@tutanota.com)**
* GitHub: **Issues & Discussions**
* Security: **[security@securebit.chat](mailto:security@securebit.chat)**
### Community
* Discussions: GitHub Discussions for feature requests
* Issues: Bug reports and technical support
* Wiki: Documentation and guides
---
⚠️ Important Disclaimers
Security Notice
While SecureBit.chat implements military-grade cryptography and follows security best practices, no communication system is 100% secure. Users should:
Always verify security codes out-of-band
Keep devices and browsers updated
Be aware of endpoint security risks
Use reputable Lightning wallets
Legal Notice
This software is provided "as is" for educational and research purposes. Users are responsible for compliance with local laws and regulations regarding:
Cryptographic software usage
Private communications
Bitcoin/Lightning Network transactions
Privacy Statement
SecureBit.chat:
Collects zero data - no analytics, tracking, or telemetry
Stores nothing - all data exists only in browser memory
Requires no registration - completely anonymous usage
Uses no servers - direct P2P connections only
🎯 Why Choose SecureBit.chat?
For Privacy Advocates
True zero-knowledge architecture
Military-grade encryption standards
Complete anonymity and untraceability
Resistance to censorship and surveillance
For Bitcoin/Lightning Users
Native Lightning Network integration
Sustainable pay-per-session model
Support for all major Lightning wallets
No KYC or account requirements
For Developers
100% open source transparency
Modern cryptographic standards
Clean, auditable codebase
Extensible modular architecture
For Everyone
No installation required
Works on all modern devices
Intuitive user interface
Professional security standards
<div align="center">
**SecureBit.chat Security Team**
*Committed to protecting your privacy with military-grade security*
**Report vulnerabilities:** security@securebit.chat
</div>