MAM Lite — a more flexible messaging protocol for IOTA
The full article was originally published by Samuel Rufinatscha on Medium. Read the full article here.
Masked Authenticated Messaging (MAM), a genius protocol described by Paul Handy, is one of IOTA’s most potent IXI Modules.  Thanks to the design and feeless nature of the Tangle, it opens up many new use cases.
The objective of information security is to guarantee confidentiality, availability and data integrity. These features are prerequisite for things like traffic networking (eg. V2X), verifiable supply chains, over-the-air updates and much more.
Masked Authenticated Messaging is therefore super suitable for many applications, but also has it’s limitations.
Why another messaging protocol?
The limitation lies in the way, how signatures are handled in the current protocol. There are use cases, in which different participants are in the same channel and each signature must be assignable: The ability to know, who exactly produced a given message. With that, a recipient does not only know that the message is a genuine message from someone of the trusted group, they instead can identify the underlying author.
Besides that, there exist other important use cases, where for example every author inside a channel must stay anonymous, but at the same time observable and assignable for an external trusted party.
At this point, I would like to introduce MAM Lite (MAML). MAML brings Public-key cryptography to MAM – to make it more flexible.
Address derivation & Forward Secrecy
Every address in a channel is derived from it’s previous address. The derivation makes use of a cryptographic hash function. It’s a mathematical algorithm that maps data of arbitrary size to a bit string of a fixed size (a hash) and is designed to be a one-way function, that is, a function which is infeasible to invert. Thanks to this one-way function, nobody can see the history of an address, Forward Secrecy is therefore guaranted:
ADDRESS_1 = HASH(CHANNEL_ID + password)
ADDRESS_2 = HASH(ADDRESS_1 + password)
ADDRESS_3 = HASH(ADDRESS_2 + password)
A secure channel identifier will be used to generate the genesis address. Hashing an additional password guarantes, that a stream can only be followed if the appropriate password is known. This feature protects against spam and guarantees confidentiality.
This derivation scheme allows you to read the stream where you want. The only requirement is an address of the stream (where to start) and the appropriate channel password.
A stream-seller therefore has the possibility, to sell only parts of a stream. This benefits the buyer, because they do not have to buy the whole history of the stream, in order to follow it.
This address derivation scheme allows fast access to messages. Since an address is derived from the previous address, all addresses can be computed upfront, to reach the desired one. An additional address cache to generate from would make the access even faster.