Security and System Architecture

Four-Layer Architecture and Cross-Platform Solutions

🏗 System Architecture Design

The Butterfly protocol adopts a modular four-layer architecture design, ensuring system scalability, security, and adaptability to future technology upgrades.

🥞 Protocol Stack Breakdown

Layer
Component
Function Description

Application & DeSoc Layer

ButterflyMessage, Channels

Handles logic for message creation, acknowledgement, public channels and private chats. DID identity management.

Session Layer

Packet, TTL

Responsible for packet encapsulation, defining message TTL, and serialization. Integrates Nostr protocol (NIP-17) to implement privacy protection.

Transport Layer

BLE, Connection Management

Core transport control. Manages BLE broadcast/receive. Physical medium abstraction layer.

Cryptography & Security Layer

Noise, Ed25519

Protocol cornerstone. Provides end-to-end security guarantees.

🕵️ Cryptography and Security Layer: Noise Protocol Stack

In a broadcast-based network, all signals are physically public. Butterfly integrates the Noise protocol framework.

  • Handshake Modes: using Noise XX or IK modes. These modes provide mutual authentication and forward secrecy.

  • Cryptographic Primitives:

    • Key Exchange: X25519 (Elliptic Curve Diffie-Hellman).

    • Authentication: Ed25519 digital signatures.

    • Symmetric Encryption: AES-256-GCM or ChaCha20-Poly1305.

🕶 Privacy Protection Design

1. Zero-Knowledge Proofs (ZKP)

To verify connections without exposing users' specific movement traces, we introduce ZK-SNARKs. Users only need to prove that they possess data that meets the Verify(Epoc)Verify(E_{poc})criteria (such as RSSI and timestamps) without publicly revealing the rawIDIDand preciseGPSGPS.

2. Anonymity and Pseudonym Systems

  • MAC Address Randomization: Prevents physical tracking.

  • Ephemeral ID Rotation: The application-layer broadcast ID is changed every 15 minutes. To strangers, each user appears as a new, unrelated node until a handshake occurs.

📱 Cross-Platform Challenges: iOS and Android

Implementing a persistent mesh network on smartphones faces significant operating system restrictions.

Background Restrictions

  • iOS: tends to kill high-power background processes and restrict broadcast frequency.

  • Android: limits the number of scans in a short period.

💡 Our Solution

  1. Hybrid Wake Mechanism: use Location Updates or Audio Background Mode to assist in keeping the app alive.

  2. Restricted Broadcasting (Duty Cycling): switch to low-frequency broadcasts in background mode, sending only minimized beacons.

  3. Local Notification Incentives: when nearby nodes are detected, wake the user with a push notification to open the app.

PreviousNetwork Layer: Bluetooth Mesh and Routing AlgorithmsNextPrivacy and Encryption Layer

Last updated