MAM Lite — a more flexible messaging protocol for IOTA
Masked Authenticated Messaging (MAM), a genius protocol described by Paul Handy, is one of IOTA’s most potent IXI Modules.  Thanks to the design and feeless nature of the Tangle, it opens up many new use cases.
The objective of information security is to guarantee confidentiality, availability and data integrity. These features are prerequisite for things like traffic networking (e.g. V2X), verifiable supply chains, over-the-air updates and much more.
Masked Authenticated Messaging is therefore suitable for many applications, but also has its limitations.
Why another messaging protocol?
The limitation lies in the way how signatures are handled in the current protocol. There are use cases in which different participants are in the same channel and each signature must be assignable: The ability to know who exactly produced a given message. With that, a recipient does not only know that the message is a genuine message from someone of the trusted group, they instead can identify the underlying author.
Besides that, there exist other important use cases where for example every author inside a channel must stay anonymous, but at the same time observable and assignable for an external trusted party.
At this point, I would like to introduce MAM Lite (MAML). MAML brings public-key cryptography to MAM - to make it more flexible.
Address derivation & Forward Secrecy
Every address in a channel is derived from its previous address. The derivation makes use of a cryptographic hash function. It’s a mathematical algorithm that maps data of arbitrary size to a bit string of a fixed size (a hash) and is designed to be a one-way function, that is, a function which is infeasible to invert. Thanks to this one-way function, nobody can see the history of an address. Forward Secrecy is therefore guaranteed:
ADDRESS_1 = HASH(CHANNEL_ID + password)
ADDRESS_2 = HASH(ADDRESS_1 + password)
ADDRESS_3 = HASH(ADDRESS_2 + password)
A secure channel identifier will be used to generate the genesis address. Hashing an additional password guarantees that a stream can only be followed if the appropriate password is known. This feature guarantees confidentiality and protects against spam.
This derivation scheme allows you to read the stream where you want. The only requirement is an address of the stream (where to start) and the appropriate channel password.
A stream-seller therefore has the possibility to sell only parts of a stream. This benefits the buyer because they do not have to buy the whole history of the stream in order to follow it.
This address derivation scheme allows fast access to messages. Since an address is derived from the previous address, all addresses can be computed upfront to reach the desired one. An additional address cache to generate from would make the access even faster.
It may be necessary in some use cases to offshoot channels for specific subsets of data. Just by changing the channel password, a publisher can split a channel very easy at any point in time. This feature allows to build every kind of structure one can imagine.
The signature scheme
To sign and verify messages, MAML uses RSA. It’s an asymmetric cryptographic algorithm that can be used for both encryption and digital signing. It uses a key pair consisting of a private key used to decrypt or sign data and a public key used to encrypt or verify signatures. The private key is kept secret and cannot be calculated from the public key.
Each channel participant owns a key pair and therefore both a private and a public key. Besides that, every participant holds the public keys of all other participants they trust. The process is illustrated by the following example:
Alice wants to publish a new message. She signs her message with her private key and publishes it. Bob sees a new message in the stream. He checks if his collection of public keys contains the public key found in the signature section of the message. Bob is aware of it and it seems like it’s Alice’s message. But to be really sure that the message was from Alice, Bob needs to verify the signature. He verifies the signature given the address, message data, signature and public key. It appears to be valid — Alice is the author of the message. Authentication and data integrity are guaranteed.
Anatomy of a message
MAML offers multi-part messages in which different sets of data are combined in a single body. Each message consists of following parts:
The private section can be read by all participants who can follow the stream. The restricted section makes fine grained access possible. That’s guaranteed by encrypting the data with the public key of a trusted party.
The simultaneous provision of private and restricted data contributes to flexibility. In both modes, the messages are only readable by those who are provided with the appropriate credentials.
The signature section contains the signature of the author as well as the appropriate public key. This public key is needed to know against which public key the signature must be verified. Every channel participant who holds the public key of an author can identify and verify the signature.
The message format was designed to be very lightweight. It’s a JSON string and consists of only a few fields so that the proof of work can be kept to a minimum. Since the next address is always derived from the current address, no pointer to the next address must be included in the message.
As indicated above, there exist use cases where for example every author inside a channel must stay anonymous, but at the same time observable and assignable for an external trusted party. This could be solved by signing the message with a random private key and add the genuie public key to the the author’s public key in the signature section with the public key of the trusted party. This would make a centrally controlled channel possible.
Status of the implementation
The first version of MAM Lite is published here on GitHub for Java. Lots of features are already implemented. You can create/split channels, post and read messages. Besides that, I have coded also a command line interface so that everyone, even non coders, can play with it, create their own channels and see how it works. The library was designed to be as easy to use as possible. 
In the following illustration, a new channel will be created. After publishing a few messages, the stream will be read. At the end I will load a totally different stream. All I need is an address of the stream (where I want to read from) and the appropriate password to follow it.
MAM Lite is easy to use, lightweight and a flexible protocol which ensures privacy and integrity for data communication at another level. The ability to know who exactly produced a given message makes new use cases possible.
If you have any questions, I’m happy to answer them. You can send me an email (firstname.lastname@example.org) or find me on Discord (Samuel Rufinatscha#2769).
If you want to send me a coffee, I say thank you ☕️😄