Can Kademlia securely be used for a chat/discussion application with enough privacy?

I have thought a long time about decentralized applications and their advantages, especially the fact that they tend to be more reliable and cheap when there are a lot of traffic involved, something that is not true with centralized applications (best example is facebook or google, those servers burn a lot of energy).

My question is 开发者_Python百科this:

Can Kademlia be used for a chat protocol, and how secure would it be ? If I enable packet encryption, would privacy be guaranteed ? Are other kinds of messaging applications possible with kademlia (forums/usenet, email, IRC) if I adapt the protocols ?

I'm sure I'll need to add a lot of code to make it privacy effective so that anyone can eavesdrop or exploit the Sybil attack (described on wikipedia).

What do you think ? Do you think this project is worthwhile ?

(sorry for my bad english)

Can Kademlia be used for a chat protocol, and how secure would it be ? If I enable packet encryption, would privacy be guaranteed ? Are other kinds of messaging applications possible with kademlia (forums/usenet, email, IRC) if I adapt the protocols ?

Kademlia is a mean to locate and exchange distributed information on peers. It is not related to security. You can implement security on top of it for sure. The best option is a public key encryption system with certificate authority. You would have to encrypt the data.

Anything is possible on top of Kademlia.

As other answers have noted, the role of the DHT does not include security, but instead integrity. For example, most DHTs use SHA1 as their key. This means you look up data by someone giving you the SHA1 hash of it (this is how torrents work) and when you get it from the DHT you can check to ensure it's not some other data from the untrusted sources.

As JVerstry mentions you could create a cryptographic system, and possibly a certificate authority. This would be outside the DHT, but you could use the system securely still. For example, if you encrypt a file and take the SHA1 of that, you can still use that as a key for the DHT, although you will probably want to provide some kind of nonce/salt.