The US Defense Advanced Research Projects Agency (DARPA) is looking for businesses to help it develop a secure messaging platform that is impossible to be hacked, and has decided this will be best accomplished by adopting the decentralised bitcoin blockchain technology.

"There is a critical Department of Defense need to develop a secure messaging and transaction platform accessible via web browser or standalone native application. The platform separates the message creation, from the transfer of the message within a secure courier to the reception and decryption of the message," Darpa wrote in an official notice seeking proposals on a US government platform, where small and medium businesses are encouraged to bid for federal research contracts.

"[The objective is to] create a secure messaging and transaction platform that separates the message creation, from the transfer [transport] and reception of the message using a decentralised messaging backbone to allow anyone anywhere the ability to send a secure message or conduct other transactions across multiple channels traceable in a decentralised ledger."

How a blockchain works

A blockchain is a shared ledger of transactions in a database used to verify all transactions relating to the virtual currency bitcoin. It is possible thanks to a combination of computer science concepts including distributed consensus algorithms, state machine replication, peer-to peer networking protocols and cryptography.

A copy of the blockchain is held by all the computers on the same network (known as "nodes"), and as transactions occur the blockchain is constantly updated and verified by the network with the data time-stamped into blocks. The shared data blocks are links in an encrypted chain that is both tamper-proof and completely auditable.

It's not entirely clear how Darpa will secure its messaging system, but blockchains are decentralised and the data is connected peer-to-peer, rather than in a centralised hub and spokes database model, which is expensive to maintain, inefficient and easy for attackers to hack. Instead, blockchains use digital signatures to verify transactions or to make calls to the blockchain to implement automated rules known as 'business logic'.

Darpa says it wants this encrypted messaging platform to help protect soldiers on the ground who need to communicate securely back to mission command, as well as to make it possible for DoD backoffice correspondence to be securely sent between different military departments, so that it is possible for regulators to verify that military purchasing decisions are following the law.

The idea of using blockchain technology for cybersecurity is not a new one − a company called Guardtime started by a team of Estonian cryptographers uses a blockchain technology called Keyless Signature Infrastructure (KSI).

KSI provides massive-scale data authentication without relying on centralised trust authorities, and unlike traditional approaches that depend on asymmetric key cryptography, KSI uses only hash-function cryptography, allowing verification to rely only on the security of hash functions and the availability of a public ledger.

UPDATE [28 April 15.57pm]: This article has been amended to clarify that Guardtime was started by a team of Estonian cryptographers that have no ties to the NSA.

