Matrix (protocol): Difference between revisions

The Matrix standard specifies [[REST]]ful HTTP APIs for securely transmitting and replicating JSON data between Matrix-capable clients, servers and services. Clients send data by [[HTTP PUT|PUT]]ing it to a ‘room’ on their server, which then replicates the data over all the Matrix servers participating in this ‘room’. This data is signed using a git-style signature to mitigate tampering, and the federated traffic is encrypted with HTTPS and signed with each server's private key to avoid spoofing. Replication follows [[eventual consistency]] semantics, allowing servers to function even if offline or after data-loss by re-synchronizing missing history from other participating servers.

 

The Olm library provides for optional [[end-to-end encryption]] on a room-by-room basis via a [[Double Ratchet Algorithm]] implementation.<ref name="Ermoshina-2016"/> It can ensure that conversation [[data at rest]] is only readable by the room participants. With it configured, data transmitted over Matrix is only visible as [[ciphertext]] to the Matrix servers, and can be decrypted only by authorized participants in the room. The encryption protocol is called Olm; Megolm is an expansion of Olm to better suit the need for bigger rooms. There are two main implementations:

* vodozemac, the current reference implementation, written in [[Rust (programming language)|Rust]]. In 2022, it has been audited by [[Least Authority]], whose findings are publicly available<ref>{{cite web |url=https://leastauthority.com/static/publications/LeastAuthority-Matrix_vodozemac_Final_Audit_Report.pdf |title=Archived copy |website=leastauthority.com |access-date=22 May 2022 |archive-url=https://web.archive.org/web/20220516164237/https://leastauthority.com/static/publications/LeastAuthority-Matrix_vodozemac_Final_Audit_Report.pdf |archive-date=16 May 2022 |url-status=dead}}</ref> and have been addressed by the Matrix team.<ref>{{cite web | url=https://matrix.org/blog/2022/05/16/independent-public-audit-of-vodozemac-a-native-rust-reference-implementation-of-matrix-end-to-end-encryption | title=Independent public audit of Vodozemac, a native Rust reference implementation of Matrix end-to-end encryption |website=Matrix blog}}</ref> The review was partially funded by Germany's national agency for the healthcare system digitalisation ({{ill|Gematik|de}}).