This FAQ provides answers to most frequently asked questions about BCM.
BCM - Because Communication Matters
BCM has a technology team composed of geeks and hackers who pursue excellence and value innovation, aiming to influence and change the world.
Based on cybersecurity attack and defense, AI and blockchain technologies, we designed and developed a new generation communication platform with high security level.
Each communication message sent and received using BCM Messenger platform is based on end-to-end encryption, and no third party can decrypt the content of the message.
We will consistently be devoted to privacy protection and communication interconnection，and strive to build a reliable and safe Internet of Everything.
With BCM, you can send messages, photos, videos and all types of files to your contacts. You can also create "supergroups" with up to 100,000 people per group. In BCM, whether it is private chat or group chat, everything is strictly encrypted.
Yes BCM is free to download and free to use. BCM team is a group of developers who strive to make communication safer and the world a better place. Our goal is to create a disruptive blockchain product that's completely free to use which is different from most products based on blockchain technology worldwide these days.
You can download the BCM App from the BCM official website bcm-im.com, App Store, or Google Play. After the download is completed, click the BCM icon, select "Create Account", click "Stop" to get your account key- the key is your unique certificate in BCM.
In the main interface, click the contact icon located at the bottom to enter the contact interface. You can scan the QR code to add a friend.
Technically, BCM is similar to Telegram in some aspects: both of them use 256-bit AES symmetric encryption algorithm for content encryption, and the encryption level is extremely high. The differences between BCM and Telegram are: 1) Every message in BCM private chat and group chat is end-to-end encrypted, the forwarding node cannot get access to its content 2) Telegram's encryption of group chat and default private chat both happen on the App & both ends of the server which means the server can get access to the decrypted content. End-to-end encryption is used for private-chat only after the "Secret Chat" mode is turned on.
From technical perspectives, the private chat of BCM and WhatsApp are both based on Signal Protocol, and the security of the encryption algorithms of both Apps are the same.
However, while group chat of both BCM and WhatsApp are end-to-end encrypted and support Perfect Forward Security (PFS), the number of people in WhatsApp's group chat can't exceed 256/per group when every group of BCM can support up to 100,000 people.
In addition, WhatsApp does not open source, but BCM will gradually open source.
Simply enter the chat interface, click the icon located at the upper right corner to open the new chat interface, click on "New Group Chat". You can select the group chat member directly from your contact list, or you can add people directly by entering their phone numbers.
For your privacy, please perform a cold backup on another device. You can click the "..." icon on the BCM main interface and select "Account Security" to open the account backup page. The page will display the QR code of your account. You need to install BCM on another mobile phone. Find the "…" option like explained above to back up. BCM will provide more backup methods for our users in the near future.
BCM's encryption method is one of the most secure encryption methods known in the world. The private (one-to-one) chat process uses the X3DH based on the elliptic curve-Curve25519 for key exchange, and implements the Double Ratchet process to ensure that the encryption key of each chat message is different. The chat contents are encrypted by AES-256 symmetric encryption algorithm. The encryption method guarantees:
1) Encryption is end-to-end. Third-party nodes such as forwarding nodes do not intervene in content encryption and decryption, and have no ability to decrypt any content. 2) Conform to perfect forward security (PFS) features. 3) In extremely special cases when the user's private key is exposed, the third party still cannot intercept nor decrypt any chat content. For group chats with up to 100,000 users/per group, BCM also uses AES-256 symmetric encryption algorithm for end-to-end encryption, and ensures that the encryption key of every unit of chat content is not repeated-meeting the requirements of perfect forward security(PFS).
BCM chat messages pass through the forwarding node (either a user PC node on the P2P network or an officially deployed server). Because the contents are end-to-end encrypted, the forwarding node is only responsible for forwarding the data message and cannot decrypt the forwarded chat content.
BCM is planning to open source, and we will gradually disclose source code of BCM to the public.
When every disruptive product has just emerged, it is not necessarily the most recognized product in the market. However, as more and more users feel the revolutionary changes brought about by BCM and free communication, the more BCM will grow.
Imagine the future where everything is interconnected, and when everyone has their own BCM IM account. Through BCM, people can not only communicate safely and conveniently, but also easily communicate and connect with everything. BCM will become the real "smart assistant" in the era of "interconnected everything", and truly make "connect everything with one account" reality.
BCM, with its characteristics of decentralization, tamper-proof and multi-party consensus mechanism, will become the infrastructure for activating and connecting everything: not only in the field of communication, but also in the process of linking people and all things.
In the long term, what BCM wants to accomplish is to change the traditional transmission path of information, people and things. BCM aims to fundamentally solve the information-transmission's path security & trust problems.
No. Actually BCM IM service is not based on blockchain platform, the reason is simple: As each message is strictly encrypted, we do not see a difference between storing a message to a BCM Server and storing it to a blockchain, not to mention the efficiency of blockchain. Furthermore, it is difficult to upgrade the software in each public blockchain node whenever necessary.
However, BCM does have cryptocurrency wallet, and adopt similar technology as Blockchain:
1. Each BCM account has a locally generated (private key, public key) pairs, and it needs to prove its validity by doing some POW job when registering itself to the platform.
2. The unique User Id is simply the hash of account public key.
3. One can communicate to his/her contact in a "talk to public key hash" way, very similar to "pay to public key hash" in Blockchain. – Only the owner of the public key can decrypt the content.
One of our key considerations in BCM design is "zero trust". The BCM app does not trust anyone except itself, not even the BCM Server, for example:
1. The message encryption is end-to-end, neither the BCM Server nor any other 3rd party can decrypt the message.
2. Verify the contact's public key returned from BCM Server. Each BCM app knows its contact's UID (the hash of contact's public key), whenever the BCM Server returns a fake public key, the app will find out the Server is cheating because hash(fake-public-key) is not equal to UID.
3. Whenever the BCM Server informs a BCM app that a new user joins a specific group, and request the app to synchronize the group message encryption key to that new user, the app will not blindly accept that request unless the new user can present a valid token for that group. The token is retrieved from other users or from join-group-invitation URL, and is unknown to BCM Server.
In summary, our design intention is that even when the BCM Server is fully compromised, the confidentiality and integrity of the message will still be guaranteed.
On the contrary, here are some problems we found in some other messengers:
1. Only one-to-one chat message is end-to-end encrypted, group chat message is not.
2. Contact others via phone number. In such case, when user A tries to setup a safety channel with user B, A will ask the server for B's public key. However, it is difficult for A to verify the validity of the returned public key, and that is a potential MITM scenario! – to solve such a problem, some apps introduced a "security code checking" procedure that is hard to understand for most of the users.
3. For some apps, the server is assumed to be safe and trustable. If we can insert a malicious user account into the database of a specific group, then that user will be accepted as a valid group member!