Downloads
Powered by

# Bitmail: A Decentralized Privacy-Preserving Messaging Protocol

Abstract – We propose Bitmail, a peer-to-peer encrypted messaging protocol that leverages blockchain and distributed storage to achieve end-to-end secure email-like communication without trusted servers. Bitmail is motivated by the shortcomings of traditional email: a large fraction of global email is spam or phishing, and much of it traverses the internet without strong encryption. Conventional email’s reliance on centralized servers and opportunistic TLS means that messages (and their metadata) can be intercepted or surveilled, and subject lines and other headers remain exposed. Bitmail addresses these issues with a novel architecture: message content is encrypted with the recipient’s public key and stored off-chain (e.g. on IPFS), while a short encrypted hashlink pointing to that content is itself encrypted to the recipient’s public key and published on a Cosmos-SDK blockchain. Only the intended recipient can decrypt this on-chain pointer to retrieve and decrypt the actual message, preventing third parties from reading or even identifying the communication. Using a dedicated Cosmos-based blockchain for Bitmail provides low-cost, high-throughput transaction processing, avoiding the congestion and fees of general-purpose networks. Every Bitmail message is an on-chain transaction, which inherently requires the sender to spend a small fee, creating an economic disincentive for spam. We describe the Bitmail protocol in detail, including its encrypted hashlink transaction design (EHL transactions), the integration of distributed storage backends (IPFS by default), and the client application layer for key management, identity discovery, and inbox management. We analyze how Bitmail achieves privacy (strong encryption, no third-party access to content), security (censorship-resistance and spam mitigation via fees), and discuss potential threats and mitigations. Bitmail is not a mere clone of email nor a general file-sharing system – it represents a new class of communication protocol optimized for confidentiality and resilience against surveillance and censorship.

# 1. Introduction

Email is one of the most ubiquitous communication methods, with over 300 billion emails sent every day. Yet the email ecosystem suffers from severe privacy and security issues. A substantial portion of all email traffic consists of unsolicited or malicious messages: recent surveys indicate roughly 45–56% of global emails are spam [2], amounting to around 160 billion junk messages sent daily. Phishing – emails designed to impersonate trusted senders and deceive recipients – is also rampant. By 2025 phishing emails made up an estimated 1.2% of all email traffic [3], contributing to over a trillion phishing messages each year. It is therefore no surprise that email remains the top attack vector for cybercrime; an estimated 94% of cyberattacks originate from malicious emails [3].

Beyond spam and phishing, traditional email has inherent privacy weaknesses. The original email protocols (SMTP, IMAP, POP3) were not designed with end-to-end encryption. While TLS encryption is now used opportunistically to protect emails in transit between mail servers, it is not universal – in early 2025 about 90% of Gmail-to-provider emails were sent over encrypted channels [4], leaving tens of billions of messages daily in plaintext. True end-to-end encryption (where only sender and recipient can read the content) is extremely rare in email. Services like Gmail and Outlook can access the content of emails, and standard emails stored on servers can be read by those providers or anyone who gains server access. PGP or S/MIME can provide end-to-end encryption, but they are cumbersome and rarely used by the general public [5]. Even when used, metadata such as sender, recipient, and subject line remain exposed.

These realities highlight the need for a new approach to digital messaging. Bitmail’s design goals include:

  • Privacy – Only sender and recipient can read messages.
  • Spam mitigation – Per-message transaction fees deter abuse.
  • Censorship resistance – No central authority can block delivery.
  • Secure UX – Email-like usability with cryptographic identity.

# 2. Bitmail Architecture Overview

Bitmail’s three-layer architecture:

  1. Blockchain: Cosmos SDK-based ledger for encrypted hashlink transactions.
  2. Storage Vaults: IPFS by default; vault-agnostic and pluggable.
  3. App Layer: User-facing Bitmail client performing key management and encryption.

# 2.1 Encrypted Hashlinks (EHLs) on the Blockchain

An EHL is an encrypted content address (CID) from IPFS, encrypted with recipient’s public key before including it in an on-chain transaction. Validators see opaque blobs, not actual hashes. Each on-chain message costs a fee, deterring spam.

# 2.2 Off-Chain Encrypted Storage

Encrypted message payloads are stored on IPFS (or other vaults). CIDs are encrypted before being posted on-chain. The design supports multiple vault backends for resilience and enterprise integration.

# 2.3 Application Layer

Client software handles:

  • Wallet generation & key management
  • Contact handling
  • Message encryption/decryption
  • IPFS uploading/downloading
  • Blockchain TX creation & broadcast

# 3. Design Rationale: Cosmos SDK vs Ethereum

Bitmail uses a sovereign Cosmos SDK chain because:

  1. Low, predictable fees [6]
  2. High throughput [6]
  3. Custom modules & governance control
  4. Better privacy via per-recipient encrypted hashlinks [7], avoiding public message pointer issues on Ethereum.

# 4. Protocol Walkthrough

Alice → Bob:

  1. Compose message.
  2. Fetch Bob’s public key from blockchain state.
  3. Encrypt message content locally.
  4. Upload encrypted content to IPFS → get CID.
  5. Encrypt CID → EHL.
  6. Create & sign TX with EHL, broadcast to blockchain.
  7. Bob’s client decrypts EHL, retrieves encrypted content from IPFS, decrypts message.

# 5. Security Considerations

Eavesdropping: Impossible without recipient's private key.
Metadata leakage: Blockchain exposes sender/receiver addresses; mitigated via pseudonymous keys.
Spam: Fees + lack of public address directories make mass spam costly and inefficient.
Phishing: Strong cryptographic identity prevents address spoofing, but user vigilance is still required.
DoS: Only possible via large-scale fee-burning or validator capture.
Storage availability: IPFS redundancy and pinning improve reliability.
Device compromise: Endpoint security remains critical.

# 6. Conclusion

Bitmail delivers a secure, decentralized, censorship-resistant alternative to email using:

  • A Cosmos-SDK blockchain for routing/delivery
  • IPFS (or modular vaults) for encrypted storage
  • Per-recipient encryption for both content and pointers

This removes centralized control, hides message contents from third parties, and integrates an economic spam deterrent into the protocol itself.

# References

[1] Bitmail Network – “Bitmail is a beta peer-to-peer encrypted messaging platform built on a Cosmos SDK blockchain and IPFS.” (2025)
[2] Cai Ellis & Robert Brandl, “Spam Statistics 2025,” EmailToolTester Blog, Oct. 16, 2024.
[3] Gary Smith, “Top Phishing Statistics for 2025,” StationX Blog, June 2, 2025.
[4] Paul Anthonioz, “How to Encrypt an Email in Gmail,” Mailmeteor Blog, Oct. 5, 2023.
[5] Amie Stepanovich, “Google to enable end-to-end encryption for user emails,” Access Now, June 3, 2014 (updated Jan 2023).
[6] Webisoft Tech Blog, “Ethereum vs. Cosmos: Choosing the Right Blockchain Platform.”
[7] Michal Bryxí, “Ethereum Messaging: Explaining Whisper and Status.im,” SitePoint, May 2018.

© 2025 Bitmail Software Llc.