Skip to content

Nokia-Bell-Labs/PubSubChk-Client

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

524 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

PubSubChk Client

PubSubChk is a research prototype for verifiable message delivery in publish-subscribe systems. This repository contains the client-side part of the prototype: an extension of the Eclipse Paho MQTT Go client that adds cryptographic checks to MQTT while keeping the familiar publish/subscribe programming model.

In a regular MQTT deployment, clients place a lot of trust in the broker. The broker receives messages from publishers, decides which subscribers should see them, and forwards them onward. That simplicity is one of the reasons MQTT is so useful, but it also means publishers cannot easily verify that their messages reached all intended subscribers, and subscribers cannot easily prove that their stream is complete, ordered, and consistent with the system view seen by other clients.

PubSubChk explores the following question: can we keep the lightweight MQTT experience, but make delivery auditable? This experimental MQTT extension combines signed publications, compact aggregate acknowledgments, and a key transparency service to detect omissions, reordering violations, and broker-induced split views.

What This Repository Contains

This codebase is a research fork of github.com/eclipse/paho.mqtt.golang. The core Paho client is still here, including the asynchronous Go API for connecting to MQTT brokers, publishing messages, subscribing to topics, and handling incoming messages. On top of that baseline, we added PubSubChk-specific protocol logic for:

  • signed MQTT publications carrying publisher identity and sequencing metadata;
  • subscriber-side verification of message signatures and rolling clocks;
  • publisher-side multi-acknowledgment requests backed by aggregate signatures;
  • membership lookups against epoch-based key transparency commitments;
  • packet-level extensions used by the PubSubChk-enabled broker.

The implementation is meant to support experimentation and evaluation of the protocol described in (TODO: pending publication).

Protocol Idea

PubSubChk extends MQTT with verifiability rather than replacing MQTT. Clients still communicate through a broker, topics still drive routing, and publishers and subscribers remain decoupled.

At a high level:

  1. A PubSubChk-enabled publisher signs each publication together with metadata such as the topic, its public key, and a logical clock.
  2. A subscriber verifies the signature and checks the clock sequence for the publisher/topic stream it receives, then signs an acknowledgment.
  3. The broker aggregates subscriber acknowledgments into a compact multiack that acts as a constant-size proof of delivery for the publisher.
  4. A key transparency service maintains public, verifiable per-topic epoch commitments to active subscriber keys, helping clients detect inconsistent broker views.

The prototype uses BLS signatures via github.com/supranational/blst and Merkle-tree based membership proofs via github.com/txaty/go-merkletree. Clients provide a Proof-of-Possession (PoP) during PubSubChk setup to mitigate rogue-key attacks in the aggregate signature scheme.

System Components

PubSubChk is split across three repositories:

For meaningful end-to-end experiments, run this client together with the PubSubChk broker and key transparency service.

Getting Started

You need Go 1.21 or newer. The repository currently keeps the original Paho module path for compatibility with the upstream client API:

import mqtt "github.com/eclipse/paho.mqtt.golang"

When using this checkout from another experiment repository, point Go at your local PubSubChk client with a replace directive:

replace github.com/eclipse/paho.mqtt.golang => ../PubSubChk-Client

Then build or test with standard Go tooling:

go test ./...

Some tests and experiments expect a PubSubChk-enabled broker and key transparency service to be running. See the companion repositories for the full prototype setup. Legacy MQTT clients can still co-exist with PubSubChk-enabled clients on the same broker; they simply do not receive PubSubChk verifiability guarantees.

Minimal Client Shape

Existing Paho-style client setup remains familiar. PubSubChk is enabled by configuring a BLS secret key on the client options:

opts := mqtt.NewClientOptions().
	AddBroker("tcp://localhost:1883").
	SetClientID("pubsubchk-client")

if _, err := opts.SetSecretKey(serializedSecretKey); err != nil {
	panic(err)
}

client := mqtt.NewClient(opts)
token := client.Connect()
token.Wait()

Once enabled, publications carry PubSubChk metadata, subscribers validate incoming messages, and publishers can request aggregate acknowledgments through the extended client API.

Repository Map

  • client.go, options.go, message.go: Paho client API plus PubSubChk client options and request hooks.
  • signature.go: BLS signature handling, clock checks, and key transparency membership verification helpers.
  • packets/: MQTT packet handling, including PubSubChk-specific packet extensions for signed publishes, membership checks, and multi-acks.
  • cmd/: sample clients and helper programs inherited from the Paho client.

Research Status

This is an experimental research prototype, not a production-ready MQTT client. The packet encoding, APIs, and deployment assumptions are still shaped by the evaluation workflow. Please treat the code as a vehicle for reproducing and extending the PubSubChk experiments.

In the current evaluation, PubSubChk adds low end-to-end latency overhead over standard MQTT, while multiack verification remains constant with respect to the number of subscribers. The paper draft reports approximately 0.3 ms of added end-to-end delay in the local MQTT setup and less than 1% overhead in cross-region deployments.

For production MQTT applications without PubSubChk, use the upstream Eclipse Paho MQTT Go client or Eclipse Paho Go client.

Acknowledgments

PubSubChk builds on the excellent work of the Eclipse Paho project. The original client library provides the MQTT implementation and API foundation used by this prototype.

The PubSubChk protocol and prototype are developed as part of our research on verifiable message delivery for publish-subscribe systems. For the full design and evaluation, start with (TODO: pending publication).

License

This repository retains the upstream Eclipse Paho licensing terms. See LICENSE, epl-v20, and edl-v10 for details.

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors