How Chat Reporting in Minecraft 1.19.1 works
Explains how chat reporting in Minecraft 1.19.1 works using cryptography and how it is secure and explores it's vulnerablilties.
In the 1.19.1 update, Mojang is adding a feature to enable players to report messages in chat. Many players are worried about false bans and Mojang being overreaching into server chat, but how does it really work? How does Mojang prevent false reports?
When you launch the game, Mojang provides you with a Mojang signed public/private key pair. But what do those words even mean?
Public and Private Key Cryptography
First, we need to know how cryptography works. Let me give you an example. What does 11 x 37 equal? Easy, it’s 407. However, this simple action is hard to reverse. If I give you a number, say 1691, what two numbers (not 1 and 1691) multiply together to make 1691? Tricky. There is only one answer because it is 2 prime numbers multiplied together. This is basically how public/private key cryptography works. 2 massive prime numbers are generated, which only you know (private key). The product of the primes is sent out to everyone (public key). Messages can be securely sent. A message encrypted with your public key can be decrypted with your public key and vice versa. This method of encryption is called RSA.
So what does signing mean? Signing means you use your private key, and encrypt your message and attach it to the message. Everyone with your public key can verify the signature matches the message sent, but if they change even one letter of your message, the signature won't match. No one can regenerate your signature without your private key. It is like a signature in real life. People can read it, but it is hard to fake. Usually, a derivative of your message, called a hash, is signed instead.
A hash is a one-way function that turns your message into a fixed-length string. This is done because RSA can only sign messages of certain lengths (or multiples of them). Minecraft uses the SHA-256 hashing algorithm to hash your message. Included in the hash are:
- message content
- your UUID
- timestamp of the message
- a salt (which is a random string)
- the signature of the last message you sent
- the signatures of the last 5 messages you've seen and their authors
Back to Minecraft. Your client sends your public key to the server, and we're done. Now, every time you chat, you send a signed copy of the message along with other data to ensure you were the only possible person to send the message and no context was omitted.
So how does the reporting work? The reporter sends the messages and the signatures to Mojang, and Mojang can verify that the messages are legitimately sent by the authors. It's as simple as that.
How can Mojang know a malicious person (or server) hasn't faked your private key? That's where the Mojang signed part of the key pair comes into play. When you send your public key, you send Mojang's signature too. Only Mojang has their private key, so everyone can verify that your private key was not faked. The end. Right?
There is one flaw in the system. The signatures of the previous messages sent and the 5 last seen messages make it nearly impossible for a report to be faked. However, if a player was really determined (such as having 5 different accounts), it is possible to get a fake report. This is known as a 51% attack.
Many people do not like this change, so how can you avoid getting banned? The obvious way is to not say any offensive things in chat. Another way is to just not chat at all!
If you do want to chat and not get reported, there are mods out there that will make your messages unreportable. However, you may be unable to join certain servers with secure chat enabled.
Edit: 2/8/2022: Remove incorrect statement about blockchains. Remove outdated information about Spigot and Paper not supporting chat reporting.