SimpleX network: new experience of connecting with people — available in SimpleX Chat v6.4-beta.4
单纯网络:与人建立联系的新体验 - 单纯聊天v6.4-beta.4
Published: Jul 3, 2025
出版:2025年7月3日
The mission of communication network is connecting people [1]. The process of connecting in SimpleX network is really secure — it is protected from server MITM attacks. But before this beta version connecting to contacts had a really bad user experience.
通信网络的使命是连接人[1]。单纯网络中连接的过程确实是安全的 - 它受到服务器MITM攻击的保护。但是在连接到联系人的Beta版本之前,用户体验确实很差。
What was the problem?
有什么问题?
How did it work before:
它以前是如何工作的:
Your contact created a large link (1-time invitation or contact address [2]) and shared with you via another messenger, email, social profile or website. Sharing the link"out-of-band" (i.e., not via the server) is necessary for security. But it was not working well in some cases:
您的联系人创建了一个较大的链接(1次邀请或联系人地址[2]),并通过另一个Messenger,电子邮件,社交资料或网站与您共享。对于安全性,共享“带外”链接(即,不是通过服务器)是必需的。但是在某些情况下,它的运作不佳:
the link was incorrectly changed by some applications, e.g. Telegram, because of link complexity, preventing people from connecting.
某些应用程序(例如电报,由于链接复杂性,阻止人们连接。
some people were worried that the link"looks like malware".
有些人担心链接“看起来像恶意软件”。
the QR code for the link was large, and sometimes difficult to scan.
该链接的QR码很大,有时很难扫描。
the link did not fit the size limit in social media profiles.
该链接在社交媒体配置文件中不符合尺寸限制。
Once you received the link, you used it in the app. But when using the link you could not see who you were connecting to. The only choice you had is to share your current profile or to use incognito profile. And as people didn't know which profile will be shared with them, many were choosing to share incognito profile, making recognizing contacts more complex — you don't know who is who unless you attach aliases to incognito contacts. Once you tap Connect, all you see is the line in the list of chats that said"Connecting via link". The process of connection required your contact to be online, and in some cases to approve the request, so you may had contact in"connecting" state for a really long time.
收到链接后,您将在应用程序中使用它。但是,当使用链接时,您看不到您要连接的人。您唯一的选择是共享您当前的个人资料或使用隐身配置文件。而且,由于人们不知道将与他们共享哪个个人资料,因此许多人选择共享隐身的个人资料,使识别联系人更加复杂 - 您不知道谁是谁,除非您将别名附加到隐身的联系人。一旦点击连接,您所看到的就是聊天列表中的行,这些聊天列表中的“通过链接连接”。连接过程要求您的联系人在线,在某些情况下批准请求,因此您可能会在“连接”状态中具有很长时间的联系。
So it is not surprising that a large number of people failed connecting to friends — either they refused to engage because of large and scary looking links, or their application made the link unusable, or they abandoned the process at step 3, deciding that the app is not working correctly.
因此,毫不奇怪的是,许多人失败了与朋友建立联系 - 他们要么由于较大而可怕的链接而拒绝参与,要么他们的应用程序使链接无法使用,或者他们在步骤3放弃了该过程,因此决定该应用程序无法正常工作。
Why can't we just use usernames?
为什么我们不能只使用用户名?
Many people asked — why don't you just use usernames or a link shortener for some really short links, as other networks and apps do.
许多人问 - 您为什么不像其他网络和应用程序一样,仅使用用户名或链接缩短器进行一些真正的短链接。
The problem is that usernames or very short links make e2e encryption security of your chats dependent on the servers. Unless the link you share contains enough randomness in it and is cryptographically linked to the encryption keys, the servers can substitute the e2e encryption keys and read all your communication without you knowing it. We see this risk as unacceptable.
问题在于用户名或非常短的链接使聊天的E2E加密安全性取决于服务器。除非您共享的链接在其中包含足够的随机性并与加密密钥相连,否则服务器可以替换E2E加密密钥并读取所有通信而不知道。我们认为这种风险是不可接受的。
Mitigation against this"man-in-the-middle" attack by the server [3] is offered by Signal and other apps via security code verification [4], when you compare the numeric code in your app with your contact's app, but:
当您通过安全代码验证[4]提供有关服务器[3]的“中间人”攻击的缓解措施,当您将应用程序中的数字代码与联系人的应用程序进行比较时,但是:
most people do not verify security codes, and even if they do, they do not re-verify them every time security code changes, so their security is dependent on the server not being compromised, which is not a great security,
大多数人都不会验证安全代码,即使他们这样做,他们也不会在每次安全代码更改时重新验证它们,因此他们的安全性取决于服务器未被损害,这不是一个很好的安全性,
the servers can still compromise the initial messages, where profile names are exchanged, before you had the chance to verify the security codes.
在您有机会验证安全代码之前,服务器仍然可以妥协的初始消息,即交换配置文件名称。
When we design communication protocols for SimpleX network we always aim to protect you from the attack via your network operators — this is what sets SimpleX network design apart from many other communication networks and platforms.
当我们为单纯形网络设计通信协议时,我们始终旨在通过网络运营商保护您免受攻击 - 这是Simple -Network Design与许多其他通信网络和平台区分开的原因。
Even though you choose the servers that you trust, and they are bound by privacy policy, and we follow the best security practices to protect servers from any 3rd party attacks, there is still a possibility that servers may be compromised by some attackers, and unless your communications are not protected from the servers, they are not protected from whoever can compromise the servers [5].
即使您选择了自己信任的服务器,并且它们受隐私策略的约束,并且我们遵循最佳的安全惯例来保护服务器免受任何第三方攻击的侵害,但仍然有可能某些攻击者可能会对服务器造成服务器的影响,除非您的通信不会受到服务器的损害,否则他们不受任何损害服务器的损害,但他们不会受到任何人的损害。
What is the new way to make connections?
建立连接的新方法是什么?
Before diving into the details of technology, let's walk though the new process of connecting to people that is introduced in v6.4-beta.4.
在深入了解技术的细节之前,让我们走到与v6.4-beta.4中引入的人联系的新过程。
As before, to connect you or your contact need to create a 1-time invitation or a contact address link. All the past problems of the long links are now solved:
像以前一样,要连接您或您的联系人需要创建1次邀请函或联系地址链接。现在解决了长期链接的所有过去问题:
this link is correctly processed by all applications, as it has a simple structure,
此链接由所有应用程序正确处理,因为它具有简单的结构,
it is short and simple, e.g. the SimpleX Chat team address for support is: https://smp6.simplex.im/a#lrdvu2d8A1GumSmoKb2krQmtKhWXq-tyGpHuM7aMwsw
它是简短而简单的,例如支持支持的单纯聊天团队地址是:https://smp6.simplex.im/a#lrdvu2d8a1gumsmokb2krqmtkhwxq-tygphum7amwsw
the QR code is now much smaller, fits a standard business card, and is easy to scan from all devices,
QR码现在要小得多,适合标准名片,并且易于从所有设备扫描,
it fits in most social media profiles.
它适合大多数社交媒体概况。
While the link is short, it still contains 256 bits of key material with additional 192 bits of server-generated link ID for one-time invitation links, so the connection is as secure as before, and in case of one-time invitations it became more secure (see below).
尽管该链接很短,但它仍然包含256位的关键材料,并带有额外的192位服务器生成的链接ID,以用于一次性邀请链接,因此连接与以前一样安全,并且在一次性邀请的情况下,它变得更加安全(请参见下文)。
As before, you have to use this link in the app, either by pasting the link or scanning QR code. But now you instantly see the name of your contact or group you are connecting to, and from v6.4.1 that will be released this July you will also see a profile image (currently disabled for backward compatibility). Once you tap"Open new chat", the app will instantly open a conversation with your contact. As you now can see which profile is shared with you via the link, you can choose which of your profiles to use to connect. If your contact shared an incognito pseudonym, then you may also choose to connect incognito. But if your contact shared a real name, you may want to share your real name as well, making it easier for your contact to recognize you — the law of reciprocity in action! In any case, your and your contact's profile names are inaccessible to messaging servers — they are e2e encrypted.
与以前一样,您必须在应用程序中使用此链接,通过粘贴链接或扫描QR码。但是,现在您立即看到了您的联系人或要连接到的组的名称,并且从今年7月发布的v6.4.1中,您还将看到一个配置文件图像(当前禁用以供向后兼容)。点击“打开新聊天”后,该应用将立即与您的联系人打开对话。正如您现在可以通过链接与您共享的哪个配置文件,您可以选择要连接的配置文件。如果您的联系人共享了隐身化的化名,那么您也可以选择连接隐身。但是,如果您的联系人共享了一个真实的名称,您可能还需要分享您的真实姓名,使您的联系人更容易识别您 - 互惠定律正在采取行动!无论如何,您和您的联系人的个人资料名称无法访问消息传递服务器 - 它们是E2E加密的。
If you are connecting via a contact address you can also add a message to your request, making it more likely to be accepted when connecting to somebody you don't know well. And from v6.4.1 contact addresses can include a welcome message that you would see before connecting, right in the conversation. This way, you effectively become connected to your contact and start a secure conversation even before you tap"Connect" button.
如果您要通过联系地址连接,则还可以向您的请求添加一条消息,从而使其在连接到您不知道的人时更有可能被接受。从v6.4.1中,联系地址可以包括一条欢迎消息,您会在对话中在连接之前看到。这样,您即使在点击“连接”按钮之前,您就可以有效地连接到联系人并开始安全的对话。
If you are connecting via a one-time invitation link, all you need to do is to tap"Connect", and then you can send messages straight after that, without waiting for your contact to be online — they will be securely received later.
如果您通过一次性邀请链接进行连接,则需要做的就是点击“连接”,然后您可以在此之后直接发送消息,而无需等待您的联系人在线 - 以后将牢固地收到。
This new experience of connecting is very similar to commonly used messengers, but it protects your security. We hope that it will be much easier for the new users to connect to their friends.
这种连接的新体验与常用的使者非常相似,但是它可以保护您的安全性。我们希望新用户与他们的朋友建立联系会容易得多。
What about security?
那安全性呢?
We took a great care to design the protocol extension for the new experience of connecting in a way that not only preserves security at the same level as before, but also increases security of connecting via one-time invitation links.
我们非常谨慎地设计协议扩展程序,以新的体验以与以前相同的水平保持安全性,而且通过一次性邀请链路连接的安全性。
First, because all the keys are now included in encrypted link data on the server, and not in the link itself as before, we can include the keys for post-quantum (PQ) key exchange and make the first message sent via one-time link (your profile) encrypted with PQ e2e encryption. Previously, PQ encryption started only after the response from your contact.
首先,由于现在所有密钥都包含在服务器上的加密链接数据中,而不是像以前那样在链接本身中包含,因此我们可以包含Quantum(PQ)键交换的键,并通过一次性链接(您的配置文件)发送使用PQ E2E Encryption的第一消息。以前,PQ加密仅在您的联系人响应后才开始。
Second, whoever can observe the link is not able to determine which public keys are used in key exchange and what messaging queue address is used, and this data is removed from the server once the connection is established. Previously, the invitation link contained public keys and the actual queue address that could have been used for a long time, unless you rotated it.
其次,可以观察链接的人无法确定在密钥交换中使用了哪些公共密钥,并且使用了哪些消息队列地址,并且一旦建立了连接,将从服务器中删除此数据。以前,邀请链路包含公共钥匙和实际的队列地址,除非您旋转,否则可以使用很长时间。
Third, if somebody retrieves the associated data of one-time invitation link they observed in transit, this link would become inaccessible for the intended recipient, so the recipient would know that the connection was potentially compromised, and would alert the contact that sent the link.
第三,如果有人检索他们在运输中观察到的一次性邀请链接的关联数据,则此链接对于预期的接收者而言将无法访问,因此收件人将知道该连接可能会受到损害,并会提醒发送链接的联系人。
How does it work?
它如何工作?
In short, a new short link references a container with the encrypted data on the server that contains:
简而言之,一个新的简短链接引用了一个包含包含的加密数据的容器:
the original full link that now include quantum-resistant keys that previously were not included because of their size,
现在的原始完整链接现在包含抗量子的键,这些键因其大小而不包括在内
contact's or group's profile and conversation preferences, from v6.4.1 it will include profile images,
Contact's或Group的个人资料和对话首选项,v6.4.1将包括个人资料图像,
also, it will include an optional contact's or group's welcome message from v6.4.1.
另外,它将包括v6.4.1的可选联系人或集团的欢迎消息。
Making user profile and welcome message included in the encrypted link data allows to start conversation as soon as you scan the link, as described in the previous section.
如上一节所述,在加密链接数据中包含的用户配置文件和欢迎消息允许在扫描链接后立即开始对话。
Design objectives and cryptographic primitives that achieve them
设计目标的设计目标和加密原语
This section is not a formal specification of the protocol, but an informal technical explanation of objectives we had for this design and how they were achieved. The technical details are available in this RFC document.
本节不是对协议的正式规范,而是我们对该设计的目标以及如何实现目标的非正式技术解释。此RFC文档可用技术细节。
Encrypted link data cannot be accessed by the server.
服务器无法访问加密的链接数据。
It means that while the client apps should use the link to derive both the link ID for the server and decryption key for the associated link data, the server should not be able to derive the link and decryption key from the link ID that it knows, and can't access the link data.
这意味着客户端应用程序应使用链接来得出服务器的链接ID和关联链接数据的解密密钥,但服务器不应从其所知的链接ID中派生链接和解密密钥,并且无法访问链接数据。
This objective is achieved by using secret_box encryption of link data with the symmetric key derived from link URI, which is different from link ID known to the server. As it is a symmetric encryption, it is secure against quantum computers.
通过使用secret_box加密与从链接URI派生的对称密钥的Secret_box加密来实现此目标,该密钥与服务器已知的链接ID不同。由于它是对称的加密,因此可以防止量子计算机进行安全。
Allow changing encrypted link data without changing the link itself.
允许更改加密的链接数据,而无需更改链接本身。
This is necessary to allow changes in user profile, chat preferences and welcome messages.
这是允许更改用户配置文件,聊天首选项和欢迎消息所必需的。
This is possible via a specific server request that allows to change user-defined part of the link data to the link owner. Because the link is derived from fixed part of the link data, the link itself remains the same.
这是通过特定的服务器请求进行的,该请求允许将链接数据的用户定义部分更改为链接所有者。由于链接是从链接数据的固定部分得出的,因此链接本身保持不变。
Prevent MITM attack on the link data by the server, even if the server obtained the link.
即使服务器获得了链接,也可以防止服务器对链接数据的攻击。
It means that the server should not be able to replace the associated link data even if it somehow obtained the link and can decrypt the data.
这意味着服务器也无法替换关联的链接数据,即使它以某种方式获得了链接并可以解密数据。
This objective is achieved by deriving encryption key from the hash of the fixed part of the link data — if server changes the link data, it would be rejected by the client, as its hash won't match the link. Server also cannot replace the user-defined part of the link data, because it is signed and will be verified with the key included in the fixed part of link data.
通过从链接数据的固定部分的哈希(Server)更改链接数据的固定部分的哈希(Hash)来实现此目标,该目标将被客户端拒绝,因为它的哈希将不匹配链接。服务器也无法替换链接数据的用户定义部分,因为它已签名,并将用链接数据的固定部分包含的密钥进行验证。
Clients use HKDF for key derivation, SHA3-256 to compute hash of the fixed part of link data, and ED25519 signature to sign user-defined link data.
客户使用HKDF进行密钥推导,SHA3-256来计算链接数据固定部分的哈希,而ED25519签名来签名用户定义的链接数据。
Prevent undetectably accessing encrypted link data of one-time links.
防止不可检测的一次性链接的加密链接数据。
This is explained in the previous section — if link observers retrieve the link data, the link will become inaccessible for the intended recipient.
这在上一节中说明了这一点 - 如果链接观察者检索链接数据,则链接对于预期的收件人将无法访问。
This objective is achieved because the link data of 1-time invitation link data can only be accessed with the server request that locks queue on the first access. Any subsequent access to the queue must uses the same authorization key ( ED25519 ).
之所以实现此目标,是因为只能使用锁定第一个访问的服务器队列的服务器请求访问1次邀请链接数据的链接数据。随后对队列的任何后续访问都必须使用相同的授权密钥(ED25519)。
The link owner cannot include address of another queue in the link.
链接所有者不能在链接中包含另一个队列的地址。
It means that the link cannot redirect the connecting party to another server or to another queue on the same server — the apps would reject the links that attempt to do it. While allowing redirects may be seen as higher security from the server, it would open the possibility of resource exhaustion attacks, as the server would not know if the links were actually used to connect or not, and when the link data can be removed. So we decided that preventing redirects is a better tradeoff. This cryptographically enforced association between link and queue allows to remove link data from the server once the connection is established, or once some time passes (e.g., 3 weeks for unused one-time invitation links).
这意味着链接不能将连接方重定向到另一台服务器或同一服务器上的另一个队列 - 应用程序将拒绝尝试执行此操作的链接。尽管允许重定向可以被视为服务器的更高安全性,但它将打开资源耗尽攻击的可能性,因为服务器不知道链接是否实际使用用于连接,以及何时可以删除链接数据。因此,我们认为防止重定向是一个更好的权衡。链接和队列之间的这种密码强制执行的关联允许一旦建立连接,或者一次通过了一段时间,就可以从服务器中删除链接数据(例如,未使用的一次性邀请链接3周)。
This objective is achieved by including queue ID and link data into the same server response.
通过将队列ID和链接到同一服务器响应中的数据来实现此目标。
Prevent link owner from being able to change the queue address and encryption keys in the link.
防止链接所有者能够更改链接中的队列地址和加密密钥。
This quality prevents the MITM attack on e2e encryption via break-in attack on the client of the link owner.
该质量通过对链接所有者客户的闯入攻击来防止MITM对E2E加密的攻击。
The server does not provide any API to change the fixed part of the link data. Also, changing fixed data would require changing the link, as otherwise the hash of the data won't match the link.
该服务器不提供任何API来更改链接数据的固定部分。此外,更改固定数据将需要更改链接,否则数据的哈希峰与链接不符。
It should be impossible to check the existence of a messaging queue for one-time invitation links.
一次性邀请链接的消息,不可能检查消息传递队列的存在。
It means that any 3rd party that observed 1-time invitation link (e.g., by reading the message in the messenger or email where it was sent) must not be able to undetectably confirm whether this messaging queue still exists, by attempting to create another queue with the same link ID and the same link data.
这意味着,任何观察到1次邀请链接的第三方(例如,通过在发送的邮递员或电子邮件中读取消息),不得能通过尝试通过使用相同的链接ID和相同链接数据的另一个队列来确认是否仍然存在此消息队列是否仍然存在。
This objective is achieved by servers requiring that sender ID is derived (using SHA3-384 ) from request correlation ID, so an arbitrary sender ID cannot be used, and by generating link ID on the server — for 1-time invitation link, the link ID is included in the link in addition to link key, and is not derived from the link data.
该目标是通过要求从请求相关ID派生发件人ID(使用SHA3-384)的服务器来实现的,因此不能使用任意发送者ID,并且通过在服务器上生成链接ID来实现 - 对于1次邀请链接,链接ID除了链接外,链接还包含在链接中,并且不是从链接数据中派生的。
See the detailed threat model for protocol extension supporting the new user experience of making connections.
有关支持建立连接的新用户体验的协议扩展,请参见详细的威胁模型。
Let us know what you think!
让我们知道您的想法!
We worked really hard to deliver this big change — the simplicity of user experience required to hide a lot of complexity under the hood. We really hope that it will help you to bring more of your friends to SimpleX network and to benefit from using secure communications.
我们非常努力地实现了这一重大变化 - 用户体验的简单性,即可隐藏很多复杂性。我们真的希望它能帮助您将更多的朋友带到单纯胶网络,并从使用安全通信中受益。
The stable versions v6.4 and v6.4.1 will be released this July, but you can already use the beta version available via Play Store (Android), Test Flight (iOS) and GitHub (Android and desktop).
稳定版本v6.4和v6.4.1将于今年7月发布,但是您已经可以使用Play Store(Android),Test Flight(IOS)和GitHub(Android and Desktop)的Beta版本。
Big thank you to everybody who uses SimpleX network, even though the experience of connecting to people was complex before this release.
非常感谢所有使用单纯形网络的人,即使在此版本之前与人建立联系很复杂。
With your help, SimpleX network should be able to get over the million active users now!
在您的帮助下,单纯形网络现在应该能够克服百万活跃用户!
SimpleX network
单纯网络
Some links to answer the most common questions:
一些链接回答最常见的问题:
How can SimpleX deliver messages without user identifiers.
在没有用户标识符的情况下,单纯形如何传递消息。
What are the risks to have identifiers assigned to the users.
将标识符分配给用户的风险是什么?
Technical details and limitations.
技术细节和局限性。
Frequently asked questions.
常见问题。
Please also see our website.
请参阅我们的网站。
Please support us with your donations
请通过您的捐款来支持我们
Huge thank you to everybody who donated to SimpleX Chat!
非常感谢所有捐赠给单纯聊天的人!
Prioritizing users privacy and security, and also raising the investment, would have been impossible without your support and donations.
如果没有您的支持和捐款,将用户优先考虑隐私和安全以及提高投资是不可能的。
Also, funding the work to transition the protocols to non-profit governance model would not have been possible without the donations we received from the users.
此外,如果没有我们从用户那里收到的捐款,将资金用于将协议转换为非营利治理模型的工作将是不可能的。
Our pledge to our users is that SimpleX protocols are and will remain open, and in public domain, so anybody can build the future implementations of the clients and the servers. We are building SimpleX platform based on the same principles as email and web, but much more private and secure.
我们对用户的承诺是,单纯式协议是并且将保持开放,并且在公共领域中,因此任何人都可以构建客户和服务器的未来实现。我们正在基于与电子邮件和网络相同的原理建立单纯平台,但更加私密和安全。
Your donations help us raise more funds — any amount, even the price of the cup of coffee, makes a big difference for us.
您的捐款有助于我们筹集更多资金 - 任何数量,甚至是咖啡的价格,对我们来说都是很大的变化。
See this section for the ways to donate.
有关捐款的方式,请参阅本节。
Thank you,
谢谢你,
Evgeny
Evgeny
SimpleX Chat founder
单纯聊天的创始人
[1]: An interesting case study is the rise and fall of Nokia as the dominant supplier of mobile phones. The slogan"Connecting people" was created in 1992 by Ove Strandberg, an intern at Nokia, and as it was adopted as the core mission of the company, we saw it rise as the world's main mobile phone supplier. The fall of Nokia is usually attributed on iPhone success. But it may also be attributed to internal cultural changes, with Nokia's communications chief leaving in early 2000s, and Nokia failure to understand how the definition of"Connecting people" should evolve with time.
[1]:一个有趣的案例研究是诺基亚作为手机的主要供应商的兴衰。口号“连接人”是由诺基亚实习生Ove Strandberg于1992年创建的,由于它被作为公司的核心任务,因此我们看到它是世界上主要的手机供应商。诺基亚的跌倒通常归因于iPhone成功。但这也可能归因于内部文化的变化,诺基亚的传播负责人在2000年代初离开,诺基亚未能理解“连接人”的定义如何随着时间的流逝而发展。
[2]: One-time invitation can only be used once by the person you gave it too. Once your contact scans the one-time link, nobody else can connect to you via this link. Contact address can be used by multiple people, and even if you later delete the address, everybody who connected to you will remain connected. You can read more about the differences between one-time invitation links and contact addresses here.
[2]:您也给的人只能使用一次邀请。一旦您的联系人扫描一次性链接,没有其他人可以通过此链接连接到您。联系地址可以由多个人使用,即使您以后删除地址,连接到您的每个人都会保持联系。您可以在此处阅读有关一次性邀请链接和联系地址之间的差异的更多信息。
[3]: Read more about how man-in-the-middle attack works in our post about e2e encryption properties. It also has the comparison of e2e encryption security in different messengers.
[3]:阅读有关中间人攻击在我们的帖子中如何运作E2E加密属性的更多信息。它还可以比较不同的使者中的E2E加密安全性。
[4]: SimpleX apps also allow security code verification, but it protects against different attack — the link substitution by the channel you use to pass it, not from the attacks by the servers — SimpleX servers cannot compromise e2e encryption.
[4]:Simplex应用程序还允许安全代码验证,但它可以防止不同的攻击 - 您用来传递的频道替换链接,而不是从服务器的攻击中替换 - 单纯服务器无法损害E2E加密。
[5]: That is also why"securely scanning users' communications", also known as"Chat Control" is impossible — what communication operator can access, cyber-criminals will also access, and instead of reducing crime it would expose users to more crime.
[5]:这也是为什么“安全地扫描用户的通信”(也称为“聊天控制”)是不可能的 - 交流运营商可以访问哪些沟通,网络犯罪分子也将访问,而不是减少犯罪,而是将用户暴露于更多的犯罪中。
