[messaging] Partial ordering, dynamic groups and event ordering

Trevor Perrin trevp at trevp.net
Fri Mar 14 00:14:04 PDT 2014


On Wed, Mar 12, 2014 at 1:42 PM, Ximin Luo <infinity0 at pwned.gg> wrote:

> Hey guys, I am doing work on partially-ordered transcripts. This was
> inspired by Old Blue[0], discussions with George Kadianakis and Trevor
> Perrin, as well as background knowledge on git, and immutable
> content-addressing schemes as seen in Freenet and Tahoe-LAFS.
>
> For everyone's interest, here is what I have so far, followed by a
> statement of some issues that (AFAICS) have not been discussed before, and
> directions for solving them.
>

Hey Ximin,

We may need a more gentle introduction to this, and pseudocode - not
everyone here saw the discussions on OTR-dev, and I think you've worked out
new details I don't fully understand.

My take:  You're considering problems that arise when trying to achieve
"transcript consistency" for a multiparty conversation.

The general approach you're considering is for parties to piggyback hash
values on the messages they send, referring to the messages they've
previously sent and received.  The goal is to protect the context of your
message, so that if you send a message saying "yes", an attacker can't
perform replay/reorder/deletion to change what it appears you're responding
to.

You're raising a couple questions about what happens when users join /
leave the conversation.

You point out that piggybacked hashes sent to new users might leak
information about messages before the new users joined.

I'm not sure that's a big deal.  But at least in a "pairwise" situation
where each message is separately encrypted to each recipient (instead of
using a group key and broadcast medium), wouldn't it be easy to omit old
hashes to a new member?

I think you were also concerned about whether users joining/leaving the
conversation could get things out of sync?  It seems you've resolved that
concern, but I admit I didn't quite follow.


Trevor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140314/4c51ab4f/attachment.html>


More information about the Messaging mailing list