[messaging] Deniable authenticated group messaging
michael at briarproject.org
Fri Apr 17 14:10:12 PDT 2015
On 17/04/15 18:37, Ben Laurie wrote:
> On 17 April 2015 at 11:54, Michael Rogers <michael at briarproject.org
> <mailto:michael at briarproject.org>> wrote:
> Members should be able to send messages to the group, such that any
> member of the group can verify that a message was written by the owner
> of a particular signature key, but can't prove it to anyone outside the
> Isn't this a fantasy requirement? That is, if I am a member of the group
> and I want to prove it to someone outside the group, don't I just have
> them look over my shoulder?
It's not a fantasy requirement, it's a standard property of MACs. If
Alice and Bob share a MAC key and Alice uses it to create a MAC, Bob
knows that since he didn't create the MAC, Alice must have done. But Bob
can't prove to Carol that it was Alice rather than Bob who created it.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: OpenPGP digital signature
More information about the Messaging