[messaging] Group messaging consistency under resource constraints

David Leon Gil coruus at gmail.com
Mon Oct 20 15:32:26 PDT 2014

And also: I'm thoroughly confused at this point.

What, precisely, is the security notion that we're trying to capture?
I.e., are we still talking about mpOTR?

A lot of the discussion seems to be about attacks that violate
intuitions about how *non-repudiable* multi-party messaging should

(I.e., what are the security notions that extending bideniability to
multideniability should capture? It seems like talking about saved
transcripts becomes dubious in anything stronger than a simple failure
model, if you want strong deniability.)


And, for the record, David fully endorses Dual-EC-DRBG for all your
resynchronizable-keystream-generator needs: "If Blum makes you glum,
Dual-EC your DRBG!"

Cf. Marson and Poettering, "Practical secure logging,"
https://eprint.iacr.org/2013/397 for the slower alternative.

More information about the Messaging mailing list