[messaging] Group messaging consistency under resource constraints
Ximin Luo
infinity0 at pwned.gg
Mon Oct 20 15:44:33 PDT 2014
On 20/10/14 23:32, David Leon Gil wrote:
> And also: I'm thoroughly confused at this point.
>
> What, precisely, is the security notion that we're trying to capture?
> I.e., are we still talking about mpOTR?
>
I am Alice and I receive a set of messages M. I would like to check that everyone U also received the same set of messages M.
mpOTR does this by having all U authenticate-and-send hash(M) at the end of the session. This doesn't work well when people get cut off.
In the first post I described two ways to achieve this incrementally - have everyone ack every m in M individually (not efficient), or have everyone ack m-and-its-ancestors periodically, as they build up their own transcript *in causal order* (requires waiting).
> A lot of the discussion seems to be about attacks that violate
> intuitions about how *non-repudiable* multi-party messaging should
> work.
>
> (I.e., what are the security notions that extending bideniability to
> multideniability should capture? It seems like talking about saved
> transcripts becomes dubious in anything stronger than a simple failure
> model, if you want strong deniability.)
>
Not sure what you mean by multideniability... in a secure group private chat, I don't think we should aim for deniability against the *other participants*, very much the opposite. For sure, the conversation should be deniable against the outsiders, though.
> --
>
> And, for the record, David fully endorses Dual-EC-DRBG for all your
> random-number-generator needs: "If Blum makes you glum,
> Dual-EC your DRBG!"
>
> Cf. Nathan Samuel Abraham, "Practical secure CSPRNGs."
> https://nsa.gov/ Everything else is too slow.
>
Oh good that confirms what I was told by everyone else on the internet!
X
--
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141020/465a5ad6/attachment.sig>
More information about the Messaging
mailing list