[messaging] WhatsApp & OWS team up

Michael Rogers michael at briarproject.org
Thu Nov 20 00:46:03 PST 2014

Hash: SHA256

On 19/11/14 10:51, Mike Hearn wrote:
> Do you need threshold signatures for this, or would a quorum of 
> ordinary signatures work?
> You need threshold RSA because the platform auto update mechanisms
> do not support multiple signatures. They're all designed on the
> assumption of a single software vendor who controls updates of
> their own products.

Oh wow, I didn't know it was possible to create threshold signatures
compatible with a vanilla RSA verifier. Very cool! Let me know if
you're interested in collaborating to get this working on Android. I
imagine the Guardian Project might be interested too.

> However, the mathematics is not the hard part of this (assuming the
> code I have works). The hard part is designing the contracts
> between the different auditing companies to be watertight, so the
> developers of an app that is being threshold signed feel safe that
> they aren't going to lose control over their own product except in
> the very specific area of security guarantees. For example would
> those contracts govern UI changes that the auditors feel might make
> the security harder to understand? Very tricky area and never been
> done before so there are no templates to copy. Whoever goes first
> will be cutting a path through the jungle for everyone else.

Even without tackling this part of the problem, threshold signatures
would make it possible for multiple developers to build and sign the
same binary without any single developer holding the private signing
key. I've been looking for a way to achieve that to make auto-updates
more resistant to coercion and insider attacks.

Version: GnuPG v1.4.12 (GNU/Linux)


More information about the Messaging mailing list