[messaging] Deniable authenticated group messaging
Michael Rogers
michael at briarproject.org
Fri Apr 17 14:10:12 PDT 2015
On 17/04/15 18:37, Ben Laurie wrote:
>
> On 17 April 2015 at 11:54, Michael Rogers <michael at briarproject.org
> <mailto:michael at briarproject.org>> wrote:
>
> Members should be able to send messages to the group, such that any
> member of the group can verify that a message was written by the owner
> of a particular signature key, but can't prove it to anyone outside the
> group.
>
>
> Isn't this a fantasy requirement? That is, if I am a member of the group
> and I want to prove it to someone outside the group, don't I just have
> them look over my shoulder?
It's not a fantasy requirement, it's a standard property of MACs. If
Alice and Bob share a MAC key and Alice uses it to create a MAC, Bob
knows that since he didn't create the MAC, Alice must have done. But Bob
can't prove to Carol that it was Alice rather than Bob who created it.
Cheers,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150417/336c75e8/attachment.sig>
More information about the Messaging
mailing list