[messaging] Deniable authenticated group messaging

Michael Rogers michael at briarproject.org
Fri Apr 17 14:10:12 PDT 2015

On 17/04/15 18:37, Ben Laurie wrote:
> On 17 April 2015 at 11:54, Michael Rogers <michael at briarproject.org
> <mailto:michael at briarproject.org>> wrote:
>     Members should be able to send messages to the group, such that any
>     member of the group can verify that a message was written by the owner
>     of a particular signature key, but can't prove it to anyone outside the
>     group.
> Isn't this a fantasy requirement? That is, if I am a member of the group
> and I want to prove it to someone outside the group, don't I just have
> them look over my shoulder?

It's not a fantasy requirement, it's a standard property of MACs. If
Alice and Bob share a MAC key and Alice uses it to create a MAC, Bob
knows that since he didn't create the MAC, Alice must have done. But Bob
can't prove to Carol that it was Alice rather than Bob who created it.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150417/336c75e8/attachment.sig>

More information about the Messaging mailing list