[messaging] Deniable authenticated group messaging
michael at briarproject.org
Fri Apr 17 14:17:09 PDT 2015
On 17/04/15 18:44, Ben Laurie wrote:
> The simple solution looks like this: each member of the group generates
> a long-term DH key pair and signs their long-term public DH key with
> their long-term signature key. The public DH keys may be known outside
> the group, just like the public signature keys.
> Each member of the group can derive a shared secret from their own
> private DH key and another member's public DH key, and be sure that the
> owner of the signature key that signed the public DH key is the only
> other party that knows the secret.
> BTW, this is surely the flaw if you believe in the fantasy requirement:
> the private DH key can be shared, and thus the derived key.
Yes of course, in any system that uses asymmetric crypto people can
share their private keys, and any assumptions about keys being bound to
identities are broken if they do so.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: OpenPGP digital signature
More information about the Messaging