[messaging] libforwardsec: forward secure encryption for email and asynchronous messaging

Ximin Luo infinity0 at pwned.gg
Sat Sep 5 04:58:21 PDT 2015

On 05/09/15 13:46, Ben Harris wrote:
> On 5 Sep 2015 8:27 pm, "Ximin Luo" <infinity0 at pwned.gg <mailto:infinity0 at pwned.gg>> wrote:
>> Hey, thanks for the post. It's always nice to hear about new work on ratchets.
> It isn't really a ratchet (so some of the rest of your reply is moot). It is a way to publish a single long term public key that people can encrypt a message to, but with the ability for you to delete part of your secret key to prevent a later leak of your key from compromising past messages.
> It is a way to achieve the same forward security as 3DH, but without needing both parties online at the same time (and avoiding signed ephemerals).
> Or at least that is my interpretation.

The description may have been different from how ratchets are normally described, but I don't see the logical difference - i.e. the "abstract service" that the system is providing to higher layers:

- chain-based ratchet / what you/Ian said
- publish long-term key and signed eph / publish long-term key
- hash the key, then encrypt / unspecified, but we can imagine
- delete hash pre-image (i.e. previous key) / delete "part of secret"

Am I missing something here?



More information about the Messaging mailing list