[messaging] saltpack spec and library

Jeff Burdges burdges at gnunet.org
Tue Feb 9 08:34:39 PST 2016


On Tue, 2016-02-09 at 16:46 +0100, Mike Hearn wrote:

> 3) If you imagine a mix network for routing of small binary messages,
> is saltpack an appropriate format to use for protecting the messages
> in your estimation? Or are there gotchas that its replacement-for-pgp
> design would create for the case of pure machine-to-machine
> messaging?

It's almost certainly not suitable for a mixnet.  

Mixnets are too sensitive to metadata leakage, so everything should be
specially designed for their purposes.  Almost any general purpose
format leaks some metadata, like by the message growing smaller during
unpacking.

In fact, you want a provably secure mixnet format like Sphinx.  I think
these invariably involve both large-block cyphers like Lionness, AEZ,
HHFFHFHH (sp?), etc. *without* MACs for the body, and maybe stream
cyphers with MACs for the header.  

There are specific situations like protecting the final message
contents from the last hop where anything goes, but the mixnet itself
is extremely restrictive. 

Jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20160209/977233c5/attachment.sig>


More information about the Messaging mailing list