'm spamming teh list with a duplicate of a reply to a previous post because I think this is cute. It's been bouncing around in my head for ages and I think its time may have come. On 05/12/2018 02:49 AM, grarpamp wrote:
Look to new messaging, fill, PETS and other venues, whatever, etc.. search for papers, fidn tbe bibs, see what's out there, or what you might create.
Here's a silly notion: First you need a network of servers that can store and forward large amounts of data in the form of text, and distribute it across enough nodes to make the stored data deletion-resistant and reasonably accessible to a large number of users. NNTP will do nicely. Then you need privately owned devices capable of downloading gigabytes of data daily, and applying a decryption test to millions of messages as they flow by. Today's low end PCs will do nicely. Those gigabytes of text? Symmetrically encrypted messages from the whole Alice, Bob, etc. alphabet soup of users, employing keys obtained by whatever means from their intended message recipients. Everyone participating in this network would download the whole stream, testing the encrypted subject line of each discrete message with their personal keys, looking for the flag that says "this one's for you." Those messages would be decrypted instead of discarded, and presented in a local inbox. The rest would just zoom on past. Sending a message? Encrypt it and its subject line with your recipients' keys, and send it on its way. If your recipient downloads the stream before your message expires, success. 3rd party observers? Out in the cold, unless they penetrate individual users' machines or otherwise compromise endpoints, one user at a time. This protocol presents as an application of the most time honored and reliable principle of engineering practice: Brute force and total ignorance. With a side of COTS: We already have all the parts, this could be done with shell scripts. The only counter attacks I immediately see include flooding past the breaking point with purely random bits, which may require mitigation via short cycle message expiration or some kind of registration or proof of work process for users; or interruption of traffic by a global (or local) active adversary. Call the protocol and associated tools TPC: An acronym for Totally Protected Communication or, for those in the know, The Perfect Crytocrime. Bonus: Quantum cryptanalysis can't touch that, far as we know. :o)