On 1/16/2017 11:04 AM, James A. Donald wrote:
Similarly, it is possible to ensure that the mapping between public keys and IDs looks the same for everyone in the world, preventing MIM attacks without burdening the user to manage his public keys himself.
At present three hundred million people communicate by Viber. When you install Viber, it generates a secret key and a public key and sends the public key to Viber headquarters. When Ann wants to message Bob, Viber headquarters sends Ann's client Bob's public key, and Bob's client Ann's public key. And then they can message each other, no one on the network, not even Viber headquarters, can know what they are saying to each other. Unfortunately Viber could send Ann a public key belonging to the CIA as Bob's key and Bob another key belonging to the CIA as Ann's key, and then the CIA can be in the middle as Ann and Bob send messages to each other. Ann thinks she is sending a message to Bob, but actually she is sending it to the CIA, which then resends it to Bob. To prevent this, to deny itself this capability, Viber could maintain a rolling global hash representing the current mapping between ids and public keys, and all past mappings between ids and public keys, and when it sends Ann the key for Bob, sends Ann the hash path connecting Bob's mapping to the current rolling hash for the entire world and all of history. We have several mutually hostile people and organizations monitoring this rolling hash, for example the KGB, the CIA, Wikileaks, and Trump's security guy (who I think is one of his sons or grandsons). Your software picks an organization at random. The user could intervene and pick one, or pick several, but ordinarily will not. Suppose Viber headquarters arranges for the CIA to spy on Ann and Bob. If Ann and Bob's Viber clients have both picked the CIA for their source for the rolling hash, then they are out of luck, but if one of them has picked the KGB and the other has picked the CIA, then the one that picks the KGB will get the correct version of the rolling hash, in which case the attempted man in the middle attack will fail, and that Viber headquarters is collaborating with the CIA will be exposed to the KGB, to Ann, and to Bob. Thus Viber could prove it is not spying on its users.