What advantage does Signal protocol have over basic public key encryption?
David Barrett
dbarrett at expensify.com
Mon Jan 25 10:31:14 PST 2021
On Sun, Jan 24, 2021 at 9:15 PM <jamesd at echeque.com> wrote:
> > 1) This is perhaps an obvious question (I've got to start somewhere,
> after
> > all), but what is the downside of the simplest possible solution, which I
> > think would be for all participants to publish a public key to some
> common
> > key server, and then for each participant in the chat to simply
> re-encrypt
> > the message N-1 times -- once for each participant in the chat (minus
> > themselves) using each recipient's public key?
>
> This does not work in itself, because what assurance do you have that
> you are seeing the same public key as everyone else?
>
Yes, this does assume a central keyserver -- and I agree, it's possible
that it lies to you, establishing a connection with someone other than who
you requested (or even a man-in-the-middle). I don't know how to really
solve that for real without some out-of-band confirmation that the
public key returned by the keyserver (whether centralized or distributed)
matches the public key of the person you want to talk to.
> 2) I would think the most significant problem with this ultra-simple
> design
> > is just performance: asymmetric encryption is just too expensive in
> > practice to use for every single message,
>
> Nah, because its cost in human generated messages is absolutely
> insignificant, particularly if you are using ed25519 or, better,
> ristretto25519
>
I think you are saying that performance isn't a real world concern, but
forward secrecy is? If so, that makes sense.
-david
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2087 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20210125/37d192bc/attachment.txt>
More information about the cypherpunks
mailing list