What advantage does Signal protocol have over basic public key encryption?

Punk-BatSoup-Stasi 2.0 punks at tfwno.gf
Mon Jan 25 12:42:51 PST 2021 

On Mon, 25 Jan 2021 14:58:24 -0500
Karl <gmkarl at gmail.com> wrote:

> On 1/25/21, Punk-BatSoup-Stasi 2.0 <punks at tfwno.gf> wrote:
> > On Mon, 25 Jan 2021 13:57:21 -0500
> > Karl <gmkarl at gmail.com> wrote:
> >
> >
> >> 4. perfect forward secrecy.  addresses the issue with pgp where future
> >> advancements decrypt all your messages
> >
> > 	As far as I understand it, what signal and other systems do is generate
> > 'ephemeral' keys (per session or even per message).
> >
> > 	Now, if all  traffic is recorded (which of course it is), and the key
> > exchange broken thanks to say 'quantum computers', then the 'ephemeral' keys
> > can be re-created. So as far as I can tell your claim is  wrong, and
> > 'perfect forward secrecy' is a misleading marketing term.
> >
> > 	But I might have got it wrong myself...
> 
> Well, I'm too foggy nowadays to understand the protocol, but I read it long ago.
> 
> The term is mathematical rather than marketing.


	I don't thin the term is mathematical. Nothing is 'perfect' in cryptography. 


> Obviously if you
> capture/recreate the private data when it is created you can decrypt
> everything, because you then are one of the phones.


	That's not what I said. What I said is that the *cyphertext* is intercepted and stored, and then the key exchange broken. Just like it's been done even without  using 'quantum computers'

	https://weakdh.org/

	So, I think your understanding of so misleadingly called 'perfect forward secrecy' isn't right. 


> 
> >> 5. metadata encryption.  pgp does not do this
> >
> >
> > 	neither does signal. Or rather
> >
> > 	https://en.wikipedia.org/wiki/Signal_Protocol#Metadata
> >
> > 	"In October 2018, Signal Messenger announced that they had implemented a
> > "sealed sender" feature into Signal, which reduces the amount of metadata
> > that the Signal servers have access to by concealing the sender's
> > identifier."
> >
> > 	Not sure what that actually means. Also
> >
> > 	"The Signal Protocol does not prevent a company from retaining information
> > about when and with whom users communicate."
> >
> > 	Of course the protocol does not prevent the server from KNOWING who talks
> > to whom...
> 
> What's important to understand here is that these developers are
> cryptographers.  



	What I think is important to understand is that signal is a centralized service and the owners are not to be trusted, at all. Moxie morlonpoke perfectly fits the profile of 'progressive' pentagon agent. So maybe the 'end to end encryption' works, but signal remains a US metadata spying operation, 'endorsed' by the likes of the 'ceo' of twatter. Hard to get a bigger red flag than that by the way. 



> When they say "metadata that the signal servers have
> access to" or "does not prevent a company from retaining information"
> they are talking about much smaller bits of data than people usually
> talk about.


	.....I think it's rather clear what 'metadata' we're talking about. Signal knows who talks to who and when. 



> 
> Email server: "your metadata is encrypted and private because our
> privacy policy says it is"
> Cryptographer: "your encrypted message could be read because there is
> a mathematical trail of the statistical distribution of keystrokes in
> the public record of battery use, so don't trust this with something
> important"
> 
> But yeah, never trust what someone says.  You have to look at the
> specificaiton and the implementation to know what's really going on.
> Signal said they do not prioritise nation-state anonymity back in the
> day.  Back in that day, it was also reasonable to use a different
> network than Signal's for communications.

More information about the cypherpunks mailing list