Secure communication with deniability for Nostr
ROOT@HardenedVault
root at hardenedvault.net
Fri Jun 9 06:39:02 PDT 2023
The current spec of NIP-04 messaging protocol are signed by the sender/publisher, the protocol itself is undeniable. In order to implement deniable instant messaging based on Nostr, users can generate a new ephemeral key pair as a "temporary identity" specifically for instant messaging, even each time. The key pair used for posting content is the "permanent identity". However, which permanent identity a temporary identity belongs to should only be known by the communicating parties, and it can be deniable if the other party is treacherous. This requires the communicating parties to authenticate the temporary identities they are about to use with each other's permanent identities, but they cannot provide proof to third parties. We proposed to a secure communication with deniability by extending NIP-04:
https://github.com/nostr-protocol/nips/pull/591
One may ask why don't we just use the encryption scheme of Signal instead? Well, double ratcheting does not provide deniability, if its handshaking protocol does not. It does not even provide forward secrecy as it claims if the implementation save the context to the disk as how Signal app does. On the other hand, Vault1317 adopts the very same double ratcheting as signal protocol, and concentrates on developing new handshaking protocols providing stronger deniability.
https://github.com/hardenedvault/vault1317
https://www.cypherpunks.ca/%7Eiang/pubs/dakez-popets18.pdf
regards
R at HardenedVault
More information about the cypherpunks
mailing list