[cryptography] Asynchronous forward secrecy encryption

Trevor Perrin trevp at trevp.net
Mon Sep 16 11:03:45 EDT 2013


On Mon, Sep 16, 2013 at 4:45 AM, Marco Pozzato <mpodroid at gmail.com> wrote:
> Hi all,
>
> I'm looking for an asynchronous messaging protocol with support for forward
> secrecy: I found some ideas, some abstract paper but nothing ready to be
> used.
>
> OTR seems the preeminent protocol, but does not have support for
> asynchronous communication.
> This post https://whispersystems.org/blog/asynchronous-security/ describes
> an interesting variation on OTR: the basic idea is to precalculate 100
> Diffie-Hellman and consume one at every new message.

Not at every new message.  Only for starting a conversation with a new partner.

Once a conversation is started, TextSecure uses OTR's "ratcheting"
algorithm for updating DH keys as messages are exchanged.

(
For a fuller picture of how this sort of key agreement could be done,
you should also read that post in conjunction with the previous post:

https://whispersystems.org/blog/simplifying-otr-deniability/
)


Trevor


More information about the cryptography mailing list