[cryptography] Asynchronous forward secrecy encryption
michael at briarproject.org
Wed Sep 18 10:20:28 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 18/09/13 00:14, Trevor Perrin wrote:
> Why not have separate symmetric keys for each direction of
> communication (Alice -> Bob, Bob->Alice).
We derive separate keys for each direction from the shared secret.
> Then whenever a party encrypts or decrypts a message, they can
> update the corresponding key right away, instead of having to
> (Or look at OTR's use of updating Diffie-Hellmans).
We did look at OTR, but unfortunately it's not suitable for our use
case. We want to be able to operate over a wide range of communication
channels, including one-way channels and unreliable, high-latency
channels like the postal service. OTR's forward secrecy requires an
ongoing back-and-forth between the two parties. Our approach doesn't
provide forward secrecy as quickly as OTR's if there's a constant
back-and-forth, but it tolerates lost and reordered messages, one-way
communication, and long pauses in communication.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the cryptography