[cryptography] Asynchronous forward secrecy encryption

Michael Rogers michael at briarproject.org
Wed Sep 18 10:20:28 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 18/09/13 00:14, Trevor Perrin wrote:
> Why not have separate symmetric keys for each direction of 
> communication (Alice -> Bob, Bob->Alice).

We derive separate keys for each direction from the shared secret.

> Then whenever a party encrypts or decrypts a message, they can
> update the corresponding key right away, instead of having to
> wait.
> 
> (Or look at OTR's use of updating Diffie-Hellmans).

We did look at OTR, but unfortunately it's not suitable for our use
case. We want to be able to operate over a wide range of communication
channels, including one-way channels and unreliable, high-latency
channels like the postal service. OTR's forward secrecy requires an
ongoing back-and-forth between the two parties. Our approach doesn't
provide forward secrecy as quickly as OTR's if there's a constant
back-and-forth, but it tolerates lost and reordered messages, one-way
communication, and long pauses in communication.

Cheers,
Michael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJSObasAAoJEBEET9GfxSfMrRQH/1DKnD3NhMeKgX3CY/Wk0LrR
MLM3SBd6rCHYh3kcVFmR/e08jaTRIF00/6FWJMCRgB5MAxU3iP/9+fXuLhQGHM4u
O3nF2PXBnDYGv+bDwyDhErea9RjfFqIh7MIe2m6VgtOv399aiIvbUH0WrK6RADL3
Gz/VmCKZPZD6ZhPj67YQKOfG7BBmAY3znCCGv+yxDaoxGygqdydOGqRQaAumnAie
5Gvmmc63JYQTlFGd6MUgxa2HJben9PkE1mz5Qy5nlUnUY+fcoLRr9OznTxGTS7cT
W5fU00g95SCUwT3q2cBxNV6J8RMCedWuDyP1htrZcAVEs5ZLk9t/U71IqQOfccE=
=JYLo
-----END PGP SIGNATURE-----


More information about the cryptography mailing list