[cryptography] Asynchronous forward secrecy encryption

Adam Back adam at cypherspace.org
Fri Sep 20 05:50:04 EDT 2013


btw as I didnt say it explicitly, why I claim (forward-anonymous) sequence
security is important is that mixmaster remailers shuffle and reorder
messages.  If the message sequence is publicly viewable that property is
broken up-front, and if the message sequence is observable backwards in time
with disclosure of current keys, in the event of a key compromise anonymity
is lost.

Adam

On Fri, Sep 20, 2013 at 11:19:58AM +0200, Adam Back wrote:
>Depending on what you're using this protocol for you maybe should try to
>make it so that an attacker cannot tell that two messages are for the same
>recipient, nor which message comes before another even with access to long
>term keys of one or both parties after the fact.  (Forward-anonymity
>property).
>
>Otherwise it may not be safe for use via remailers (when the exit is to a
>public drop box like alt.anonymous.messages).  And being able to prove who
>sent which message to who after the fact is not good either, if that can be
>distinguished with access to either parties long term keys (missing
>forward-anonymity).
>
>Adam


More information about the cryptography mailing list