Recent searches
Search options
It’s 2023 and you’re designing a decentralised system based on public-key cryptography where a person’s identity(ies) are their public key(s).
Do you…
There seem to be only two good answers, 1 and 3. Kyber doesn't look good to me. Forward security seems important.
@RefurioAnachro Sadly, given it’s a web-based system where nodes may be hosted on untrusted servers (ie., at a VPS host), forward secrecy is a property it cannot provide. (It’s definitely not for folks targeted by state level actors but an attempt to raise the cost of mass surveillance and break folks out of de facto corporate surveillance.)
That doesn't sound like an argument against forward security. Of course, I have no idwa what you mean, so I'm not saying you're not right.
Just to be safe, forward security is the idea to do regular key exchanges (e.g. Diffie-Hellman), authenticated by the existing keypairs, so that even if their private keys get compromised in the future, the attacker still can't read old messages, whose keys never went over the wire, and have long been erased.
@RefurioAnachro Indeed. But those keys have to be kept somewhere so messages can be decrypted in the future by the recipients (unless we’re talking about one-time view messages with ephemeral keys). On an app like Signal, you can persist them on the device. In a web browser, you don’t have the same guarantee. Especially after Apple decided they’d periodically nuke local storage in the name of “privacy” (https://ar.al/2020/03/25/apple-just-killed-offline-web-apps-while-purporting-to-protect-your-privacy-why-thats-a-bad-thing-and-why-you-should-care/) – almost as if they had an app store to protect or something 
Yes, having ephemeral keys in a meaningful way is called forward security. If the user decides to clear his archive, then an attacker could not retrieve these messages from his copy of the encrypted stream later when he gains the persistent keys. Sure, full e2e is better, but often there are situations where a system could still benefit from such a mechanism.