[Cryptography] Darpa wants a secure messaging app based on blockchains

[Jerry Leichter]

>> As for classification ... this one looks to me like an engineering project more than a research product.  The basic techniques are all out there - it's
>> a matter of putting them to use toward a particular end.  *Maybe* there's a need for something new for scalability; maybe not.  If they classify it,
>> someone else can do the same work.
> 
> How do you do expiring messages without a central server?  I'd think
> that once the data is in a blockchain, you're not going to make it go
> away without unrealistic assumptions about the endpoint devices.
They make a big deal about separation of concerns:  Separating message creation, message transport, message stream commitment (the block chain - but nothing says that the block chain is the *only* way messages are transported), message reception, message decryption.  (The language does become a bit ambiguous at the end of the list.)

I'm guessing what they have in mind is a secure keying distribution mechanism separate from everything else.  You expire messages by refusing to deliver their keys after some point.  (The auditors presumably can always get the keys.)  In the domain of interest (military systems), central key servers are an accepted design - but you can do better.  One plausible approach is that encrypted messages have a unique ID derived from their position in the block chain, and the key server, if policy allows, computes and delivers a key based on the unique ID (and, of course, a secret known to the key server).  You can have as many key servers as you like:  You can use the block chain to distribute signed policy updates, which apply go into effect at the next message after them in the block chain.

They explicitly want to support Web browsers as endpoints, so, no, they cannot be counting on the endpoints to enforce policy.
                                                        -- Jerry