[Cryptography] AEAD modes for signed ciphertext
Natanael
natanael.l at gmail.com
Tue May 12 11:17:54 EDT 2015
Den 12 maj 2015 07:53 skrev "Ned Ulbricht" <nedu at netscape.net>:
>
> I am looking for resources to help with a specific problem. In
particular, I'd appreciate pointers to papers, security proofs,
specifications and/or implementations that would throw light on this
specific problem.
[...]
> Part 1: Partial sketch of the communications system
>
> The communications system is a greenfield design for an asynchronous,
store-and-retrieve messaging system. I am sketching just enough of it to
provide necessary context for the cryptosystem.
>
> In this communications system, receivers must pre-approve senders before
> messages from that sender will be relayed to the receiver. The
whitelisting is initiated through outside channels, when a potential sender
(alice at foo.example) exchanges her user-readable "tofu tag" with a potential
receiver (bob at bar.example). Within the communications system, Bob then
uses Alice's "tofu tag" to locate Alice's directory server and her
directory entry. Having Alice's directory data in hand, Bob commands his
message relay server to accept and store messages from Alice. Without this
pre-approval, the relay will reject messages.
>
> To send Bob a message, Alice uses Bob's "tofu tag", looking up Bob's
communication parameters from Bob's directory entry. Those parameters
include the designation of Bob's relay server, where Alice drops off her
message. Bob must initiate contact with his relay in order to pick up any
messages stored there.
This entire thing reminds me heavily of Pond (which by the way is designed
to use Tor for traffic anonymization).
https://pond.imperialviolet.org/
Look on the tech page. Your goals overlap strongly.
I'm not sure if it deals with signature substitution or not. The easy
solution would be to bind the decryption key to the signing keypair. How to
do that is not my expertise, however.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150512/7e859ba2/attachment.html>
More information about the cryptography
mailing list