[Cryptography] New White Paper: GhostLine - Information-Theoretically Secure Multi-Party Chat

Ferecides de Siros filosofarte at protonmail.com
Wed Sep 17 22:47:52 EDT 2025 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Pierre, Jon, all,

Thank you for this fascinating and theoretically elegant idea. The application 
of Shamir's Secret Sharing to create an efficient, decentralized key distribution 
network for pairwise OTP communication is a brilliant solution 
to the n * |P| bandwidth problem.

However, my research, guided by the invaluable suggestions of Dr. Michael Kjörling, 
has since tackled what I discovered to be the more fundamental challenge in 
practice: state synchronization under concurrency.

While reducing bandwidth is valuable for large-scale deployment, the immediate 
practical problem I faced in my initial implementation was race conditions. 
When multiple participants in a group send messages simultaneously, it causes 
permanent desynchronization of their OTP states, breaking the entire system. 
My two new white papers, which I am currently finalizing (The Gentleman's 
Agreement Protocol and the revised GhostLine implementation paper), detail 
this problem and my solution.

This is why our architectures are fundamentally and intentionally incompatible:

Pierre's Scheme is designed for decentralized, pairwise conversations within a 
large pool. Its great strength is minimizing pre-distribution bandwidth for 
massive groups.

My New Architecture is designed for synchronized group broadcast within a small, 
trusted circle. Its great strength is guaranteeing perfect state synchronization 
and preventing race conditions.

For my specific use case—a small group that prioritizes perfect secrecy and 
authentication above all else—integrating secret sharing would be a step backwards. It 
would replace the simple, solved problem of distributing a single OTP file among a few 
people (which is manageable out-of-band) with a complex new problem of managing and 
coordinating thousands of individual key shares for pairwise conversations—a feature my 
system does not need or want.

The Gentleman's Agreement Protocol provides a simpler, more robust, and operationally 
secure solution for the specific problem I need to solve: synchronized group broadcast.

Pierre, I am genuinely thankful and honored that you took the time to share this idea 
with me. It is a beautiful piece of cryptographic engineering. I will definitely keep it 
in mind for other projects on my roadmap that involve decentralized, pairwise communication, 
as it is a far more elegant solution than a naive shared pad for that use case.

As soon as I finish testing the new implementation in production and complete the white 
papers, I will update the list so we can continue the conversation based on the latest design. 
I greatly value this kind of insightful feedback.

Best,

—
Hitokiri
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOPhOn65N+XbUXMpWZ3IkUdCGxpUFAmjLcbQACgkQZ3IkUdCG
xpWxoA//WPGtaHlg08qBQs9Mfxq9nEe8ja2hpsHwYDKh/cBwzsLsu1Mzi1p/Q3ah
4XNTDpbeDwZ7DrFi7PrTEU4AtFQqTzJeqXbZtleV4Sa0I/mUF2OGmpWBb1X0OdNj
RCppILy1Q4cqneBdL8mEXgFUGZZdY3QmhQV4LLCYR6FKfXAhy8PcZAfmu8UN8tsv
QwZtu0svd0ZjuMCaAgrqshB98uj4vq/aLRf16sbYVOHj3/ucAXmwgtG817Eqonef
igXmtfcKIiztHCKfTnym6s6umUPKVxv21kNHOeIVmy9PBbVAUUBebpbCrIAvmXpl
A5HfaMRDFnWLJdb36Rwe/D8+WtnsY5kD6bcXrmuocJm5/zcK4VpVS9QtA8SPL8I3
YL3dBNnHf16onquyx+XLONQl8sZgPFG4TYzgTnwSjylEC687YaWit+iga6p+4ZvV
nqH3C+273nxkSQfiTZOwVSa6JzqdXmSPb0QTrPfaKNf5r1nJn7Mj3+mj0ZzTA81v
bJOjWBIDyltXnEFKqzYJkq1O4UiDPMtUhhtwM064edZSgOARbXeKtIJh8UCYazui
Rl3IL+j/xg/t7zMBH7oRVKSwT/nIksgwETN/A2Dc4Z6WDvgWVRmKz87Gl32622TF
iCnJjxzou9ybzSqv0LKPPO2Ul0AXuf5/P4K7TryKrPUkJIu+VfU=
=5BwE
-----END PGP SIGNATURE-----

More information about the cryptography mailing list