>If store and forward, cannot be forward secrecy.
>Suppose that human readable messages, messages that might contain important
secrets, are only exchanged when the sender and the final recipient are both
online at the same time, then forward secrecy no problem. Both parties set
up a shared transient secret session key, as usual, which goes away when
offline, reboot, or timeout.
Suppose when Alice firsts sends a message to Bob she also includes a short
term public key. Bob takes the short term public key and encrypts
symmetric_key_1 ("SK1") and also encrypts a message with SK1 and sends the
encrypted SK1 and the encrypted message to Alice. Alice decrypts the
encrypted SK1 with her short term private key and then uses SK1 to decrypt
the message. The short term public key pair can now be deleted. When Alice
replies, she sends the message and a new SK2, encrypted with SK1, to Bob.
Bob will decrypt with SK1 and store SK2. When he sends a message, he
encrypts his message along with a new key, SK3, with SK2. This continues
with a new symmetric key each time. Both parties must remember the last SK
that they suggested to the other party, and also the last SK that they
received from the other party. All others can be deleted. One might call the
symmetric keys 'one time use' keys except that they can be used several
times if one person replies to the other several times in a row. Thus the
first initial message from Alice to Bob is not forward-secret, and the last
several messages between them are not forward-secret, but all other messages
are. Am I mistaken?
Although I think I'd rather work on piggy-backing on an existing anonymity
network to do forward secret instant messaging before all of that above.
-Jonathan
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
