On 05/09/15 13:46, Ben Harris wrote: > > On 5 Sep 2015 8:27 pm, "Ximin Luo" <[email protected] > <mailto:[email protected]>> wrote: >> >> Hey, thanks for the post. It's always nice to hear about new work on >> ratchets. >> > It isn't really a ratchet (so some of the rest of your reply is moot). It is > a way to publish a single long term public key that people can encrypt a > message to, but with the ability for you to delete part of your secret key to > prevent a later leak of your key from compromising past messages. > > It is a way to achieve the same forward security as 3DH, but without needing > both parties online at the same time (and avoiding signed ephemerals). > > Or at least that is my interpretation. >
The description may have been different from how ratchets are normally described, but I don't see the logical difference - i.e. the "abstract service" that the system is providing to higher layers: - chain-based ratchet / what you/Ian said - publish long-term key and signed eph / publish long-term key - hash the key, then encrypt / unspecified, but we can imagine - delete hash pre-image (i.e. previous key) / delete "part of secret" Am I missing something here? X -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
