I was just forwarded this: https://eprint.iacr.org/2017/666

On Ends-to-Ends Encryption: Asynchronous Group Messaging with Strong Security 
Guarantees, by Katriel Cohn-Gordon and Cas Cremers and Luke Garratt and Jon 
Millican and Kevin Milner

It looks very nice. However, on a quick glance through the paper, it doesn't 
define a way to merge operations performed on the DH group tree. That seems to 
constrain the group chat to rely on some external mechanism to ensure that 
operations on the ratchet are performed (by everyone) in a linear order - i.e. 
it would still have to operate synchronously.

(This constraint is fulfilled trivially in a two-party ratchet because each 
sender always sends in a linear order, wrt the other recipient.)

I wonder if it's possible to define a merge operation on the DH group tree, so 
that e.g. Bob and Carol can advance the ratchet independently of each other 
(e.g. to B and C, each from state O) such that when Alice receives B and C, she 
can construct the merged ratchet state X that combines both changes (O to A) 
and (O to B)?

Alternatively, an explicit merge algorithm is not necessary if it can be proved 
that applying O->A and O->B on top of O is commutative.

X

-- 
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git
_______________________________________________
Messaging mailing list
Messaging@moderncrypto.org
https://moderncrypto.org/mailman/listinfo/messaging

Reply via email to