this post was submitted on 23 Mar 2025
5 points (100.0% liked)

General Programming Discussion

8243 readers
1 users here now

A general programming discussion community.

Rules:

  1. Be civil.
  2. Please start discussions that spark conversation

Other communities

Systems

Functional Programming

Also related

founded 6 years ago
MODERATORS
[email protected]
[email protected]
5
Request for comments on a encrypted messaging protocol I'm developing (github.com)
submitted 1 week ago by [email protected] to c/[email protected]
3 comments fedilink hide all child comments
 

Hey everyone! I'm looking for some comments / discussion on a peer to peer encrypted messaging protocol I'm developing called Mariposa.

It functions on top of TOR, using hidden services to hole punch through firewalls and to provide anonymity.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 1 points 1 week ago (1 children)

Hey! Thanks for taking a look! The contacts shared by the initiator were intended to be generated randomly. I completely missed how a captured or malice initiator could impact other users. I suppose I figured it would be unlikely an adversary would be able to get a initiators keys and capture the correct traffic on the TOR network to decrypt the other users after they generate a fresh set of keys

The combination of TOR and HTTPS encryption is mostly just a bonus to slow down attackers rather then a real security mechanism. As for the HTTPS cets, I assumed the ones passed by the server could be trusted by default since it wasn't for security, and all incoming data would be encrypted.

The reason I'm focusing on symmetric encryption as the only security mechanism is due to its particular resistance against quantum attacks. From what I could tell, even post quantum encryption schemes, have the possibility of being cracked in the future.

I might do away with introduction entirely if I cant find a good way to pass they keys without relying on asymmetric keys.

I really appreciate the review, a second set of eyes is always invaluable. Ill check out Tamarin as well :).

[โ€“] [email protected] 2 points 1 week ago

Maybe you could also consider to extend an existing good PQC protocol (for example https://signal.org/docs/specifications/pqxdh/) by adding a shared secret. The shared secret could flow into the key derivation functions which are used to derive the symmetric encryption keys. This way you would have quite strong guarantees (forward secrecy) as long as nobody can break the PQC algorithm and still some guarantee of confidentiality when somebody breaks asymmetric primitives. In the protocol you outlined now, there's no forward secrecy. Meaning that once a key is compromised, all past and future messages can be decrypted.