a simpler way to encrypt a box with multiple recipients.
encrypt plaintext to each of keys. external nonce should be a unique
but deterministic buffer, at least 32 bytes in length.
(a good candidate is the author+hash of previous message)
keys is an array of 32 byte symmetric keys.
these should probably scalarmult of two curve25519,
or semishared symmetric keys.
ciphertext is the output of box,
external_nonce and keys are the same as in the box
attempts is how many times each key will be tried.
just get the scalarmult between the sender and recipients.
each recipient will attempt to open with their
scalarmult(themself.secretKey, sender.publicKey)
since they only need to test one key, but there may be many recipients, so they'll need to test the key many times, say, 8.
a author might create a named group of recipients, such as "friends" or "family" or "colleagues". they would send them a symmetric key for that group via a direct private message.
any one in that group will attempt that key when they see a message from the broadcaster.
box(plaintext, extern, [group_key], 3)
since the author might want to broadcast to more than one group (friends and family) recievers will need to test their key multiple times, say, 3.
similar to facebook groups. many authors can both read and write. any current member can invite someone to the group (by sending them the key, as in broadcast messages)
recipients must try the key for every group they are a member of, for every message. therefore, each key should only be tried once. messages may be encrypted to only one shared group (but also other types of groups or individuals)
Using a key that no one will try is basically shadowbanning yourself. With an administrator, we they can invite someone with a key just for them + the current member list (so they can read other member's messages)
The administrator could be a single user, or it could be a consensus process by the members.
As above where single keys are sent to a particular member, a key to open a particular message could also be sent to a individual, or a group, or publically announced.
This could be used to reveal replies to broadcast messages. the replier sends a direct message to the poster, who then reposts the key to the reply to their group.
Removing a recipient can be accomplished by creating a new key for all the other members. This would work probably work best administrated groups. it would also be possible with shared groups, but there could be some confusion about what the new key is. Also, whoever added a bad actor the first time might just readd them.
A pattern here is that it's very easy to mute/shadowban someone, but pretty hard to control read access, that is, it's very easy to send someone else a key.
TahoeLAFS has a similar pattern, but interestingly, read access and write access are separate, so you can have delegate.
However, they have the same "muting" problem, and basically they have servers which only accept ciphertext from authors that have the write cap. We can't really do this in the same way, though, because all messages in the chain will be replicated.
just of the top of my head... what if someone uses your key from a broadcast group as their shared group key? (solution: always hmac the stated key with the style of group)
eg, hmac(key, "broadcast"), then there will not be collisions.
It's pretty easy to leak keys in this system... however, is there any way not to have that anyway? You can't stop someone taking a screenshot of your post, and sharing that. (whether you could plausibly deny it depends on absense of corroborating evidence)
On the other hand, since authorship can be proven, at least you can prove what you did actually say, and someone who can't say you said something won't be very credible.
Privacy is a spectrum, and if something is known to a large group of people that is less "privacy" privacy is how many people don't know something.
MIT
FAQs
a simpler way to encrypt a box with multiple recipients.
We found that group-box demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Open source is under attack because of how much value it creates. It has been the foundation of every major software innovation for the last three decades. This is not the time to walk away from it.
Security News
Socket CEO Feross Aboukhadijeh breaks down how North Korea hijacked Axios and what it means for the future of software supply chain security.
Security News
OpenSSF has issued a high-severity advisory warning open source developers of an active Slack-based campaign using impersonation to deliver malware.