I’m designing an identity-less, ephemeral messaging protocol where messages can be forged after-the-fact. The goal is protection against coercion or device seizure scenarios.
Core mechanism:
- Session keys derived via SPAKE2 from shared secret
- ChaCha20 encryption with deterministic nonces: sequence || timestamp
- HMAC authentication during conversation
Forgery capability: Anyone with session keys can create alternative messages using the same sequence/timestamp that decrypt to different content.
My question: Does this actually achieve cryptographic deniability? Are there ways someone could distinguish a real conversation transcript from a forged one?
I have a working prototype and want to validate that the approach is sound.
Edit: I totally meant to post this in a cryptography community, not cryptocurrency, haha. Sorry!
You must log in or # to comment.