I’m designing an identity-less, ephemeral messaging protocol where messages can be forged after-the-fact. The goal is protection against coercion or device seizure scenarios.
Core mechanism:
- Session keys derived via SPAKE2 from shared secret
- ChaCha20 encryption with deterministic nonces: sequence || timestamp
- HMAC authentication during conversation
Forgery capability: Anyone with session keys can create alternative messages using the same sequence/timestamp that decrypt to different content.
My question: Does this actually achieve cryptographic deniability? Are there ways someone could distinguish a real conversation transcript from a forged one?
I have a working prototype and want to validate that the approach is sound.
Edit: I totally meant to post this in a cryptography community, not cryptocurrency, haha. Sorry!
that’s on the person forging, it’s not doing any crazy forging on its own. it could, but like you said, i think that’d run into an issue of not being believable by not matching the personas and conversation context. that said, my belief is you probably don’t need perfect forgeries, just the ability to create plausible ones.
there’s still lots of open questions around usability and the practical deniability of it, just want to make sure the crypto side makes sense.