I’m designing an identity-less, ephemeral messaging protocol where messages can be forged after-the-fact. The goal is protection against coercion or device seizure scenarios.
Core mechanism:
- Session keys derived via SPAKE2 from shared secret
- ChaCha20 encryption with deterministic nonces: sequence || timestamp
- HMAC authentication during conversation
Forgery capability: Anyone with session keys can create alternative messages using the same sequence/timestamp that decrypt to different content.
My question: Does this actually achieve cryptographic deniability? Are there ways someone could distinguish a real conversation transcript from a forged one?
I have a working prototype and want to validate that the approach is sound.
Edit: I totally meant to post this in a cryptography community, not cryptocurrency, haha. Sorry!
Do your forged conversations maintain linguistic integrity? i.e., do they make sense, hold together over the fake conversation, and match the personas of the participants? Digitally testing as valid is one level. If a human reads it, will it still pass?
that’s on the person forging, it’s not doing any crazy forging on its own. it could, but like you said, i think that’d run into an issue of not being believable by not matching the personas and conversation context. that said, my belief is you probably don’t need perfect forgeries, just the ability to create plausible ones.
there’s still lots of open questions around usability and the practical deniability of it, just want to make sure the crypto side makes sense.