

Ask HN: is there such a thing as a public stream of encrypted messages? - anigbrowl

I feel like I should know about this and could probably find out with a little research, but thought I'd ask today seeing as there are so many crypto experts on HN.<p>If two people are exchanging encrypted email a third party could still observe the fact that communication was taking place even if the content itself were obscured. But what if a large number of people were posting encrypted data to a public message board? Only the recipients would know which messages were intended for them. Of course, this would mean attempted to decrypt every new message using one's private key, and getting nothing useful in the majority of cases - very inefficient, but also secure. For example:<p><pre><code>  pg:       slkdjfbiofdnbdoibjowerni
  swombat:  poripmkbdoijdpohkdpjthkj
  tptacek:  sdflkjsdffnhhxgfjhlfkgjh
  ....etc.
</code></pre>
I try decrypting every one of these 'messages' (all of which would be much longer in reality) with my private key, but only swombat's resolves to plain text. Now I know his message was intended for me, but onlookers do not.<p>Obviously, there is nothing especially clever about this - it's just the old espionage technique of public signalling (through a classified advertisement or visual display) combined with a dead drop. Some twitter clients allow for the broadcast of encrypted tweets, for example. But I was unable to think of any obvious streams of encrypted  material like this. Do such things exist, or are most people too paranoid to use them? I have no practical purpose in mind, it just came up as a hypothetical in a discussion, for which I was unable to think of a real-world example.
======
evgen
You can do it a bit easier without needing to have a large central message
repository. Start with a secure distributed write-only database (imagine
something like a big collection of random people running a variant of couchdb
that included some crypto primitives) and then mix in a bit of private
information retrieval[ * ] and you are most of the way there. There are some
tricky bits to this general idea, like notifications and indexing the
mailboxes, but the principle is fairly sound. The problem with these sort of
ideas is that if you try to implement them in the real world you soon discover
that your addressable userbase is really, really small, most of them are
people you probably don't want to help out very much, and the resource
provider/parasite ratio is hard to keep sustainable.

[ * ] PIR in a nutshell: Servers A & B contain messages 1, 2, 3, 4 & 5\. You
ask server A to XOR messages 1 & 4 together and send it to you and you ask
server B to XOR messages 1, 2 & 4 together and send them to you. You XOR the
two streams and get message 2, but neither A nor B know what you asked them
for. Obviously there are additional steps that make the system more secure,
but that is the basic gist of how it works.

------
y0ghur7_xxx
The Newsgroup alt.anonymous.messages is made exactly for this purpose.

<http://groups.google.com/group/alt.anonymous.messages/topics>

~~~
edge17
if you'll excuse my naïveté, but what's the purpose?

~~~
sorbus
Transmitting messages such that the intended recipient is impossible to know
for any third-party observer. If you're sufficiently and justifiably paranoid,
you'll want to obscure both the content of your messages and who you're
talking with.

I can think of some uses for this, mostly related to spying and espionage. On
the other hand, if you're really paranoid you don't want anyone to know that
you're transmitting messages - because that can lead to danger, if they choose
to take the lead pipe approach to finding out what you want to keep secret.

------
Skywing
Perhaps Twitter has the better solution? Why not direct messages to a single
user, or hash tag, etc? It's basically a way of sending messages to only a set
of recipients that wants to receive it. In your case though, there'd also be a
level of encryption involved. I guess what I'm saying is, perhaps a real-world
example could be close to Twitter?

~~~
anigbrowl
Well, the idea here is to prevent third parties from knowing which senders are
communicating with which recipients. If only 2 people are using such a system
then obviously that's pointless, but as _n_ increases then there are
_n(n-1)/2_ possible conversations in progress, obscuring the pattern as well
as the content of communication.

------
jganetsk
I think onion routing, like the Tor project, satisfies the criteria of
obscuring sender and recipient.

------
nolite
wifi routers?

