[Standards-JIG] Many to many e2e encryption (JEP-116)
justin-keyword-jabber.093179 at affinix.com
Mon Nov 28 23:09:14 UTC 2005
On Friday 25 November 2005 03:04, Pierre THIERRY wrote:
> I don't see any other scenario that would scale up correctly with the
> number of recipients growing (sending a specificly encrypted message for
> each final recipients to the global one would just bloat the message of
> there is many recipients, but maybe this is not a real problem if
> confidentiality really matters).
If there are 50 groupchat participants, all sharing the same session key, then
there is no need to have the same message encrypted 50 times. Just encrypt
the message once, with the one known session key. Sign it with the sender's
public key. O(1) or something.
The trick, of course, is finding a way to distribute the session key, and it
would probably be a good idea to change it every time someone joins or leaves
(see SILC). And then on top of that you need some sort of access control
over who can join the room (e.g. at the very least, it should require an
invite from an existing participant, or perhaps a password-protected room).
More information about the Standards