Safety in Numbers: Obfuscating which collections of messages are Dark Crystal records

[m4gpi]

Currently when we publish a secret in Dark Crystal, we create a set of n + 2 records at the same time, where n is the number of shards specified. As someone browsing the public data, it would be relatively easy / simple to work out which collection of records are Dark Crystal records. In addition, they could also work out how many shards there are, and identify the encrypted shard messages. We need to obfuscate this. In order to guarantee the shards all publish together, these messages are grouped together. That means they are easily identifiable.

I suggest we build an ssb plugin that sets a timer and periodically publishes a fake set of messages that look like Dark Crystal records that we can request client applications to plugin and use. That way, we can obfuscate which are the real dark crystal records.

As an additional measure, we can pad the size of these records in a different manner randomly, so as to obfuscate the size of those real dark crystal records. Currently it would be plausible for an intelligent attacker to estimate the length of the secret base on the bytes of the encrypted messages.

@ameba23 @dan-mi-sun @mixmix

[ameba23]

good that you bring this up! as its for sure something we need to think about.

repeating what i think your proposals are to check i understood them:

firstly, build a plugin which publishes batches of garbage encrypted messages designed to look like dark-crystal message and encourage ssb clients to use it.

sencondly, pad the size of garbage messages non-uniformly. or did you mean pad the actual dark crystal messages?

its maybe worth noting secrets.js pads to multiples of 128 bits be default, and you can pass a bigger pad length as an argument to the share method

maybe we should split this into 2 issues - 'obfuscating which messages are from dark-crystal' and 'obfuscating secret length'.