Can this messaging protocol achieve cryptographic deniability?
Can this messaging protocol achieve cryptographic deniability? - Leminal Space
I’m designing an identity-less, ephemeral messaging protocol where messages can be forged after-the-fact. The goal is protection against coercion or device seizure scenarios. Core mechanism: * Session keys derived via SPAKE2 from shared secret * ChaCha20 encryption with deterministic nonces: sequence || timestamp * HMAC authentication during conversation Forgery capability: Anyone with session keys can create alternative messages using the same sequence/timestamp that decrypt to different content. My question: Does this actually achieve cryptographic deniability? Are there ways someone could distinguish a real conversation transcript from a forged one? I have a working prototype and want to validate that the approach is sound.
