the usual use of the shared secret from a diffie-hellman key exchange is as a symmetric encryption key. of course, there’s nothing preventing anyone from using it as a secret key for a signing algorithm instead.

converge has two types of objects:

  • blobs are encrypted by a (possibly keyed) has of their secret content, and identified by a hash of their public content
  • pointers are encrypted with a key derived from their secret key, identified by the signature, and each series of pointers is identified by their public key

now, you can’t choose either the hash of some content or a public key. but you can choose the secret key used to sign a pointer. and so you can use diffie hellman to establish a shared signing key, and look for pointers with the corresponding shared public key.


this thought came out of looking for a way to use converge hold the shared state between a client and a server. but it would also enable a messaging application where the client only checks for messages from specific people.

the queries/subscriptions would keep the identity of the other party secret, as the public key doesn’t reveal the private key and the private key doesn’t reveal the keys of the participants, so any transit servers need to fall back to traffic analysis to determine who is communicating with whom.

it can even use ratcheting to provide forward security, though the pointers include the identifier of the blob in their public content, so that would have slightly different properties…