How could Signal (or other client-server protocol) not leak metadata? It is true that OpenPGP leaks more metadata than necessary (e.g. Subject), but seems to me that any efficient message protocol needs to leak at least three most important metadata - source, destination, time.
One could avoid leaking destination by broadcasting encrypted to many receivers (when only the true one can decrypt it) and therefore server does not need to know true destinations, but that is rather inefficient.
How does that even work? The only way to encrypt the sender is to send every (encrypted) message to everyone and let the clients drop the ones they can't encrypt. On a Phone. I hope they give out free batteries.
The post mentions some kind of "short-lived" pseudo-sender, which is vulnerable to the same metadata analysis.
Encrypting the sender is pretty easy. Deliver the encrypted message+sender at the destination. Only the receiver will be able to decrypt it and see who the sender was.
Encrypting the receiver is a lot harder though. It will probably involve dropping off the message at some central location and some very fancy cryptography. Secure multi-party computation [0] will probably be involved. I don't know if it can be made scalable though.
> Encrypting the sender is pretty easy. Deliver the encrypted message+sender at the destination.
That's the point. If the sender is encrypted, what's "the destination"? The IPv4 space? A random ID that represents the sender? How does that change the metadata angle?
How could Signal (or other client-server protocol) not leak metadata? It is true that OpenPGP leaks more metadata than necessary (e.g. Subject), but seems to me that any efficient message protocol needs to leak at least three most important metadata - source, destination, time.
One could avoid leaking destination by broadcasting encrypted to many receivers (when only the true one can decrypt it) and therefore server does not need to know true destinations, but that is rather inefficient.