German ct magazine postulates death of pgp encryption

Bjarni Runar Einarsson bre at
Sun Mar 1 13:39:36 CET 2015

Jonathan Schleifer <js-gnupg-users at> wrote:
> > Let me stress again that the proper course might be to replace SMTP (e-mail) and
> > then work from that. If you have a sieve and wish for something to hold liquids,
> > you could plug up all the holes or say "Blow this for a lark" and get a pan.
> You mean like BitMessage <>?
> I think it's the only replacement for mail with cryptography from the
> start. It gets rid of the whole public / private key problem and also
> gets rid of spam by requiring a proof of work to send something.

Bitmessage is a toy. An interesting toy, but it's still just a toy.

You can't propose to replace e-mail, a system used by *billions of
people*, with this:

"Just like Bitcoin transactions and blocks, all users would receive all
messages. They would be responsible for attempting to decode each
message with each of their private keys to see whether the message is
bound for them."
  - <>

The paper mentions a very hand-wavey, stream sharding concept to improve
scalability, which has not been implemented and there is no math
presented to support the idea that it actually will work.

At scale, any promise of anonymity made by this protocol will be
hampered by the fact that, on average, you have to connect to as many
streams as you have contacts when sending mail, and your contact is
connected to the stream and downloading the mail. Once there are enough
shards to handle global traffic levels, then assuming the network hasn't
already collapsed under its own weight (they talk about hierarchical
shard discovery and signaling between shards), things will be so spread
out that traffic analysis will give very strong clues about who is
talking to whom. How severe this effect is, is for researchers to
quantify - but the Bitmessage paper gives no indication that they're
even aware of the problem.

I'm all for experiments and Bitmessage may flesh these things out over
time, but the paper was written in 2012 and (based on a quick grep of
their github) their codebase still doesn't support more than one stream.
To them, scalability is a "feature" they will implement "later". Until
they do, this is not even remotely a candidate for replacing e-mail.

It's cool tech! It's just not an e-mail replacement.

Having studied the specs for both (various people want us to implement
interesting protocols like this in Mailpile), I'd say DIME is a much
more credible attempt at baking strong crypto into e-mail from the
start, but it is still too new to say much about it.

 - Bjarni

Sent using Mailpile, Free Software from

More information about the Gnupg-users mailing list