Does Enrico sign plaintext? Ciphertext? Both?

jMyles commented 1 year ago

The age-old of encrypt-then-sign or sign-then-encrypt - what forward compatibility do we want to offer?

Signing the plaintext gives Bob (and "only" Bob? everyman, etc) assurance that the plaintext is from the source he expects.
Signing the ciphertext allows Bob or Ursula to publicly demonstrate that the source in question generated the payload.

When in the runtime do these signatures occur? Can Enrico pre-sign and store?

Use case example:

Enrico is a book author. He wishes to provide preview snippets for Bob to search as Bob considers purchasing the book. In order to ensure that Bob is receiving snippets from the actual text, they can signed by the same secret ultimately used to sign the book.

arjunhassard commented 1 year ago

No forward compatibility issue here so bumping to next version. First adopter set will not distinguish (wrt client) between 'Alice' and 'Enrico'.

arjunhassard commented 9 months ago

Closed by https://github.com/nucypher/nucypher/pull/3194

nucypher / taco-web

Does Enrico sign plaintext? Ciphertext? Both? #157