a modal/duality modality

ciascun m’annoja: delayed autodecryptions with Rust

ciascun m’annoja makes delayed-autodecryptions.

Delayed autodecryptions are programs that reveal a message, but only after some delay after executing it. By the properties of cryptographic hash functions and PBKDFs, there is no way to obtain the message more quickly.

A simplified explanation is that the message is encrypted with a short password that was randomly generated but can be guessed with many repeated tries.


You can compile from source, or download the Linux x86_64 binary. Write your message.

echo "Ladies and gentlemen of the class of '99. Wear sunscreen..." > message.txt

Let the number of seconds you want your message to be delayed by be n. Run

$ ./ciascun-m-annoja benchmark --delay-in-seconds [n]

Let the output rank be r. Now run

$ ./ciascun-m-annoja seal -i message.txt -o message.ciascun --rank [r]

That’s it! Send message.ciascun to anyone you like. To decrypt, they need to download ciascun m’annoja and run

$ ./ciascun-m-annoja open message.ciascun 

Cryptography details

The most important thing is that the decryption time is on a linear probabilistic distribution. There is a 1/2 probability decryption will take less than the expected value, 1/4 probability decryption will take less than half the expected value, etc. Pad the delay accordingly.

To seal, Asterix generates a random 8 byte salt and a secret number between 0 and rank. Asterix computes the ChaCha20-Poly1305 sealing key with the SHA256 encryption of the secret as keying material, and seals the plaintext message. Then Asterix computes the 10000x PBKDF of the secret with the computed salt as the validator. Asterix sends the rank, the sealed message, the salt, and the validator to Obelix.

Obelix computes a random index between 0 and rank, then increments the index until its 10000x PBKDF with the given salt matches Asterix’s validator; i.e., when the index is the secret. When this is done, Obelix is able to compute the ChaCha20-Poly1305 opening key and decrypt the message, and can use the computed secret to immediately decrypt the same message in the future. The expected number of iterations is rank/2.