~edwargix/tallyard#13: 
Use Matrix's encryption system instead of nacl

We're currently using https://pkg.go.dev/golang.org/x/crypto/nacl/box for p2p encryption (since it's easy), but Matrix already provides a strong encryption system that also includes key verification, a double-ratchet, etc.

Using Matrix's E2EE will also hide metadata about the election itself because all events will be of the type m.event.encrypted, thus looking no different than normal matrix messages. Note that this isn't perfect opsec since the pattern of messages provides clues for eavesdroppers, but it helps.

Status
REPORTED
Submitter
~edwargix
Assigned to
No-one
Submitted
3 months ago
Updated
3 months ago
Labels
v0.4.0