I am a web developer and a newbie in cryptography, so my question may sound not very related to this community, let me know if so, and where to ask.
Context is a distributed application, to exchange an important notifications, with a digital proof that users exchanged them. Will use standard Alice and Bob parties names below.
Application is not about cryptocurrencies and do not use blockchain. it is about digital proofs that users send some notifications each other, e. g. "I was here" or "I seen that task", or "I, Bob, confirm, that @alice@example.com is a Mastodon account of Alice", and all that kind of "proof".
Imagine if Alice and Bob have each one device with that application installed.
Each app instance has a "local" history of messages/notifications sent to and received by device owner.
Now Alice sends a message X to Bob, and Bob responds with a confirmation message Y to Alice.
Local messages history at each device is sequence of messages with at least these fields:
id - unique random idhash - sha512 of message with hash and signature set to null,previousHash (hash of message that is previous in local history record).localTimestampsigned_with_key - a string like {userId}@{deviceId}#{key_id}.signature - RSA signature with signature set to null.content - message actual content. This is application-specific, and does not matter, lets consider it as just opaque binary data.
I guess that to make sure that act of message receiving, it is necessary that Bob and Alice establish a kind of digital trust first, by exchanging a the public keys, via encrypted channel, based on Diffie-Hellman keys exchange, or by other method, like scanning QR codes for each other, or typing some representation of these DH public keys, but skip this step as already done.
If I will add cross-signature fields and implement this flow, like:
Alice sends a signed message,Bob responds with confirmation message containing Bob key id, signature by Bob key of message from Alice including signature by Alice and hash including that information.Alice responds with "proof" message which is confirmation record with metadata of confirmation message from Bob signed by Alice key.Bob responds with mirror "proof" message which is envelope message containing message metadata fields from 3 with hashes and signatures, signed by Bob key.
"Proof" message is bag of metadata fields including these:
messageId,fromUserId,toUserId,sendingTimestamp,messageHash,senderKeyIdsenderSignaturesenderPreviousHash,messageType,contentBinarySize,receivingTimestamp.
So, for consequent messages sent or received by Alice last hash (and next previousHash) value will be hash of "proof" message by Bob for Alice.
For Bob last hash and next previousHash will be the hash of his "proof" message sent to Alice.
How hard it would be to forge this kind of history on one of devices if it e. g. hacked or stolen, and therefore hackers have access to private keys on 1 stolen device?
Is described proofs schema secure at all?
Am I inventing a wheel? If so, which one?
