It should be noted that (while cool from a cryptographic perspective), this security primitive is practically useless in any scenario where you might think it would be useful:
* The burden of evidence to introduce chat logs in legal proceedings is much lower than you would think. Often screenshots of Facebook messages are used, or SMS records (which are also easily spoofed). A judge or jury will likely not entertain the possibility the messages were fabricated unless you have substantial evidence to the contrary.
* If you're scared of national security actors discovering you've leaked some information, the fact there is a record of the secret information in the other person's phone is more than enough for them to black bag you. (And let's be honest, lack of evidence has never stopped the USA from black bagging people.)
* Generally speaking, the probability of the chat record being faked is so small that no reasonable person will entertain the possibility it was faked (even though it could've been).
Not to mention there are all sorts of forensic methods to prove that a particular person wrote some message using fingerprinting, and ultimately Signal LLC does actually know whether you sent a message or not and who to (though admittedly they claim they don't keep metadata logs).
Now, if you're dealing with an anonymised chat system with this property then it could be argued it is practically useful. But at that point the anonymisation is doing most of the heavy lifting.
> The burden of evidence to introduce chat logs in legal proceedings is much lower than you would think. Often screenshots of Facebook messages are used, or SMS records (which are also easily spoofed). A judge or jury will likely not entertain the possibility the messages were fabricated unless you have substantial evidence to the contrary.
This is true for now. It seems likely that fabrication of screenshots etc will start to appear in legal cases, and as soon as it does, the burden of proof will shift.
For that to have any hope of working, you need easily available tools that can fake a chat database. Currently, I'm not aware of any such tools, and I'm not even sure that you can import a faked chat log into Signal on Apple iOS.
In court none of that is likely to hold up anyway, as evidence like chat databases is pretty much assumed to be true until proven otherwise.
