The real pubkeys.
I believe this is strongly metadata leak resistant as channels can be established before they are needed, or when not needed to obscure other details like who was ever communicated with.
This can be, and the specification permits future re-initializations to be performed in the same channel.
So metadata security depends on users creating at least some number (probably a reasonably large number) of fake channels at the start in addition to the real channels they want so that an observer doesn’t know which channel relates to which real user in the future?
In any case, I’d love to see a demo app so I could see how it is implemented and works.
Channels cannot be correlated to users unless:
- you leak via IP
- you leak via activity times
Both of which apply to all schemes.
This is only for obscuring who a user has communicated with at all: if an app establishes channels only when DMing, you only leak A has initiated a channel with B, but adding noise reduces this risk.
