[messaging] Modern anti-spam and E2E crypto
brendanmcmillion at gmail.com
Tue Sep 9 21:56:00 PDT 2014
You can post the index and the encrypted corpus on your Twitter, if you
please. It doesn't matter.
For touch or acoustic cryptanalysis, there's likely no well-developed
The strongest definition of security is CKA2 (adaptive security against
chosen-keyword attacks), meaning the server can't learn anything about the
queries or the corpus by observing any number of queries except what it's
explicitly allowed to learn (to serve its purpose). Meaning, if an
attacker got control of the server, the worst they'd be able to do would be
provide less-than-quality service.
On Wed, Sep 10, 2014 at 12:28 AM, Tony Arcieri <bascule at gmail.com> wrote:
> On Tue, Sep 9, 2014 at 9:22 PM, Brendan McMillion <
> brendanmcmillion at gmail.com> wrote:
>> Basically, the client generates an encrypted version of an inverted index
>> that allows the server, given a trapdoor for a keyword X, to learn which
>> files contain X and no more (including the plaintext value of the keyword
>> or word distribution). You can then build on top of that more complex
>> predicates, like "find files that contain X or Y" and some schemes use
>> order preserving symmetric encryption (OPSE) to enable ranked results
>> When a user checks their mail, the client fetches new messages and tells
>> the server how to update the index. The operations involved are largely
>> symmetric (hence fast) and the information sent back to the server is
>> typically small--it depends on the particular construction.
> Is there any information on preventing sidechannels in a system like this?
> For example, if the attacker is able to observe the contents of the server
> as well as send messages to the victim, how do we prevent the attacker from
> learning the contents of the index?
> Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging