[messaging] Encrypted Pulic Contact Discovery
moxie at thoughtcrime.org
Wed Aug 19 10:34:41 PDT 2015
On 08/19/2015 08:26 AM, steve at actor.im wrote:
> Hello everyone!
> Just finished small article about one idea of secure contact
Publishing the entire directory is one approach to PIR, but it won't
scale on mobile with an even moderately sized user base. We started out
using a bloom filter for RedPhone, which is more space efficient than a
directory of hashes and encrypted tokens, and have already hit the limit.
For what it's worth, I wrote a small summary of techniques and why none
of them work at scale here:
Using PBKDF2 also won't stop someone from inverting your entire
directory, since the preimage space is so small. If that's an important
feature, encrypted bloom filters are probably a better option, since
that at least allows you to rate limit server-side and is thus no worse
than traditional contact intersection. But, again, it won't scale.
More information about the Messaging