[messaging] PIR (in Pynchon Gate)

Trevor Perrin trevp at trevp.net
Sun Mar 30 08:55:09 PDT 2014

On Sun, Mar 23, 2014 at 11:48 PM, Brian Warner <warner at lothar.com> wrote:
> On 3/23/14 4:59 PM, Trevor Perrin wrote:
>> My vague understanding of PIR is that "single-server" schemes are less
>> practical than just sending the whole database, but there are
>> "multi-server" schemes which are somewhat-efficient and secure as long
>> as all servers don't collude. (Is that right? Could anyone explain PIR
>> in a separate thread?)
> I can explain the multi-server PIR scheme that the late Len Sassaman
> created for Pynchon Gate[1] (his anonymous-remailer mailbox scheme).

Thanks!  Seems potentially practical.  And the paper Stefan referenced
(Devet / Goldberg / Heninger [1]) looks like it can add robustness for
PIR-server misbehavior.

So for "introduction certificates" [2], there could be a bunch of
directories publishing intro certs from users.  These directories
would snapshot themselves periodically, and various "PIR mirrors"
would fetch the snapshots.

A user could lookup another user's intro-cert by public-key
fingerprint, without revealing which one, by querying several PIR

The user won't know which PIR slot to retrieve, a priori.  But a
multilevel index could be stored in the PIR slots.  The user could
fetch a top-level index which says which slots store the next-level
indexes for different fingerprint ranges, do a PIR query for the
relevant slot, and repeat until getting a slot containing the intro

Seem reasonable?


[1] http://www.cypherpunks.ca/~iang/pubs/orpir-usenix.pdf
[2] https://moderncrypto.org/mail-archive/messaging/2014/000113.html

More information about the Messaging mailing list