[messaging] Replacing group signatures with HMAC in Pond.
Joseph Bonneau
jbonneau at gmail.com
Wed May 28 11:54:01 PDT 2014
On Wed, May 28, 2014 at 2:24 PM, Trevor Perrin <trevp at trevp.net> wrote:
>
> You'd want to hand out serial #s randomly, so the server's bitmask
> would need to be sized to MAX number of messages that a user can
> receive. Not sure if that's a win spacewise vs storing 100 or 64 bits
> for each actual message.
>
You hand out serial #s randomly from your pool, but I don't think they need
to be random serial numbers from a 64-bit space. You can generate say 2^20
key pairs with sequential serial numbers. Every time you hand some out to
contacts, you pick a random set from those you haven't handed out yet. This
enables the bitmap representation. Is there a flaw with that I'm missing?
Eventually if you run out you get into the HMAC update process you
described, this happens either way.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140528/89389fa3/attachment.html>
More information about the Messaging
mailing list