[messaging] Hashing entries in a transparency log

David Leon Gil coruus at gmail.com
Thu Sep 4 07:57:15 PDT 2014

On Wednesday, September 3, 2014, Trevor Perrin <trevp at trevp.net> wrote:

> People keep suggesting salt, but I don't think per-user salt is
> feasible (different salts could map Bob's address to different hashes,
> allowing the log to contain different public keys for Bob).

This is a very important point. (Which I hadn't really considered!)

It's possible to enforce this post-hoc by publishing/gossiping (signed)
messages consisting of a salt and a ZKP of the corresponding email

This is likely fairly effective in this case: If, e.g., to 'register'
coruus at gmail.com, Google requires your Gmail address, they can reject
'salt-split' identities. If they ever do, you can prove that they did. This
makes them, e.g., being ordered to do so rather less likely.

But this is only deters attacks; it doesn't prevent them.

[*] In practice just another salted hash would work...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140904/b494d936/attachment.html>

More information about the Messaging mailing list