[messaging] Hashing entries in a transparency log
David Leon Gil
coruus at gmail.com
Thu Sep 4 07:57:15 PDT 2014
On Wednesday, September 3, 2014, Trevor Perrin <trevp at trevp.net> wrote:
>
> People keep suggesting salt, but I don't think per-user salt is
> feasible (different salts could map Bob's address to different hashes,
> allowing the log to contain different public keys for Bob).
This is a very important point. (Which I hadn't really considered!)
It's possible to enforce this post-hoc by publishing/gossiping (signed)
messages consisting of a salt and a ZKP of the corresponding email
address.[*]
This is likely fairly effective in this case: If, e.g., to 'register'
coruus at gmail.com, Google requires your Gmail address, they can reject
'salt-split' identities. If they ever do, you can prove that they did. This
makes them, e.g., being ordered to do so rather less likely.
But this is only deters attacks; it doesn't prevent them.
[*] In practice just another salted hash would work...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140904/b494d936/attachment.html>
More information about the Messaging
mailing list