[messaging] Modern anti-spam and E2E crypto

Tony Arcieri bascule at gmail.com
Tue Sep 9 21:28:43 PDT 2014

On Tue, Sep 9, 2014 at 9:22 PM, Brendan McMillion <
brendanmcmillion at gmail.com> wrote:

> Basically, the client generates an encrypted version of an inverted index
> that allows the server, given a trapdoor for a keyword X, to learn which
> files contain X and no more (including the plaintext value of the keyword
> or word distribution).  You can then build on top of that more complex
> predicates, like "find files that contain X or Y" and some schemes use
> order preserving symmetric encryption (OPSE) to enable ranked results
> (RSSE).
> When a user checks their mail, the client fetches new messages and tells
> the server how to update the index.  The operations involved are largely
> symmetric (hence fast) and the information sent back to the server is
> typically small--it depends on the particular construction.

Is there any information on preventing sidechannels in a system like this?
For example, if the attacker is able to observe the contents of the server
as well as send messages to the victim, how do we prevent the attacker from
learning the contents of the index?

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140909/82ce6b40/attachment.html>

More information about the Messaging mailing list