[messaging] CONIKS
David Leon Gil
coruus at gmail.com
Sun Dec 21 09:11:54 PST 2014
On Sun, Dec 21, 2014 at 4:25 AM, Mike Hearn <mike at plan99.net> wrote:
> This paper is relevant for e2e messaging:
>
> http://eprint.iacr.org/2014/1004.pdf
See also Marcela's MSE thesis, which presents most of the ideas
present in the paper:
http://www.cs.princeton.edu/~melara/pubs/mse-thesis.pdf
> CONIKS also
> preserves user’s privacy by ensuring that adversaries cannot harvest large
> numbers of usernames from the directories.
The paper does this in a quite nifty way: Let S be a verifiable
unpredictable function and H a hash function. Then register a username
as:
H(S(username), outputlen=2*s)
The authors have suggested RSA-PKCSv15 or BLS signatures; I would
prefer to instantiate this, concretely, as
SHAKE256(RSA-FDH[b=2048](SHAKE256(username)))
which should have a nice reduction to the RSA problem +
capacity-limited RO assumption.
--
Some more comments to follow.
- dlg
More information about the Messaging
mailing list