[messaging] CONIKS

David Leon Gil coruus at gmail.com
Sun Dec 21 09:11:54 PST 2014

On Sun, Dec 21, 2014 at 4:25 AM, Mike Hearn <mike at plan99.net> wrote:
> This paper is relevant for e2e messaging:
> http://eprint.iacr.org/2014/1004.pdf

See also Marcela's MSE thesis, which presents most of the ideas
present in the paper:

> CONIKS also
> preserves user’s privacy by ensuring that adversaries cannot harvest large
> numbers of usernames from the directories.

The paper does this in a quite nifty way: Let S be a verifiable
unpredictable function and H a hash function. Then register a username

    H(S(username), outputlen=2*s)

The authors have suggested RSA-PKCSv15 or BLS signatures; I would
prefer to instantiate this, concretely, as


which should have a nice reduction to the RSA problem +
capacity-limited RO assumption.


Some more comments to follow.

- dlg

More information about the Messaging mailing list