[messaging] Masking contact addresses with ECDH

Ben Harris mail at bharr.is
Mon Feb 29 12:25:05 PST 2016

On 1 Mar 2016 7:11 am, "Tony Arcieri" <bascule at gmail.com> wrote:
> On Monday, February 29, 2016, Ben Harris <mail at bharr.is> wrote:
>> What if I were to take the scalar and raise it to [the field prime minus
2] mod the prime?
> If the answer to that question is the original point, then I guess the
scheme is worthless...

The multiplicitive inverse of the original scalar.

But your scheme could just be Alice publishing a random R and also the
hash/HMAC of each contact using R as key.

Though it looks to only protect an attacker from determining if two people
share contacts if the majority of public keys are secret/unpublished. An
attacker with a directory of contacts can unblind everything.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20160301/81f4e0ae/attachment.html>

More information about the Messaging mailing list