[messaging] Masking contact addresses with ECDH
Ben Harris
mail at bharr.is
Mon Feb 29 12:25:05 PST 2016
On 1 Mar 2016 7:11 am, "Tony Arcieri" <bascule at gmail.com> wrote:
>
> On Monday, February 29, 2016, Ben Harris <mail at bharr.is> wrote:
>>
>> What if I were to take the scalar and raise it to [the field prime minus
2] mod the prime?
>
> If the answer to that question is the original point, then I guess the
scheme is worthless...
The multiplicitive inverse of the original scalar.
But your scheme could just be Alice publishing a random R and also the
hash/HMAC of each contact using R as key.
Though it looks to only protect an attacker from determining if two people
share contacts if the majority of public keys are secret/unpublished. An
attacker with a directory of contacts can unblind everything.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20160301/81f4e0ae/attachment.html>
More information about the Messaging
mailing list