[messaging] Masking contact addresses with ECDH

Jeff Burdges burdges at gnunet.org
Tue Mar 1 07:53:01 PST 2016

On Tue, 2016-03-01 at 13:37 +0100, Jeff Burdges wrote:
> I donno if that buys much though since if a user's device
> can handle O(|contact|^2) cycles or storage then an adversary is
> likely
> to posses O(|interesting_people|^2) cycles or storage.

In fact, one could make the adversary much more work by building a kind
of "contact exchange ratchet" that bases the blinding for new bloom
filter exchanges on the current shared contact state, as opposed to
merely the public keys of Alice and Bob.  

I'm not 100% sure this can be done without leaking information over
time, but if so it'd give the adversary some nasty subexponential
algorithm, which sounds good enough.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20160301/8ae5d661/attachment.sig>

More information about the Messaging mailing list