On Sun, Dec 21, 2014 at 4:25 AM, Mike Hearn <[email protected]> wrote: > This paper is relevant for e2e messaging: > > http://eprint.iacr.org/2014/1004.pdf
See also Marcela's MSE thesis, which presents most of the ideas present in the paper: http://www.cs.princeton.edu/~melara/pubs/mse-thesis.pdf > CONIKS also > preserves user’s privacy by ensuring that adversaries cannot harvest large > numbers of usernames from the directories. The paper does this in a quite nifty way: Let S be a verifiable unpredictable function and H a hash function. Then register a username as: H(S(username), outputlen=2*s) The authors have suggested RSA-PKCSv15 or BLS signatures; I would prefer to instantiate this, concretely, as SHAKE256(RSA-FDH[b=2048](SHAKE256(username))) which should have a nice reduction to the RSA problem + capacity-limited RO assumption. -- Some more comments to follow. - dlg _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
