On 1 Mar 2016 7:11 am, "Tony Arcieri" <[email protected]> wrote: > > On Monday, February 29, 2016, Ben Harris <[email protected]> wrote: >> >> What if I were to take the scalar and raise it to [the field prime minus 2] mod the prime? > > If the answer to that question is the original point, then I guess the scheme is worthless...
The multiplicitive inverse of the original scalar. But your scheme could just be Alice publishing a random R and also the hash/HMAC of each contact using R as key. Though it looks to only protect an attacker from determining if two people share contacts if the majority of public keys are secret/unpublished. An attacker with a directory of contacts can unblind everything.
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
