On 08/19/2015 08:26 AM, [email protected] wrote: > Hello everyone! > > Just finished small article about one idea of secure contact > discovery: > https://medium.com/@ex3ndr/encrypted-public-contact-discovery-95cfa0a0f6c7
Publishing the entire directory is one approach to PIR, but it won't scale on mobile with an even moderately sized user base. We started out using a bloom filter for RedPhone, which is more space efficient than a directory of hashes and encrypted tokens, and have already hit the limit. For what it's worth, I wrote a small summary of techniques and why none of them work at scale here: https://whispersystems.org/blog/contact-discovery/ Using PBKDF2 also won't stop someone from inverting your entire directory, since the preimage space is so small. If that's an important feature, encrypted bloom filters are probably a better option, since that at least allows you to rate limit server-side and is thus no worse than traditional contact intersection. But, again, it won't scale. - moxie -- http://www.thoughtcrime.org _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
