On Tue, 2016-03-01 at 13:37 +0100, Jeff Burdges wrote: > I donno if that buys much though since if a user's device > can handle O(|contact|^2) cycles or storage then an adversary is > likely > to posses O(|interesting_people|^2) cycles or storage.
In fact, one could make the adversary much more work by building a kind of "contact exchange ratchet" that bases the blinding for new bloom filter exchanges on the current shared contact state, as opposed to merely the public keys of Alice and Bob. I'm not 100% sure this can be done without leaking information over time, but if so it'd give the adversary some nasty subexponential algorithm, which sounds good enough. Jeff
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
