[Cryptography] Anonymous rendezvous (was Business opportunities in crypto)

Christian Huitema huitema at huitema.net
Thu Apr 15 03:06:52 EDT 2021


On 4/15/2021 2:54 AM, Richard Outerbridge wrote:
>> On 2021-04-14 (104), at 16:58:10, Kent Borg <kentborg at borg.org> wrote:
>>
>> On 4/14/21 12:37 AM, Christian Huitema wrote:
>>> Anonymous rendezvous is a vexing problem.
>> When you put it that way, it sounds pretty impossible.
> Sounds pretty much reducible to PSSK.

Excuse my ignorance, but can you spell out PSSK?

Anonymous rendezvous is not entirely impossible. During the discussion 
in the DNSSD working group, we saw one plausible proposal. Assume that 
each of the parties has a public/private key pair, that authorized peers 
know the public key of the party with which they want to rendezvous, and 
that this public key is otherwise kept hidden from third parties. In 
short, the public key is treated as a shared secret between parties 
authorized to discover the owner of the key pair. The rendezvous can be 
achieved by encrypting a message with the public key of the party that 
want to be discovered, then broadcasting that message. Only the targeted 
party can decrypt it, and nobody else can find who the message is for. 
The message shall include suitable nonce to protect from replay attacks, 
and the encryption must not reveal the public key. So, in a sense, the 
problem is solved. On the other hand, there is a huge scaling issue 
because every potential target shall try to decrypt every anonymous 
discovery attempt. There were proposals to add various kind of hints to 
reduce the processing requirement, but you quickly find out that every 
additional hint reduces the puriy of the scheme and compromises 
anonymity. So in that sense, the problem is not solved.

-- Christian Huitema






More information about the cryptography mailing list