[Cryptography] Bloom filter question
John Levine
johnl at iecc.com
Thu Aug 7 19:08:44 EDT 2025
It appears that Peter Fairbrother <peter at tsto.co.uk> said:
>>> For instance, if you only have one item in the filter it is going to be
>>> pretty sparse, and easily recognisable as a single item. Do you need
>>> dummy items? A nonce? A secret to add pre-hash?
>>
>> It's not a big deal. If there's only one recipient, it's usually obvious
>> from other things who it was and if there's more than one, you can usually
>> tell that, too, even if you can't tell who the other ones are.
>
>I'm still unsure about your threat model/use application. What is this
>doohickey actually for?
The idea is that there's a chain of signatures and you want to verify that
the sender in signature N+1 matches one of the recipients in N.
>> I suppose if it were an issue, we could add dummy items that don't
>> have @ signs so they can't collide with real addresses.
>
>That's not how a Bloom filter works...
Sure it is. If I have two addresses foo at example.com and bar at example.net,
I hash them, and use the hashes to set bits in the bit array. Then I
make up 8 random strings not containing @ signs, hash each of them,
and set those bits. Now you can guess there were 10 strings, but you
can't tell how many were real addresses.
R's,
John
More information about the cryptography
mailing list