abc def
2016-02-15 07:23:09 UTC
Regarding this: https://whispersystems.org/blog/contact-discovery/
Sorry if this has already been addressed but a cursory search has not
turned up any new information.
The way I see it, the solution isn't algorithmic, it's simple data padding.
As put forth in the post, a single phone number is simply too short in
length to stop pre-computation attacks.
Since both users are required to be on Signal to connect with each other we
can assume that both users must have the phone number of the other.
If we use U.S. numbers as a simple example (I would recommend a
standardized international format for the actual implementation) then 2
phone numbers concatenated together doubles our message length to 18
digits; or 10^18 possibilities before excluding invalid number combinations.
Combine that with a standardized sort and any 2 users can find each other
as long as each has the other one's number.
For instance:
User A (299-555-0113) and User B (218-555-1945) both install Signal
User A concatenates their phone number with every other phone number in
their address book, sorting by trivial alphanumerics in a neutral collation.
When User A hits User B's phone number they end up with
218-555-0113/299-555-1945.
User A uploads the hashes of all the concatenated phone numbers.
For User B this would be Hash(218-555-0113/299-555-1945).
User B does the same and when User B hits User A's phone number, they end
up with the same hash due to sorting before concatenation and hashing.
User A and User B can now upload their contacts without an adversary being
able to tell which contacts User A or B has unless they already know the
connection between User A and User B exists.
Changing to an international phone number format helps even more as we now
end up with an even larger message of varying length.
Thanks
Sorry if this has already been addressed but a cursory search has not
turned up any new information.
The way I see it, the solution isn't algorithmic, it's simple data padding.
As put forth in the post, a single phone number is simply too short in
length to stop pre-computation attacks.
Since both users are required to be on Signal to connect with each other we
can assume that both users must have the phone number of the other.
If we use U.S. numbers as a simple example (I would recommend a
standardized international format for the actual implementation) then 2
phone numbers concatenated together doubles our message length to 18
digits; or 10^18 possibilities before excluding invalid number combinations.
Combine that with a standardized sort and any 2 users can find each other
as long as each has the other one's number.
For instance:
User A (299-555-0113) and User B (218-555-1945) both install Signal
User A concatenates their phone number with every other phone number in
their address book, sorting by trivial alphanumerics in a neutral collation.
When User A hits User B's phone number they end up with
218-555-0113/299-555-1945.
User A uploads the hashes of all the concatenated phone numbers.
For User B this would be Hash(218-555-0113/299-555-1945).
User B does the same and when User B hits User A's phone number, they end
up with the same hash due to sorting before concatenation and hashing.
User A and User B can now upload their contacts without an adversary being
able to tell which contacts User A or B has unless they already know the
connection between User A and User B exists.
Changing to an international phone number format helps even more as we now
end up with an even larger message of varying length.
Thanks