Cryptology ePrint Archive: Report 2021/1256

Oblivious Message Retrieval

Zeyu Liu and Eran Tromer

Abstract: Anonymous message delivery systems, such as private messaging services and privacy-preserving payment systems, need a mechanism for recipients to retrieve the messages addressed to them, without leaking metadata or letting their messages be linked. Recipients could download all posted messages and scan for those addressed to them, but communication and computation costs are excessive at scale.

We show how untrusted servers can detect messages on behalf of recipients, and summarize these into a compact encrypted digest that recipients can easily decrypt. These servers operate obliviously and do not learn anything about which messages are addressed to which recipients. Privacy, soundness, and completeness hold even if everyone but the recipient is adversarial and colluding (unlike in prior schemes), and are post-quantum secure.

Our starting point is an asymptotically-efficient approach, using Fully Homomorphic Encryption and homomorphically-encoded Sparse Random Linear Codes. We then address the concrete performance using a bespoke tailoring of lattice-based cryptographic components, alongside various algebraic and algorithmic optimizations. This reduces the digest size to a few bits per message scanned. Concretely, the servers' cost is a couple of USD per million messages scanned, and the resulting digests can be decoded by recipients in under 20ms. Our schemes can thus practically attain the strongest form of receiver privacy for current applications such as privacy-preserving cryptocurrencies.

Category / Keywords: cryptographic protocols / Private Messaging, Privacy-Preserving Cryptocurrencies, Fully Homomorphic Encryption

Date: received 20 Sep 2021, last revised 19 Oct 2021

Contact author: zl2967 at columbia edu, eprint2eran at tromer org

Available format(s): PDF | BibTeX Citation

Version: 20211019:034129 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]