Hacker News new | ask | show | jobs
by randaouser 2743 days ago
Im hoping to resolve this using a "searchable encryption" scheme leveraging homomorphic encryption and elliptic curve based el-gamal. This would allow law enforcement to search for key words on encrypted data sets. This prevents leakage for both parties.

THe use case for emails is a tad clunky as the bag of words would require precomputing, however, it is privacy preserving for both parties.

If you feel this is something interesting that you would like to contribute to please msg me. I have working code in javascript (so it may soon be a plugin) and the architecture is decentralized but requires a a single message interaction between the actor querying and the data source.
1 comments
mLuby 2743 days ago
1. Once a user identifies messages containing the search term, what are they supposed to do then? The message should still be un-decryptable to them.

2. Can't a user search all common words against a message and then rearrange those found to roughly match the message length. There are only so many ways the words "noon begins the tomorrow revolution at" can be arranged and make sense.

link
randaouser 2743 days ago
1) Can you clarify which users? The government issuing the search query is unable to decrypt the messages. If they flag it, they can order a warrant against the individual to decrypt the message.

2) A random salt is used so only exact keywords will match (I have a fuzzy matching implementation using jaccard similarity and minhashing but that is an extension). To answer your question technically yes, but what you describe would require many interactions with the data source as the content producer must apply the encrypted queries against their encrypted data.

Again, I am trying to provide a solution that is beyond just giving someone the ability to read your private messages without your consent. No doubt it will require work from sidechannel attacks so appreciate any feedback

link