Contact discovery

In order to turn the address book on a device into a social graph for Chapp, the Chapp client needs to be able to determine which of the device’s contacts are Chapp users. In other words, the client needs to ask the service “Here are all my contacts, which of them are Chapp users?”

Since we don’t want the Chapp service to know the contents of a client’s address book, this question needs to be asked in a privacy-preserving way.

In Chapp that process has looked like:

• The client calculates the truncated SHA256 hash of each phone number in the device’s address book.
• The client transmits those truncated hashes to the service.
• The service does a lookup from a set of hashed registered users.
• The service returns the intersection of registered users.

The obvious problem with this method is that the hash of a user identifier can almost always be inverted. Regardless of whether the identifier is a phone number, a user name, or an email address, the “keyspace” of all possible identifiers is too small.

This method of contact discovery isn’t ideal because of these shortcomings, but at the very least the Chapp service’s design does not depend on knowledge of a user’s social graph in order to function.

In order to know more about the difficulty of private contact discovery you can discover this articleopen in new window and this seviceopen in new window