Pretty much here is where I am at. I have been working for about two years now coding a system for secure communications, and have tens of thousands of lines of source code already done. I have been sort of designing this thing as I go. At first I tried to make entire design by myself. That was a bad plan. Then I focused on the academic literature and implemented other peoples ideas. That was a much better plan. I have Sphinx cryptographic packet format completely implemented in C (as well as LIONESS block cipher that it uses). I have greatly wrapped OpenSSL crypto library, and can do ECDH key exchange, AES counter encryption, MAC, and all of the other stuff, with a simple call. I have a NIST password entropy estimator implemented, as well as a bloom filter, as well as wrapped database libraries for easy database management, secure wipe, tons of shit. I also have Alpha mixing mix network system almost fully implemented, and distributed directory servers almost fully implemented, tons of networking code, and a lot of other shit I am sure I cannot remember right now (I have taken a multi month break on working on this because of various reasons). I also have the PIR of Pynchon Gate implemented. So I am close to having the entire Pynchon Gate whitepaper implemented, using Sphinx and Alpha mixing for forward messages, with automatic ECDH between communicating parties, etc. I also have Tor wrapped up and integrated, as all mixes are run as hidden services and all clients use Tor. But I want to diverge from Pynchon Gate at this point. I don't like that Pynchon gate has a semi-trusted nymserver that gathers all messages to me and then puts them in a bucket that is distributed for PIR. I also don't like that Pynchon gate assumes person to person communications rather than group communications. I want to remove the nymserver by having contact strings between communicating parties. Essentially the communicating parties do ECDH key exchange and have now shared secrets which can be iteratively hashed out to tag to messages for identification. Now I do not need a trusted nymserver that gets messages for Bob and puts them in Bobs bucket, because each individual message is tagged with an unlinkable string that Bob can identify is for him. Okay that is great, except for two things. One thing is that Pynchon gate has buckets that are all padded to the same size, so every PIR cycle Bob always gets his entire bucket of messages and then sorts out the individual messages. This is made possible because of the Nymserver, which bunches all messages to Bob together for retrieval with block PIR. So instead I want Bob to have these contact strings for a thousand people he is communicating with, and every cycle I want Bob to query the PIR server to find out which of his contacts have sent him a message. This is what I am talking about in my original post, how Alice can ask Bob if he has a message for her without Bob knowing which message Alice is asking for. After Alice finds that Bob does have a message for her she then needs to retrieve it. I am a bit shakey on this part as well. If messages are not all the same size then using block PIR to get messages will be a waste of time since the message sizing leaks the message. So all things must be padded to the same size before they are retrieved. But I would rather for the user to be able to do non-sequential PIR to get say 6 KB of messaging data tagged with one contact string in one spot of the database and 2 KB of messaging data tagged with another contact string in another part of the database, and then 2 KB of padding, instead of the user having all of their total message data put in a sequential bucket with 2 KB of padding. So essentially I am working on figuring out 1. How can Alice ask Bob if Bob has a message for Alice without Bob knowing which Message Alice is interested in? 2. Once Alice knows she has a message, how can she get the message without leaking what the message is? without having to individually pad each message to the same size (bandwidth prohibitive) and without a trusted nymserver being able to group messages to Alice together so she can get them (padded to the same bucket size) with sequential byte PIR. If I can find good answers to question 1 and 2 then I will have a very very secure and anonymous encrypted messaging system that can scale to group communications. If that fails I will probably just fall back to finishing Pynchon Gate, but honestly it is not exactly what I want. The hardest part is making shit scale to group communications, doing person to person is soooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo much easier than group communications.