[curves] Use cases for PAKE?
Trevor Perrin
trevp at trevp.net
Wed Mar 19 16:17:51 PDT 2014
On Wed, Mar 19, 2014 at 11:44 AM, Arlo Breault <arlolra at gmail.com> wrote:
> PANDA's an interesting use case for EKE2.
>
> https://pond.imperialviolet.org/tech.html
> https://github.com/agl/pond/blob/master/papers/panda/panda.tex
>
Hi Arlo,
There was some discussion of Pond's "PANDA", and its PAKE, here:
https://moderncrypto.org/mail-archive/messaging/2014/000086.html
It's true that it uses a rough form of "EKE2" (aka the
Bellare/Pointcheval/Rogaway formalization of what Bellovin/Merritt called
"DH-EKE" [1,2]).
But I don't think the PAKE provides value, since the "meeting ID"
undermines it and enables guessing against the meeting secret (which the
PAKE is also based on).
My impression is that PAKE is there in the hope that the meetingID problem
would one day be solved. But until that happens, this doesn't seem like a
great use case.
Trevor
[1] http://eprint.iacr.org/2000/014.pdf
[2] http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.45.3156
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20140319/a8295415/attachment.html>
More information about the Curves
mailing list