[curves] The SPEKE Protocol Revisited

Michael Hamburg mike at shiftleft.org
Mon Sep 29 11:11:22 PDT 2014

Thanks for this, Feng.

The wormhole attack appears to be based almost entirely on the fact that SPEKE is symmetric and doesn’t include party identities in the key confirmations.  Does it therefore also apply to Dragonfly, since Dragonfly is also symmetric and is very similar to SPEKE?  Or is Dragonfly’s key confirmation somehow protected?

— Mike

> On Sep 29, 2014, at 6:48 AM, Feng Hao <feng.hao at newcastle.ac.uk> wrote:
> Hi,
> To those who are interested in PAKE, we publish some new security analysis results about SPEKE.
> https://blogs.ncl.ac.uk/security/2014/09/29/the-speke-protocol-revisited/
> Any comments are welcome.
> Regards,
> Feng
> _______________________________________________
> Curves mailing list
> Curves at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/curves

More information about the Curves mailing list