[curves] The SPEKE Protocol Revisited
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Sep 29 12:59:11 PDT 2014
On 09/29/2014 03:13 PM, Michael Hamburg wrote:
> What do you think of a KDF that amounts to H(minmax((Alice’s identity,Alice’s message),(Bob’s identity,Bob’s message), shared secret)
For clarification, the above is missing a close-paren, and "minmax()" i
probably more simply described as sort()
so i think Mike is asking about:
H(sort((Alice's identity, Alice's message),
(Bob's identity, Bob's message)),
shared secret)
> It seems safer than the method you proposed, because it associates Alice’s identity to her message, but the wormhole attack you proposed worked because it confuses who sent which message.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20140929/a4e57bb4/attachment.sig>
More information about the Curves
mailing list