[curves] The SPEKE Protocol Revisited

David Leon Gil coruus at gmail.com
Tue Sep 30 05:57:01 PDT 2014

On Monday, Sep 29, 2014 at 4:35 PM, Daniel Kahn Gillmor <dkg at fifthhorseman.net>, wrote:

On 09/29/2014 04:24 PM, Feng Hao wrote:
> It is a bit odd though to compare the identity and the message, as they are two different types of data.

I think the proposal was to compare two (id,msg) structs with each
other, not to compare the identity with the message.

(Agreed; just to amplify.)

​​Perhaps what Mike was getting at with the minmax formulation is that a usual precondition is that id0 != id1, and thus the identities suffice to establish an unambiguous ordering. (Some otherwise useful(?) deterministic schemes might permit universal impersonation if this precondition isn't respected; xor^2 and such.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20140930/e7e9f68f/attachment.html>

More information about the Curves mailing list