[curves] Use cases for PAKE?
Diego Aranha
dfaranha at gmail.com
Wed Mar 19 19:03:00 PDT 2014
Trevor,
It's probably not very interesting, but I'm finishing ongoing work on
combining Physical Unclonable Functions (if they exist) with PAKEs for
token-based multifactor transaction authentication in banking applications.
Best,
--
Diego de Freitas Aranha
Institute of Computing - University of Campinas
http://www.ic.unicamp.br/~dfaranha
On Wed, Mar 19, 2014 at 8:17 PM, Trevor Perrin <trevp at trevp.net> wrote:
>
> On Wed, Mar 19, 2014 at 11:44 AM, Arlo Breault <arlolra at gmail.com> wrote:
>
>> PANDA's an interesting use case for EKE2.
>>
>> https://pond.imperialviolet.org/tech.html
>> https://github.com/agl/pond/blob/master/papers/panda/panda.tex
>>
>
>
> Hi Arlo,
>
> There was some discussion of Pond's "PANDA", and its PAKE, here:
>
> https://moderncrypto.org/mail-archive/messaging/2014/000086.html
>
> It's true that it uses a rough form of "EKE2" (aka the
> Bellare/Pointcheval/Rogaway formalization of what Bellovin/Merritt called
> "DH-EKE" [1,2]).
>
> But I don't think the PAKE provides value, since the "meeting ID"
> undermines it and enables guessing against the meeting secret (which the
> PAKE is also based on).
>
> My impression is that PAKE is there in the hope that the meetingID problem
> would one day be solved. But until that happens, this doesn't seem like a
> great use case.
>
>
> Trevor
>
>
> [1] http://eprint.iacr.org/2000/014.pdf
> [2] http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.45.3156
>
>
> _______________________________________________
> Curves mailing list
> Curves at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/curves
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20140319/677ec8ab/attachment.html>
More information about the Curves
mailing list