[curves] PAKE news
Trevor Perrin
trevp at trevp.net
Mon Jul 27 22:35:29 PDT 2015
In earlier discussions Mike Hamburg explained how to add augmentation
to SPAKE2 (i.e. how to resist server compromise by not storing
"password equivalent" data). We weren't sure this had been published
[1]. Turns out it is, with a nice security argument (SPAKE2+ from
[2], Section 9).
A good security proof for J-PAKE was presented at the IEEE conference
in May [3].
The Thread protocol from Nest et al for home devices has gone public
with specs recently, and is using J-PAKE over P-256 [4].
Trevor
[1] https://moderncrypto.org/mail-archive/curves/2015/000424.html
[2] https://eprint.iacr.org/2008/067.pdf
[3] http://www.normalesup.org/~fbenhamo/files/publications/SP_AbdBenMac15.pdf
[4] http://threadgroup.org/Portals/0/documents/whitepapers/Thread%20Commissioning%20white%20paper_v2_public.pdf
More information about the Curves
mailing list