[curves] PAKE news

Trevor Perrin trevp at trevp.net
Mon Jul 27 22:35:29 PDT 2015

In earlier discussions Mike Hamburg explained how to add augmentation
to SPAKE2 (i.e. how to resist server compromise by not storing
"password equivalent" data).  We weren't sure this had been published
[1].  Turns out it is, with a nice security argument (SPAKE2+ from
[2], Section 9).

A good security proof for J-PAKE was presented at the IEEE conference
in May [3].

The Thread protocol from Nest et al for home devices has gone public
with specs recently, and is using J-PAKE over P-256 [4].


[1] https://moderncrypto.org/mail-archive/curves/2015/000424.html
[2] https://eprint.iacr.org/2008/067.pdf
[3] http://www.normalesup.org/~fbenhamo/files/publications/SP_AbdBenMac15.pdf
[4] http://threadgroup.org/Portals/0/documents/whitepapers/Thread%20Commissioning%20white%20paper_v2_public.pdf

More information about the Curves mailing list