[curves] encoding points -> bitstrings: indistinguishability, PAKE?
Ben Harris
mail at bharr.is
Wed Jun 23 20:07:44 PDT 2021
On Thu, 24 Jun 2021, 9:50 am Trevor Perrin, <trevp at trevp.net> wrote:
>
> I think (b) is easy to check, so the risk with Encrypt()=XOR of
> Hash(password) is about (a): maybe Alice could find two DH public
> values whose encodings have some XOR difference, and for which she
> knows the discrete log?
>
Alice could generate a nonce for the encryption using Hash(Encode(g^a)).
Bob can very the nonce was correctly generated before replying to Alice.
This makes the XOR depend on the public value?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20210624/83957018/attachment.htm>
More information about the Curves
mailing list