[messaging] Unlinkable rendezvous via human-sized keys (was: Re: Human sized keys)

Trevor Perrin trevp at trevp.net
Thu Mar 20 17:34:09 PDT 2014

On Thu, Mar 20, 2014 at 11:35 AM, Ben Laurie <ben at links.org> wrote:

> On 20 March 2014 07:11, Trevor Perrin <trevp at trevp.net> wrote:
> >
> > (Context for this discussion:
> >
> > https://moderncrypto.org/mail-archive/messaging/2014/000086.html
> > https://moderncrypto.org/mail-archive/messaging/2014/000113.html

> FWIW, here's a thing I did years ago:
> http://www.apache-ssl.org/apres.pdf

Nice!, definitely anticipates some of the Pond / PANDA stuff.

Like PANDA, Apres authenticates an online rendezvous with an "introduction
secret" agreed between users:

One protocol [...] would be for each person to choose two words. Both
people then remember (or write down) all four words. Assuming people make
some effort to choose from a wide vocabulary, we could safely assume around
12 bits of entropy in each word, giving a total entropy of 48 bits.

Watson and I are discussing a different approach: have users exchange ECDH
keys or fingerprints instead of exchanging introduction secrets directly.
 Then calculate the "introduction secret" via ECDH.  These ECDH public
values could be static and nonsecret, so should be easier to deal with
(could be printed on a business card, corroborated with online lookup, etc.)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140320/4a5731b2/attachment.html>

More information about the Messaging mailing list