[messaging] Common secret comparing
torfone at ukr.net
Wed Jan 24 02:45:45 PST 2018
Please advise on this protocol:
Two parties comparing 2 bytes short common secret using EC25519 (only mul and mul_base procedures) and SHA3 hash.
Any side can be active adversary trying obtain secret.
c = H(secret)
- picks a at random
- computes A = mul_base(a)
- computes A' = mul(c, A)
- sends A' to side B
- picks b at random
- computes B = mul_base(b)
- computes B' = mul(c, B)
- sends B' to side A
- computes S = mul(a, B')
- sends MB=H(A' | B' | S) to side A
- computes S= mul(b, A')
- sends MA=H(B' | A' | S) to side B
Both A and B checks MA and MB.
Is this protocol safe?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging