[messaging] Common secret comparing
Van Gegel
torfone at ukr.net
Wed Jan 24 02:45:45 PST 2018
Hi all!
Please advise on this protocol:
Two parties comparing 2 bytes short common secret using EC25519 (only mul and mul_base procedures) and SHA3 hash.
Any side can be active adversary trying obtain secret.
c = H(secret)
Side A:
- picks a at random
- computes A = mul_base(a)
- computes A' = mul(c, A)
- sends A' to side B
Side B:
- picks b at random
- computes B = mul_base(b)
- computes B' = mul(c, B)
- sends B' to side A
Side A:
- computes S = mul(a, B')
- sends MB=H(A' | B' | S) to side A
Side B:
- computes S= mul(b, A')
- sends MA=H(B' | A' | S) to side B
Both A and B checks MA and MB.
Is this protocol safe?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20180124/c27a6c0f/attachment.html>
More information about the Messaging
mailing list