[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Removing 1 modular exponentiation



James Muir wrote:
> 
> You may already know that the current scheme has a security reduction
> (Goldberg, PET 2006), so I imagine there would have to be a comparable
> argument before the powers that be would consider a new scheme.
> 
> Out of curiosity, what is it about your scheme that makes you say it is
> insecure?
> 
> -James
Mike Perry had an MITM attack. It wasn't due to a problem with my proof
but a problem in that what I proved wasn't sufficient to insure
security. Basically Alice was performing DH with y the generator. So Eve
could easily perform an MITM attack. And Eve can connect to Ricky
easily. Still, a more efficient and still *secure* protocol would be a win.

Attachment: signature.asc
Description: OpenPGP digital signature