[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 223: Ace: Improved circuit-creation key exchange



On Wed, Nov 20, 2013 at 08:36:30AM -0800, Watson Ladd wrote:
> Is it just me, or is this protocol MQV with the client generating a
> fake long term key?

Well yeah sort of, but the "details" are crucial. In "Improving
efficiency and simplicity of Tor circuit establishment and hidden
services" (available on www.syverson.org or the anonbib) Lasse and I
and presented a similar protocol and explicitly described how the
similarity to and basis in MQV was a hopeful indicator that it was
sound. But we didn't do a proper security analysis (in any model) in
that paper, leaving that for future work. These authors found a
vulnerability in that protocol, improved on it, and proved their
protocol secure.

-Paul
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev