On 8/9/12, Watson Ladd watsonbladd@gmail.com wrote:
On Wed, Aug 8, 2012 at 8:22 PM, Robert Ransom rransom.8774@gmail.com wrote:
On 8/8/12, Nick Mathewson nickm@freehaven.net wrote:
Michael Backes, Aniket Kate, and Esfandiar Mohammadi have a paper in submission called, "An Efficient Key-Exchange for Onion Routing". It's meant to be more CPU-efficient than the proposed "ntor" handshake. With permission from Esfandiar, I'm sending a link to the paper here for discussion.
http://www.infsec.cs.uni-saarland.de/~mohammadi/owake.html
What do people think?
- This paper has Yet Another ‘proof of security’ which says nothing
about the protocol's security over any single group or over any infinite family of groups in which (as in Curve25519) the Decision Diffie-Hellman problem is (believed to be) hard.
Do you think a DDH oracle cracks CDH in Curve25519? If no the theorem says something.
Do you think a DDH oracle for Curve25519 can be implemented efficiently?
Robert Ransom