[tor-dev] Another key exchange algorithm for extending circuits: alternative to ntor?

Watson Ladd watsonbladd at gmail.com
Thu Aug 9 13:34:03 UTC 2012


On Wed, Aug 8, 2012 at 8:22 PM, Robert Ransom <rransom.8774 at gmail.com> wrote:
> On 8/8/12, Nick Mathewson <nickm at freehaven.net> wrote:
>
>> Michael Backes, Aniket Kate, and Esfandiar Mohammadi have a paper in
>> submission called, "An Efficient Key-Exchange for Onion Routing".
>> It's meant to be more CPU-efficient than the proposed "ntor"
>> handshake.  With permission from Esfandiar, I'm sending a link to the
>> paper here for discussion.
>>
>> http://www.infsec.cs.uni-saarland.de/~mohammadi/owake.html
>>
>> What do people think?
>
> * This paper has Yet Another ‘proof of security’ which says nothing
> about the protocol's security over any single group or over any
> infinite family of groups in which (as in Curve25519) the Decision
> Diffie-Hellman problem is (believed to be) hard.

Do you think a DDH oracle cracks CDH in Curve25519? If no the theorem
says something.
>
>
> Robert Ransom
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Sincerely,
Watson Ladd
-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin


More information about the tor-dev mailing list