[tor-dev] Another key exchange algorithm for extending circuits: alternative to ntor?
Robert Ransom
rransom.8774 at gmail.com
Thu Aug 9 18:10:27 UTC 2012
On 8/9/12, Watson Ladd <watsonbladd at gmail.com> wrote:
> On Wed, Aug 8, 2012 at 8:22 PM, Robert Ransom <rransom.8774 at gmail.com>
> wrote:
>> On 8/8/12, Nick Mathewson <nickm at freehaven.net> wrote:
>>
>>> Michael Backes, Aniket Kate, and Esfandiar Mohammadi have a paper in
>>> submission called, "An Efficient Key-Exchange for Onion Routing".
>>> It's meant to be more CPU-efficient than the proposed "ntor"
>>> handshake. With permission from Esfandiar, I'm sending a link to the
>>> paper here for discussion.
>>>
>>> http://www.infsec.cs.uni-saarland.de/~mohammadi/owake.html
>>>
>>> What do people think?
>>
>> * This paper has Yet Another ‘proof of security’ which says nothing
>> about the protocol's security over any single group or over any
>> infinite family of groups in which (as in Curve25519) the Decision
>> Diffie-Hellman problem is (believed to be) hard.
>
> Do you think a DDH oracle cracks CDH in Curve25519? If no the theorem
> says something.
Do you think a DDH oracle for Curve25519 can be implemented efficiently?
Robert Ransom
More information about the tor-dev
mailing list