[tor-dev] Another key exchange algorithm for extending circuits: alternative to ntor?

[Robert Ransom]

On 8/8/12, Nick Mathewson <nickm at freehaven.net> wrote:

> http://www.infsec.cs.uni-saarland.de/~mohammadi/owake.html

Also, where does this paper specify that the participants must check
that public-key group elements are not equal to the identity element?
That's rather important, as Tor's relay protocol is likely to break if
an attacker can force a server to open additional circuits to an
attacker using the same key material that a legitimate client's
circuit has.


Robert Ransom