[tor-dev] Proposal 223: Ace: Improved circuit-creation key exchange

Paul Syverson paul.syverson at nrl.navy.mil
Wed Nov 20 18:51:59 UTC 2013

Thanks Esfandiar. I had to run off for an hour and inadevertently sent
my message before I had finished composing it, leaving a munged
impression. My intended point was that the whole story has quite a bit
to it beyond simply tweaking MQV.  As you noted, that story has even
more to it than what I stated.


On Wed, Nov 20, 2013 at 07:03:37PM +0100, Esfandiar Mohammadi wrote:
> Am 20.11.2013 um 18:19 schrieb Paul Syverson <paul.syverson at nrl.navy.mil>:
> > These authors found a
> > vulnerability in that protocol, improved on it, and proved their
> > protocol secure.
> Actually, Ian Goldberg, Douglas Stebila, and Berkant Ustaoglu found the vulnerability in Lasse and Paul's protocol [1], improved it, and proved the resulting protocol ntor secure [2]. We improved the efficiency of ntor and proved the resulting protocol Ace secure [3].
> - Esfandiar
> [1] Lasse Overlier and Paul Syverson. Improving efficiency and simplicity of Tor circuit establishment and hidden services. In Proceedings of the 7th international conference on Privacy enhancing technologies, pages 134 - 152, ACM, 2007.
> [2] Ian Goldberg, Douglas Stebila, and Berkant Ustaoglu. Anonymity and one-way authentication in key exchange protocols. In the journal on Designs, Codes and Cryptography, pages 245-269, Springer, 2012.
> [3] Michael Backes, Aniket Kate, and Esfandiar Mohammadi. Ace: an efficient key-exchange protocol for onion routing. In Proceedings of the 2012 ACM workshop on Privacy in the electronic society, pages 55 - 64, ACM, 2012.
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

More information about the tor-dev mailing list