Removing 1 modular exponentiation

Watson Ladd watsonbladd at
Tue Feb 20 03:21:56 UTC 2007

James Muir wrote:
> You may already know that the current scheme has a security reduction
> (Goldberg, PET 2006), so I imagine there would have to be a comparable
> argument before the powers that be would consider a new scheme.
> Out of curiosity, what is it about your scheme that makes you say it is
> insecure?
> -James
Mike Perry had an MITM attack. It wasn't due to a problem with my proof
but a problem in that what I proved wasn't sufficient to insure
security. Basically Alice was performing DH with y the generator. So Eve
could easily perform an MITM attack. And Eve can connect to Ricky
easily. Still, a more efficient and still *secure* protocol would be a win.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the tor-talk mailing list