Removing 1 modular exponentiation

Watson Ladd watsonbladd at gmail.com
Tue Feb 20 03:21:56 UTC 2007


James Muir wrote:
> 
> You may already know that the current scheme has a security reduction
> (Goldberg, PET 2006), so I imagine there would have to be a comparable
> argument before the powers that be would consider a new scheme.
> 
> Out of curiosity, what is it about your scheme that makes you say it is
> insecure?
> 
> -James
Mike Perry had an MITM attack. It wasn't due to a problem with my proof
but a problem in that what I proved wasn't sufficient to insure
security. Basically Alice was performing DH with y the generator. So Eve
could easily perform an MITM attack. And Eve can connect to Ricky
easily. Still, a more efficient and still *secure* protocol would be a win.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20070219/5c443897/attachment.pgp>


More information about the tor-talk mailing list