Eric Rescorla wrote:
There's an interesting paper up on eprint now:
http://eprint.iacr.org/2005/205
Another look at HMQV
Alfred Menezes
...
In this paper we demonstrate that HMQV is insecure by presenting
realistic attacks in the Canetti-Krawczyk model that recover a
victim's static private key. We propose HMQV-1, a patched
version of HMQV that resists our attacks (but does not have any
performance advantages over MQV). We also identify the fallacies
in the security proof for HMQV, critique the security model, and
raise some questions about the assurances that proofs in this
model can provide.
Obviously, this is of inherent interest, but it also plays a part
in the ongoing debate about the importance of proof as a technique
for evaluating cryptographic protocols.
From which it is easy to draw two contrdicting conclusions...
1. Proofs are useless, see how (even) Hugo got a flaw
2. Proofs are very useful, see how the presentation of a supposed-proof
led to improved analysis and realization that more work needs be done.
I vote for #2. Amir
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
