Trevor, It's probably not very interesting, but I'm finishing ongoing work on combining Physical Unclonable Functions (if they exist) with PAKEs for token-based multifactor transaction authentication in banking applications.
Best, -- Diego de Freitas Aranha Institute of Computing - University of Campinas http://www.ic.unicamp.br/~dfaranha On Wed, Mar 19, 2014 at 8:17 PM, Trevor Perrin <[email protected]> wrote: > > On Wed, Mar 19, 2014 at 11:44 AM, Arlo Breault <[email protected]> wrote: > >> PANDA's an interesting use case for EKE2. >> >> https://pond.imperialviolet.org/tech.html >> https://github.com/agl/pond/blob/master/papers/panda/panda.tex >> > > > Hi Arlo, > > There was some discussion of Pond's "PANDA", and its PAKE, here: > > https://moderncrypto.org/mail-archive/messaging/2014/000086.html > > It's true that it uses a rough form of "EKE2" (aka the > Bellare/Pointcheval/Rogaway formalization of what Bellovin/Merritt called > "DH-EKE" [1,2]). > > But I don't think the PAKE provides value, since the "meeting ID" > undermines it and enables guessing against the meeting secret (which the > PAKE is also based on). > > My impression is that PAKE is there in the hope that the meetingID problem > would one day be solved. But until that happens, this doesn't seem like a > great use case. > > > Trevor > > > [1] http://eprint.iacr.org/2000/014.pdf > [2] http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.45.3156 > > > _______________________________________________ > Curves mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/curves > >
_______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
