Thanks for this, Feng. The wormhole attack appears to be based almost entirely on the fact that SPEKE is symmetric and doesn’t include party identities in the key confirmations. Does it therefore also apply to Dragonfly, since Dragonfly is also symmetric and is very similar to SPEKE? Or is Dragonfly’s key confirmation somehow protected?
Cheers, — Mike > On Sep 29, 2014, at 6:48 AM, Feng Hao <[email protected]> wrote: > > Hi, > > To those who are interested in PAKE, we publish some new security analysis > results about SPEKE. > > https://blogs.ncl.ac.uk/security/2014/09/29/the-speke-protocol-revisited/ > > Any comments are welcome. > > Regards, > Feng > > _______________________________________________ > Curves mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/curves _______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
