Dear all, I was rereading the SPAKE2 paper, and the proof seems to be only a sketch. Is there a version with more details, or will I have to go work them out myself?
In particular, it's not entirely clear what the intermediate games are. I was hoping one of them would be attacker sends point, honest party replies, attacker must guess secret, because that turns a proposed protocol for Zigbee into a secure protocol. Sincerely, Watson Ladd _______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
