[messaging] Common secret comparing

Van Gegel Wed, 24 Jan 2018 02:46:41 -0800

Hi all!
Please advise on this protocol:

Two parties comparing 2 bytes short  common secret  using EC25519 (only mul and 
mul_base procedures) and SHA3 hash.
Any side can be active adversary trying obtain secret.


c = H(secret)

Side A:
- picks a at random
- computes A = mul_base(a)
- computes A' = mul(c, A)
- sends A' to side B

Side B:
- picks b at random
- computes B = mul_base(b)
- computes B' = mul(c, B)
- sends B' to side A

Side A:
- computes S =  mul(a, B')
- sends MB=H(A' | B' | S) to side A

Side B:
- computes S= mul(b, A')
- sends MA=H(B' | A' | S) to side B

Both A and B checks MA and MB.

Is this protocol safe?

_______________________________________________
Messaging mailing list
Messaging@moderncrypto.org
https://moderncrypto.org/mailman/listinfo/messaging

[messaging] Common secret comparing

Reply via email to