On 8/9/12, Watson Ladd <watsonbl...@gmail.com> wrote: > On Wed, Aug 8, 2012 at 8:22 PM, Robert Ransom <rransom.8...@gmail.com> > wrote: >> On 8/8/12, Nick Mathewson <ni...@freehaven.net> wrote: >> >>> Michael Backes, Aniket Kate, and Esfandiar Mohammadi have a paper in >>> submission called, "An Efficient Key-Exchange for Onion Routing". >>> It's meant to be more CPU-efficient than the proposed "ntor" >>> handshake. With permission from Esfandiar, I'm sending a link to the >>> paper here for discussion. >>> >>> http://www.infsec.cs.uni-saarland.de/~mohammadi/owake.html >>> >>> What do people think? >> >> * This paper has Yet Another ‘proof of security’ which says nothing >> about the protocol's security over any single group or over any >> infinite family of groups in which (as in Curve25519) the Decision >> Diffie-Hellman problem is (believed to be) hard. > > Do you think a DDH oracle cracks CDH in Curve25519? If no the theorem > says something.
Do you think a DDH oracle for Curve25519 can be implemented efficiently? Robert Ransom _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
