[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNUnet-developers] key exchanges [updated, resend]
From: |
Jeff Burdges |
Subject: |
Re: [GNUnet-developers] key exchanges [updated, resend] |
Date: |
Thu, 27 Aug 2015 00:18:20 +0200 |
I kept wondering : Is the wildcard attack that bad?
In DT's Protocol 4, trip 4 has Bob using TripleDH for encryption, so Eve
cannot impersonate Alice past this point, even if she possesses Bob's
private key. At best, a wildcard attack can reveal that Bob processed
trip 3 correctly and liked A_p, right?
Is there a reason why Bob needs to hangup immediately if decryption
fails in trip 3? If not, then Bob gives up nothing to a wildcard
attack.
Alright, imagine that Bob should hangup immediately if decryption failed
in trip 3. Can we protect Bob without using a signature? I think yes :
Alice can prove she possesses her public key not by signing but by
encrypting :
A? -> B? : a_p
A? <- B? : b_p
A -> B : E(hash(ab++aB), A_p), E(hash(ab++aB++Ab), ...)
It appears this DoubleDH + TripleDH protocol has the same properties as
DH's Protocol 5, except it lacks any signatures, thus offering deniability.
Am I missing something? It's only three DH operations too, as opposed
to the 7ish in our protocols with signing.
Jeff
p.s. We should also ask if Alice and Bob have a long term relationship.
Appears not too much in DT's later protocols. If Alice and Bob had a
long term ratchet state, then they should use the ratchet for
authentication :
A? -> B? | a_p
A? <- B? | b_p
A -> B | E(hash(ab++aB), hash(K++prev_root_key))
It's certainly possible that Bob already knows Alice of course, but "not
that well". I donno much about dealing with bad peers, etc. though.
signature.asc
Description: This is a digitally signed message part
- Re: [GNUnet-developers] key exchanges [updated, resend], Christian Grothoff, 2015/08/19
- Re: [GNUnet-developers] key exchanges [updated, resend], Christian Grothoff, 2015/08/20
- Re: [GNUnet-developers] key exchanges [updated, resend], Jeff Burdges, 2015/08/24
- Re: [GNUnet-developers] key exchanges [updated, resend], Jeff Burdges, 2015/08/24
- Re: [GNUnet-developers] key exchanges [updated, resend], Jeff Burdges, 2015/08/25
- Re: [GNUnet-developers] key exchanges [updated, resend], Jeff Burdges, 2015/08/25
- Re: [GNUnet-developers] key exchanges [updated, resend], Jeff Burdges, 2015/08/26
- Re: [GNUnet-developers] key exchanges [updated, resend], Christian Grothoff, 2015/08/27
- Re: [GNUnet-developers] key exchanges [updated, resend], Jeff Burdges, 2015/08/27
- Re: [GNUnet-developers] key exchanges [updated, resend], Christian Grothoff, 2015/08/27
- Re: [GNUnet-developers] key exchanges [updated, resend],
Jeff Burdges <=
- Re: [GNUnet-developers] key exchanges [updated, resend], Jeff Burdges, 2015/08/26
- Re: [GNUnet-developers] key exchanges [updated, resend], Dominic Tarr, 2015/08/27
- Re: [GNUnet-developers] key exchanges [updated, resend], Jeff Burdges, 2015/08/28