Below I've listed cases where people are using (or might be interested in) an EC PAKE. I've also tried to list the requirements that matter for these cases.
Am I missing any requirements? It seems like a few people are working on proposals (EC-SRP, SPAKE2, "Elligator edition", J-PAKE). It would be good to have a survey that shows how known protocols fit these requirements. Maybe I'll get to it in a few weeks, or someone can beat me to it. Obvious requirements --------------------- - IPR free - security proof - efficient (in messages, computation) - simple - flexible to different curves - sidechannel resistant - no backdoors Use cases and additional requirements -------------------------------------- OTR https://moderncrypto.org/mail-archive/curves/2014/000292.html - currently using Socialist Millionaire's Protocol - goals: - non-augmented - small messages OpenSSH https://moderncrypto.org/mail-archive/curves/2014/000292.html - had support for J-PAKE, removed it - goals: - augmented and hashed passwords - work with existing hashed passwords - low DoS potential Chrome Remote Desktop https://support.google.com/chrome/answer/1649523 - currently using SPAKE2 Pond https://pond.imperialviolet.org/tech.html ("Key Exchange Details") - currently using ECDH-EKE (aka "EKE2") with Rijndael-256-bit blocks - goals: - non-augmented - simultaneous initiate allowed 802.11S SAE http://en.wikipedia.org/wiki/IEEE_802.11s - currently using Dragonfly - goals: - simultaneous initiate allowed WiFi WPA http://www.ietf.org/mail-archive/web/cfrg/current/msg05232.html - currently not using PAKE All Requirements ----------------- - IPR free - security proof - efficient (in messages, computation) - simple - flexible to different curves - sidechannel resistant - no backdoors - small messages - non-augmented and augmented options - work with existing hashed passwords - low DoS potential - simultaneous initiate allowed Trevor _______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
