Gregory Maxwell <[email protected]> writes: > On Wed, Oct 23, 2013 at 9:10 AM, David Goulet <[email protected]> wrote: >> done by broadcasting the ephemeral keys after usage, any entity with >> some ressources (let say here a government) could make some time >> correlated attack with a set of clear text logs and the OTR packets. > > Yes, they must have sophisticated resources such as the sacred > knoweldge of the "man" command. > > With that dark power in hand they can invoke the sacred ritual of "man > otr_modify" which will teleport into their minds the lost knoweldge of > OTR transcript forgery! > > :P > > On Wed, Oct 23, 2013 at 10:00 AM, Trevor Perrin <[email protected]> wrote: >> Deniability is easily achieved if you just use Diffie-Hellman based >> key agreements without signatures > > Thats a whole lot of DH for a room with 100 people in it (3*N^2).
Hm, 3*N^2 ? I guess that's for the pairwise authentication case. Can't the "triple-DH" protocol be used as part of a cyclic broadcast-based authenticated multi-party key agreement? Similar to how the Just-Vaudenay [0] and the Burmester-Desmedt [1] protocols work? Or maybe a newer version of those ideas. [0]: http://citeseerx.ist.psu.edu/viewdoc/download?rep=rep1&type=pdf&doi=10.1.1.50.2268 [1]: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.50.2268 _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
