On Wed, Aug 8, 2012 at 8:22 PM, Robert Ransom <rransom.8...@gmail.com> wrote: > On 8/8/12, Nick Mathewson <ni...@freehaven.net> wrote: > >> Michael Backes, Aniket Kate, and Esfandiar Mohammadi have a paper in >> submission called, "An Efficient Key-Exchange for Onion Routing". >> It's meant to be more CPU-efficient than the proposed "ntor" >> handshake. With permission from Esfandiar, I'm sending a link to the >> paper here for discussion. >> >> http://www.infsec.cs.uni-saarland.de/~mohammadi/owake.html >> >> What do people think? > > * This paper has Yet Another ‘proof of security’ which says nothing > about the protocol's security over any single group or over any > infinite family of groups in which (as in Curve25519) the Decision > Diffie-Hellman problem is (believed to be) hard.
Do you think a DDH oracle cracks CDH in Curve25519? If no the theorem says something. > > > Robert Ransom > _______________________________________________ > tor-dev mailing list > tor-dev@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev Sincerely, Watson Ladd -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev