[prev in list] [next in list] [prev in thread] [next in thread] 

List:       moderncrypto-curves
Subject:    [curves] PAKE news
From:       trevp () trevp ! net (Trevor Perrin)
Date:       2015-07-28 5:35:29
Message-ID: CAGZ8ZG0thEAi6xACQnpdu+ZP1juPQ4Lr2NYNes-ss1C+1z1uhw () mail ! gmail ! com
[Download RAW message or body]

In earlier discussions Mike Hamburg explained how to add augmentation
to SPAKE2 (i.e. how to resist server compromise by not storing
"password equivalent" data).  We weren't sure this had been published
[1].  Turns out it is, with a nice security argument (SPAKE2+ from
[2], Section 9).

A good security proof for J-PAKE was presented at the IEEE conference
in May [3].

The Thread protocol from Nest et al for home devices has gone public
with specs recently, and is using J-PAKE over P-256 [4].

Trevor

[1] https://moderncrypto.org/mail-archive/curves/2015/000424.html
[2] https://eprint.iacr.org/2008/067.pdf
[3] http://www.normalesup.org/~fbenhamo/files/publications/SP_AbdBenMac15.pdf
[4] http://threadgroup.org/Portals/0/documents/whitepapers/Thread%20Commissioning%20white%20paper_v2_public.pdf



[prev in list] [next in list] [prev in thread] [next in thread]