[OTR-dev] mpOTR protocol phases and research questions
Trevor Perrin
trevp at trevp.net
Wed Oct 23 18:52:14 EDT 2013
On Wed, Oct 23, 2013 at 2:49 PM, Gregory Maxwell <gmaxwell at gmail.com> wrote:
>
> On Wed, Oct 23, 2013 at 10:00 AM, Trevor Perrin <trevp at trevp.net> wrote:
>> Deniability is easily achieved if you just use Diffie-Hellman based
>> key agreements without signatures
>
> Thats a whole lot of DH for a room with 100 people in it (3*N^2).
You're concerned about computation cost? And you're talking about
mpOTR's requirement for key agreement between all pairs of
participants, and assuming triple-DH?
Whether the key agreement between each pair requires 3 DHs or (1 DH, 1
sign, 1 verify), the computation cost is about the same.
If computation cost matters here (probably not, mpOTR's many rounds of
setup communication probably dominate the overhead), you could reduce
it roughly in half with MQV, which is more efficient that can be done
with signature-based key agreement.
Trevor
More information about the OTR-dev
mailing list