[OTR-dev] mpOTR protocol phases and research questions
George Kadianakis
desnacked at riseup.net
Wed Oct 23 19:18:00 EDT 2013
Gregory Maxwell <gmaxwell at gmail.com> writes:
> On Wed, Oct 23, 2013 at 9:10 AM, David Goulet <dgoulet at ev0ke.net> wrote:
>> done by broadcasting the ephemeral keys after usage, any entity with
>> some ressources (let say here a government) could make some time
>> correlated attack with a set of clear text logs and the OTR packets.
>
> Yes, they must have sophisticated resources such as the sacred
> knoweldge of the "man" command.
>
> With that dark power in hand they can invoke the sacred ritual of "man
> otr_modify" which will teleport into their minds the lost knoweldge of
> OTR transcript forgery!
>
> :P
>
> On Wed, Oct 23, 2013 at 10:00 AM, Trevor Perrin <trevp at trevp.net> wrote:
>> Deniability is easily achieved if you just use Diffie-Hellman based
>> key agreements without signatures
>
> Thats a whole lot of DH for a room with 100 people in it (3*N^2).
Hm, 3*N^2 ? I guess that's for the pairwise authentication case.
Can't the "triple-DH" protocol be used as part of a cyclic
broadcast-based authenticated multi-party key agreement? Similar to
how the Just-Vaudenay [0] and the Burmester-Desmedt [1] protocols
work? Or maybe a newer version of those ideas.
[0]: http://citeseerx.ist.psu.edu/viewdoc/download?rep=rep1&type=pdf&doi=10.1.1.50.2268
[1]: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.50.2268
More information about the OTR-dev
mailing list