Re: [GNUnet-developers] key exchanges [updated, resend]

[Dominic Tarr]

hey sorry, just recovering after travelling back to NZ. will dig
through this all and reply properly!

On Thu, Aug 27, 2015 at 12:08 PM, Jeff Burdges <address@hidden> wrote:
> On Thu, 2015-08-27 at 00:18 +0200, Jeff Burdges wrote:
>> Can we protect Bob without using a signature?  I think yes :
>>
>> Alice can prove she possesses her public key not by signing but by
>> encrypting :
>>    A? ->  B? : a_p
>>    A? <-  B? : b_p
>>    A  ->  B  : E(hash(ab++aB), A_p), E(hash(ab++aB++Ab), ...)
>
> To clarify, Bob's key B was a wildcard in some protocols, but the
> ephemeral key b is not, at least not anymore than other ephemeral
> information.  Alice is encrypting to it in TripleDH, potentially
> protecting against the wildcard attack, but only if you get the timing
> right.
>
> Jeff
>
>