[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNUnet-developers] key exchanges [updated, resend]

From: Christian Grothoff
Subject: Re: [GNUnet-developers] key exchanges [updated, resend]
Date: Thu, 27 Aug 2015 15:37:44 +0200
User-agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Thunderbird/38.2.0

On 08/27/2015 03:26 PM, Jeff Burdges wrote:
> By this argument, DT's protocols are all deniable too, as the signatures
> always travel encrypted.  It's a fine argument, but it'll never justify
> our proposed modifications to ECDSA.

No, because the point is that here Bob conspires against Alice and tries
to prove it was Alice to a 3rd party.  In your case, both Alice and Bob
are being compromised, which is an entirely different scenario.

> I'm arguing that an attacker who can violate deniability in DT's
> protocol 5, meaning they can obtain z and (r,s), can also violate
> deniability in our modified ECDSA scheme by compromising Alice's
> long-term private key at a later date. 

I disagree, as long as the ephemeral keys are not also compromised, we
should be fine with the new variant.

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]