Security Analysis. A-TGDH satisfies our stated security goals with the following assumptions. Since key confirmation is essential for achieving perfect forward secrecy [4], we assume that it has been implemented as described in Section V-B. Also, we assume that there exists only a passive adversary E that monitors the flow of blinded key messages. We further assume that E cannot solve the ▇▇▇▇▇▇-▇▇▇▇▇▇▇ problem [6] (i.e., given only α, p, αx mod p, and αy mod p, it is infeasible for E to compute αxy mod p) and the discrete logarithm problem (i.e., given only α, p, and αx mod p, it is infeasible for E to compute x). The following proof is based on [3], [14].
Appears in 1 contract
Sources: Distributed Collaborative Key Agreement and Authentication Protocols
Security Analysis. A-TGDH satisfies our stated security goals with the following assumptions. Since key confirmation is essential for achieving perfect forward secrecy [4], we assume that it has been implemented as described in Section V-B. Also, we assume that there exists only a passive adversary E that monitors the flow of blinded key messages. We further assume that E cannot solve the ▇▇▇▇▇▇-▇▇▇▇▇▇▇ problem [6] (i.e., given only α, p, αx x mod p, and αy y mod p, it is infeasible for E to compute αxy xy mod p) and the discrete logarithm problem (i.e., given only α, p, and αx x mod p, it is infeasible for E to compute x). The following proof is based on [3], [1415].
Appears in 1 contract
Sources: Distributed Collaborative Key Agreement and Authentication Protocols