@nikitab found some rationale for the SIGMA tweak in the 2007 paper; I found the protocol complicated, gotta understand better..
-
-
Replying to @matthew_d_green
@veorq@nikitab One is 'Anyone can simulate a transcript of this AKE'. The other is 'anyone could have MACed these ciphertexts'.1 reply 0 retweets 0 likes -
Replying to @matthew_d_green
@matthew_d_green@nikitab doesnt a deniable AKE implies deniable encryptiom and MAC?1 reply 0 retweets 1 like -
Replying to @veorq1 reply 0 retweets 0 likes
-
Replying to @matthew_d_green
@veorq@nikitab So my understanding is the deniable AKE simply implies that "a simulator" can simulate the AKE (but not the encryption).1 reply 0 retweets 0 likes -
Replying to @matthew_d_green2 replies 0 retweets 0 likes
-
Replying to @matthew_d_green
@matthew_d_green@veorq@nikitab I never liked the OTR deniability. Any example situation where it is important?2 replies 0 retweets 0 likes -
Replying to @julianor
@julianor@matthew_d_green@veorq@nikitab seems so silly if all a potential forger can do is MAC garbage. What’s the point?1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@julianor@matthew_d_green@veorq the ciphertext is malleable, so you can MAC a modification thereof.2 replies 0 retweets 0 likes
@nikitab @julianor @matthew_d_green @veorq touché
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.