[Cryptography] PAKE for embedded device (<64K RAM)?

Andrew P. Lentvorski bsder at allcaps.org
Mon Feb 27 02:21:31 EST 2017


I've been trying to secure some BLE (Bluetooth Low Energy) 
communication, but seem to have hit into a wall in trying to avoid 
active MITM attacks.

Is there a good PAKE anywhere for small devices?  It seems like all the 
PAKE protocols use very heavyweight primitives and don't like elliptic 
curve stuff very much.

Maybe I'm just being obtuse and not searching on the right keywords, but 
it seems like *everything* in this space is a bit flaky--either 
theoretically or implementation-wise.  It doesn't seem like there has 
been much auditing going on in this space.

It seems like IEEE 802.15.6 was supposed to cover this, but it seems 
like that got compromised:
http://arxiv.org/pdf/1501.02601.pdf

ProtonMail has a discussion about SRP here:
https://protonmail.com/blog/encrypted_email_authentication/

But it certainly makes me wary when I, as an implementer, seem to have 
to make so many decisions about the underlying protocol(Hash function, 
different moduli, embedded in certificate-TLS (then why use SRP?), prime 
number choice, etc.).  Since I am most definitively *NOT* a 
cryptographer, I'm incredibly likely to screw something up. SRP isn't 
exactly *small* either.

Normally, my first instinct is to go look at what DJB has to say and 
then work outward from there, but I'm not seeing anything in this space.

Am I missing something?  What's the current "best practice" in this space?

Any pointers would be appreciated.

Thanks,
-a


More information about the cryptography mailing list