[Cryptography] Hohha quantum resistant end-to-end encryption protocol draft
Ismail Kizir
ikizir at gmail.com
Wed Dec 5 05:51:32 EST 2018
On Wed, Dec 5, 2018 at 5:25 AM Peter Fairbrother <peter at tsto.co.uk> wrote:
>
> That's Good.
>
> Some of the Bad:
>
> 1] Still has roll-your-own cipher algorithm.
> 2] Still has attacker-forcible default to DH, though at least maybe that
> is now postquantum? I didn't look hard.
>
> 3] The hybrid DH protocol is FAR too complicated, and there are probably
> half-a-dozen holes in it -
>
> - eg the MITM measures don't work and don't prove anything: sending
> lists of messages to resend is asking for trouble, especially as there
> is no authentication: non-receipt of acknowledgement messages is easy
> for an attacker to fake, as is stealing or breaking or apparently
> breaking Bob's phone: and if FS is implemented properly Alice can't
> resend messages anyway, as she doesn't have the key any more.
>
> I assume MK is updated as mentioned in the FS part.
>
> 4] Still uses dedicated server.
>
> 5] Still too complicated, asks users to make security judgements.
Apparently, you have a P2P messenger on your mind and you're forcing
my project to that way.
MITM countermeasure works: The user can see anytime *permanently* if
there had been an MITM attack or not!
The user is warned every time a key exchange happens.
And yes! It will use dedicated servers. It will not support only PSK.
It will also support DH as mentioned.
And Hohha Dynamic XOR algorithm will stay as it is. It will be tested.
The default encryption mode is hybrid Hohha Dynamic XOR + D.J.
Bernstein's XSalsa20 + Poly1305.
I haven't anything to discuss anymore about those 5 points you mentioned.
I thank you and all other group members for their contributions
Ismail Kizir
More information about the cryptography
mailing list