Replace the current key exchange with EC-HMQV

nthparty / opaque

JavaScript implementation of the OPAQUE asymmetric PAKE protocol

https://www.npmjs.com/package/@nthparty/opaque

27 stars 4 forks source link

Replace the current key exchange with EC-HMQV #2

Open wyatt-howe opened 3 years ago

wyatt-howe commented 3 years ago

The paper only specifies that the key exchange has to happen inside a prime order (elliptic curve) group, but with the way they define it, I'm not sure this is possible with Ristretto.

Sc00bz commented 3 years ago

HMQV is patented until February 2026. If anything this should use Noise-KN and drop the encryption part (and do client_identity_private_key = pwKdf(...)). Also the encryption part is currently broken because it doesn't have "random key robustness" (see #5). The encryption part was added to OPAQUE so that HMQV can have an advantage vs 3DH and get people to use or vet IBM's patented AKE.