sacred-4----Page:5
1 2 3 4 5 6 7 8 9
|
OPAKE: Protocol Client Server Send random value a as discrete logarithm in subgroup of order D Pick random e from {0,…,NDR2k} a = e mod D y = x ^ e mod N Send random value b as Rth root Pick random b’ b = (b’) ^ D mod N z = b ^ R mod N v=Hash(1, pw, trans, a, b) Server stores (N,x) such that D | F(N), but gcd(R,F(N))=1 x of order divisible by D Retrieve a x’ = x ^ {F(N)/D} mod N y’ = y ^ {F(N)/D} mod N a = logx’ y’ mod D Retrieve b b = z ^ {1/R} mod N Verify v key=Hash(2, pw, trans, a, b) key=Hash(2, pw, trans, a, b) Retrieval of a,b is possible only if N was chosen as described (with D,R) |