[567] in cryptography@c2.net mail archive
Re: non-interactive forward secrecy
daemon@ATHENA.MIT.EDU (Adam Back)
Thu Apr 17 20:08:38 1997
Date: Fri, 18 Apr 1997 00:32:42 +0100
From: Adam Back <aba@dcs.ex.ac.uk>
To: cryptography@c2.net
Ant <ant@notatla.demon.co.uk> (from coderpunks post of the same post)
found a fatal flaw in the protocol I just posted.
It isn't forward secret!
If Eve captures alice's current value x_t, she can calculate previous
values of x_t trivially:
x_{t-1} = x_t / X_t
All X_t values are public.
Adam
