State Not Answered
Replies 5 replies
Subscribers 75 subscribers
Views 1110 views
Users 0 members are here

Attachments (0)

Nordic Case Info

Case ID: 273491

Options

This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

BLE - Numeric comparison

Roei over 3 years ago

Hi,

How does numeric comparison works? Shouldn't both devices share parameters in order to display the same number? How can we be protected from MITM?

Thanks!

Parents

0 Dmitry over 3 years ago

Hi,

function g2 includes both public keys. In case of MITM attack, one side will have PK(Alice)+PK(Eve), other side - PK(Eve)+PK(Bob), numbers will never match.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Dmitry over 3 years ago

Hi,

function g2 includes both public keys. In case of MITM attack, one side will have PK(Alice)+PK(Eve), other side - PK(Eve)+PK(Bob), numbers will never match.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Roei over 3 years ago in reply to Dmitry

Ok,

So the random number is generated from diffie-hellman key?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Dmitry over 3 years ago in reply to Roei

g2 uses both public keys and exchanged random numbers, not an ECDH secret:
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Roei over 3 years ago in reply to Dmitry

Thanks!

One more question - I assume the basic diffie-hellman (modulu functions) and elliptic curve diffie hellman work differently, but the idea of using public and private key and generating shared secret it the same, right?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Dmitry over 3 years ago in reply to Roei

Exactly.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Related