Oddbean new post about | logout
 In a two party mutual-authentication protocol, should I have

O(N^2) CPU + O(N^2) communication and if one side doesn’t trust the other neither learns anything or,

O(N^2) CPU + O(1) communication and if one side doesn’t trust the other they may still learn that the other side trusts them? 
 Over my head, but thought I'd throw in my two sats anyway :) I'd go with the former since it seems more "mutual" 
 Having second thoughts now. Curious to hear what you and others have to say. 
 O(N^2) CPU + O(N^2) 
 What is trust here? Authorization to do something? 
 Authorization to exchange a message.