[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Better key negotiations
On Fri, 1 Sep 2006, Watson Ladd wrote:
I have a good idea for key negotiations (NOTE:UNPUBLISHED). Here it is:
Let the server have a public key y=h^x mod p, p=2q+1, h=g^2, and private
key x^-1 mod q, or z. (g is a generator).
A client will send y^a and remember a.
A server will send back h^b and remember b.
The client will compute (h^b)^a.
The server will compute (y^a)^(bz).
We note that:
(y^a)^(bz)=h^(ax*bz)=h^(abxz)=h^(ab)=(h^b)^a, as z and x are
multiplicative inverses mod q.
We further note that this is just Diffie-Hellman if we replace y with
h^z, a with a*x, and z with 1, b with b. So this is secure if DDH holds.
I am not a cryptographer, so will someone please check this method. I
have not found it anywhere.
Why would we use this instead of plain-vanilla Diffie-Hellman?