[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

*To*: or-talk@xxxxxxxxxxxxx*Subject*: Re: Better key negotiations*From*: Jason Holt <jason@xxxxxxxxxxxx>*Date*: Fri, 1 Sep 2006 21:34:43 -0500 (CDT)*Delivered-to*: archiver@seul.org*Delivered-to*: or-talk-outgoing@seul.org*Delivered-to*: or-talk@seul.org*Delivery-date*: Fri, 01 Sep 2006 22:34:52 -0400*In-reply-to*: <44F8D422.905@gmail.com>*References*: <44F8D422.905@gmail.com>*Reply-to*: or-talk@xxxxxxxxxxxxx*Sender*: owner-or-talk@xxxxxxxxxxxxx

On Fri, 1 Sep 2006, Watson Ladd wrote:

I have a good idea for key negotiations (NOTE:UNPUBLISHED). Here it is: Let the server have a public key y=h^x mod p, p=2q+1, h=g^2, and private key x^-1 mod q, or z. (g is a generator).

A client will send y^a and remember a. A server will send back h^b and remember b. The client will compute (h^b)^a. The server will compute (y^a)^(bz). We note that: (y^a)^(bz)=h^(ax*bz)=h^(abxz)=h^(ab)=(h^b)^a, as z and x are multiplicative inverses mod q. We further note that this is just Diffie-Hellman if we replace y with h^z, a with a*x, and z with 1, b with b. So this is secure if DDH holds.

I am not a cryptographer, so will someone please check this method. I have not found it anywhere.

Why would we use this instead of plain-vanilla Diffie-Hellman?

-J

**Follow-Ups**:**Re: Better key negotiations***From:*Watson Ladd

**References**:**Better key negotiations***From:*Watson Ladd

- Prev by Author:
**Re: Re[2]: [INFO] new anonymizing software** - Next by Author:
**Re: Using Gmail (with Tor) is a bad idea** - Previous by thread:
**Better key negotiations** - Next by thread:
**Re: Better key negotiations** - Index(es):