[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Better key negotiations

On Fri, 1 Sep 2006, Watson Ladd wrote:

I have a good idea for key negotiations (NOTE:UNPUBLISHED). Here it is:
Let the server have a public key y=h^x mod p, p=2q+1, h=g^2, and private
key x^-1 mod q, or z. (g is a generator).

A client will send y^a and remember a.
A server will send back h^b and remember b.
The client will compute (h^b)^a.
The server will compute (y^a)^(bz).
We note that:
(y^a)^(bz)=h^(ax*bz)=h^(abxz)=h^(ab)=(h^b)^a, as z and x are
multiplicative inverses mod q.
We further note that this is just Diffie-Hellman if we replace y with
h^z,  a with a*x, and z with 1, b with b. So this is secure if DDH holds.

I am not a cryptographer, so will someone please check this method. I
have not found it anywhere.

Why would we use this instead of plain-vanilla Diffie-Hellman?