[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Better key negotiations

Hash: SHA1

Andrew Del Vecchio wrote:
> What are "eliptic curves", Watson? I'm not a math master, I just know
> how to do IT :D
> ~Andrew
Elliptic curves are equations of the form y^2=x^3+ax+b. In cryptography
we consider them over the projective plane formed by a finite field, and
we can add points on the curve to form cyclic subgroups for which the
Diffie-Hellman problem is hard. The main advantage is a major speedup,
and key sizes can be smaller for the same security factor. There are a
lot of patents involved, meaning you need to pay care to how you are
doing the math. But the prize is very good security, as no breakthroughs
have been made since 1985. Check the wiki for details.
> Watson Ladd wrote:
>> Jason Holt wrote:
>>> On Fri, 1 Sep 2006, Watson Ladd wrote:
>>>> I have a good idea for key negotiations (NOTE:UNPUBLISHED).
>>>> Here
>> it is:
>>>> Let the server have a public key y=h^x mod p, p=2q+1, h=g^2,
>>>> and
>> private
>>>> key x^-1 mod q, or z. (g is a generator).
>>>> A client will send y^a and remember a. A server will send back
>>>> h^b and remember b. The client will compute (h^b)^a. The server
>>>> will compute (y^a)^(bz). We note that:
>>>> (y^a)^(bz)=h^(ax*bz)=h^(abxz)=h^(ab)=(h^b)^a, as z and x are
>>>> multiplicative inverses mod q. We further note that this is
>>>> just Diffie-Hellman if we replace y with h^z,  a with a*x, and
>>>> z with 1, b with b. So this is secure if
>> DDH holds.
>>>> I am not a cryptographer, so will someone please check this
>>>> method. I have not found it anywhere.
>>> Why would we use this instead of plain-vanilla Diffie-Hellman?
>>> -J
>> To authenticate the server to the client. I want to dispense with
>> RSA as we are putting a critical egg into two baskets at once.
>> Also, we can migrate to exotic DDH assumption groups if a
>> breakthrough happens. Like GF(p^n), n>1, or elliptic curves.
- --
They who would give up an essential liberty for temporary security,
 deserve neither liberty or security
- --Benjamin Franklin
Version: GnuPG v1.4.3 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org