[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

*To*: or-talk@xxxxxxxxxxxxx*Subject*: Re: Better key negotiations*From*: Watson Ladd <watsonbladd@xxxxxxxxx>*Date*: Sat, 02 Sep 2006 08:49:26 -0400*Delivered-to*: archiver@seul.org*Delivered-to*: or-talk-outgoing@seul.org*Delivered-to*: or-talk@seul.org*Delivery-date*: Sat, 02 Sep 2006 08:49:40 -0400*Domainkey-signature*: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=Soo5+qhbpMFJNxyp6LNlk2mOOV1sLUzKlzKWbrAsAoARhhFgrjyrRQYnSgTrLCt1xpEMU3Q/ZdtMLCuGE+wU93HzHRoP0Pn3c4A+n0/RhJlRGq22WEfSDdtBjnCSSD+mJoq9v0/zHStNjOhMvG5pi8L7GzfUBtOezF7KBk0/KLI=*In-reply-to*: <44F9065F.1000508@walala.org>*Openpgp*: url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x57C89443*References*: <44F8D422.905@gmail.com> <Pine.LNX.4.64.0609012133561.30153@pl2.zayda.com> <44F8F2E4.5010003@gmail.com> <44F9065F.1000508@walala.org>*Reply-to*: or-talk@xxxxxxxxxxxxx*Sender*: owner-or-talk@xxxxxxxxxxxxx*User-agent*: Thunderbird 1.5.0.5 (Macintosh/20060719)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrew Del Vecchio wrote: > What are "eliptic curves", Watson? I'm not a math master, I just know > how to do IT :D > > ~Andrew > Elliptic curves are equations of the form y^2=x^3+ax+b. In cryptography we consider them over the projective plane formed by a finite field, and we can add points on the curve to form cyclic subgroups for which the Diffie-Hellman problem is hard. The main advantage is a major speedup, and key sizes can be smaller for the same security factor. There are a lot of patents involved, meaning you need to pay care to how you are doing the math. But the prize is very good security, as no breakthroughs have been made since 1985. Check the wiki for details. > Watson Ladd wrote: >> Jason Holt wrote: >>> On Fri, 1 Sep 2006, Watson Ladd wrote: >>>> I have a good idea for key negotiations (NOTE:UNPUBLISHED). >>>> Here >> it is: >>>> Let the server have a public key y=h^x mod p, p=2q+1, h=g^2, >>>> and >> private >>>> key x^-1 mod q, or z. (g is a generator). >>>> >>>> A client will send y^a and remember a. A server will send back >>>> h^b and remember b. The client will compute (h^b)^a. The server >>>> will compute (y^a)^(bz). We note that: >>>> (y^a)^(bz)=h^(ax*bz)=h^(abxz)=h^(ab)=(h^b)^a, as z and x are >>>> multiplicative inverses mod q. We further note that this is >>>> just Diffie-Hellman if we replace y with h^z, a with a*x, and >>>> z with 1, b with b. So this is secure if >> DDH holds. >>>> I am not a cryptographer, so will someone please check this >>>> method. I have not found it anywhere. >>> Why would we use this instead of plain-vanilla Diffie-Hellman? >>> -J >> To authenticate the server to the client. I want to dispense with >> RSA as we are putting a critical egg into two baskets at once. >> Also, we can migrate to exotic DDH assumption groups if a >> breakthrough happens. Like GF(p^n), n>1, or elliptic curves. > > - -- They who would give up an essential liberty for temporary security, deserve neither liberty or security - --Benjamin Franklin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE+X3WGV+aWVfIlEMRAlqkAJ407sdbVmj8dWYWye3k+A3cm100UACeKNz5 ddFJnwSs/xNh7nyxiZOeFPI= =Z8CW -----END PGP SIGNATURE-----

**Follow-Ups**:**Re: Better key negotiations***From:*Andrew Del Vecchio

**References**:**Better key negotiations***From:*Watson Ladd

**Re: Better key negotiations***From:*Jason Holt

**Re: Better key negotiations***From:*Watson Ladd

**Re: Better key negotiations***From:*Andrew Del Vecchio

- Prev by Author:
**Re: Better key negotiations** - Next by Author:
**Re: Holy shit I caught 1** - Previous by thread:
**Re: Better key negotiations** - Next by thread:
**Re: Better key negotiations** - Index(es):