[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

*To*: or-talk@xxxxxxxxxxxxx*Subject*: Re: Better key negotiations*From*: Watson Ladd <watsonbladd@xxxxxxxxx>*Date*: Mon, 04 Sep 2006 11:28:52 -0400*Delivered-to*: archiver@seul.org*Delivered-to*: or-talk-outgoing@seul.org*Delivered-to*: or-talk@seul.org*Delivery-date*: Mon, 04 Sep 2006 11:29:10 -0400*Domainkey-signature*: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=CMoVtRTzG8YmcUShzbQQDa3/70gfCOHZAcA7TcGDYlIKSzHBHMp0WTUxh0+QM9qNxrPs2E3JBuCiuZ6l03033w9gzkcjlKF5xqnLHiFDr3UBNTIzbVqfWb31nz3/70UnhTLKsqBJB9pjkK6/8DyUI6sLtThLPCseJeHpzrrs6mQ=*In-reply-to*: <44FBBB9A.9060205@walala.org>*Openpgp*: url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x57C89443*References*: <44F8D422.905@gmail.com> <Pine.LNX.4.64.0609012133561.30153@pl2.zayda.com> <44F8F2E4.5010003@gmail.com> <44F9065F.1000508@walala.org> <44F97DD6.4020408@gmail.com> <44FBBB9A.9060205@walala.org>*Reply-to*: or-talk@xxxxxxxxxxxxx*Sender*: owner-or-talk@xxxxxxxxxxxxx*User-agent*: Thunderbird 1.5.0.5 (Macintosh/20060719)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrew Del Vecchio wrote: > That's cool are you working on sample code at this time? > > ~Andrew > > Watson Ladd wrote: >> Andrew Del Vecchio wrote: >>> What are "eliptic curves", Watson? I'm not a math master, I just >>> know how to do IT :D >>> ~Andrew >> Elliptic curves are equations of the form y^2=x^3+ax+b. In >> cryptography we consider them over the projective plane formed by a >> finite field, and we can add points on the curve to form cyclic >> subgroups for which the Diffie-Hellman problem is hard. The main >> advantage is a major speedup, and key sizes can be smaller for the >> same security factor. There are a lot of patents involved, meaning >> you need to pay care to how you are doing the math. But the prize >> is very good security, as no breakthroughs have been made since >> 1985. Check the wiki for details. >>> Watson Ladd wrote: >>>> Jason Holt wrote: >>>>> On Fri, 1 Sep 2006, Watson Ladd wrote: >>>>>> I have a good idea for key negotiations (NOTE:UNPUBLISHED). >>>>>> Here >>>> it is: >>>>>> Let the server have a public key y=h^x mod p, p=2q+1, >>>>>> h=g^2, and >>>> private >>>>>> key x^-1 mod q, or z. (g is a generator). >>>>>> >>>>>> A client will send y^a and remember a. A server will send >>>>>> back h^b and remember b. The client will compute (h^b)^a. >>>>>> The server will compute (y^a)^(bz). We note that: >>>>>> (y^a)^(bz)=h^(ax*bz)=h^(abxz)=h^(ab)=(h^b)^a, as z and x >>>>>> are multiplicative inverses mod q. We further note that >>>>>> this is just Diffie-Hellman if we replace y with h^z, a >>>>>> with a*x, and z with 1, b with b. So this is secure if >>>> DDH holds. >>>>>> I am not a cryptographer, so will someone please check this >>>>>> method. I have not found it anywhere. >>>>> Why would we use this instead of plain-vanilla >>>>> Diffie-Hellman? -J >>>> To authenticate the server to the client. I want to dispense >>>> with RSA as we are putting a critical egg into two baskets at >>>> once. Also, we can migrate to exotic DDH assumption groups if a >>>> breakthrough happens. Like GF(p^n), n>1, or elliptic curves. > No. A full proof. Sample code does not matter if it's an insecure protocol. My presentation needs to be made a lot tighter first. - -- They who would give up an essential liberty for temporary security, deserve neither liberty or security - --Benjamin Franklin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE/EY0GV+aWVfIlEMRAvXzAJ90BUdOyM4FWaG9cJQeZAyMja+fawCdGN+2 f5yQerquBiBcgRLyZgpNTJU= =JN+q -----END PGP SIGNATURE-----

**Follow-Ups**:**v2 directory?***From:*numE

**References**:**Better key negotiations***From:*Watson Ladd

**Re: Better key negotiations***From:*Jason Holt

**Re: Better key negotiations***From:*Watson Ladd

**Re: Better key negotiations***From:*Andrew Del Vecchio

**Re: Better key negotiations***From:*Watson Ladd

**Re: Better key negotiations***From:*Andrew Del Vecchio

- Prev by Author:
**New key negotiations** - Next by Author:
**Re: Tor network signature detection** - Previous by thread:
**Re: Better key negotiations** - Next by thread:
**v2 directory?** - Index(es):