[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Better key negotiations

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Better key negotiations
From: Watson Ladd <watsonbladd@xxxxxxxxx>
Date: Mon, 04 Sep 2006 11:28:52 -0400
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Mon, 04 Sep 2006 11:29:10 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=CMoVtRTzG8YmcUShzbQQDa3/70gfCOHZAcA7TcGDYlIKSzHBHMp0WTUxh0+QM9qNxrPs2E3JBuCiuZ6l03033w9gzkcjlKF5xqnLHiFDr3UBNTIzbVqfWb31nz3/70UnhTLKsqBJB9pjkK6/8DyUI6sLtThLPCseJeHpzrrs6mQ=
In-reply-to: <44FBBB9A.9060205@walala.org>
Openpgp: url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x57C89443
References: <44F8D422.905@gmail.com> <Pine.LNX.4.64.0609012133561.30153@pl2.zayda.com> <44F8F2E4.5010003@gmail.com> <44F9065F.1000508@walala.org> <44F97DD6.4020408@gmail.com> <44FBBB9A.9060205@walala.org>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.5 (Macintosh/20060719)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrew Del Vecchio wrote:
> That's cool are you working on sample code at this time?
> 
> ~Andrew
> 
> Watson Ladd wrote:
>> Andrew Del Vecchio wrote:
>>> What are "eliptic curves", Watson? I'm not a math master, I just
>>> know how to do IT :D
>>> ~Andrew
>> Elliptic curves are equations of the form y^2=x^3+ax+b. In
>> cryptography we consider them over the projective plane formed by a
>>  finite field, and we can add points on the curve to form cyclic
>> subgroups for which the Diffie-Hellman problem is hard. The main
>> advantage is a major speedup, and key sizes can be smaller for the
>> same security factor. There are a lot of patents involved, meaning
>> you need to pay care to how you are doing the math. But the prize
>> is very good security, as no breakthroughs have been made since
>> 1985. Check the wiki for details.
>>> Watson Ladd wrote:
>>>> Jason Holt wrote:
>>>>> On Fri, 1 Sep 2006, Watson Ladd wrote:
>>>>>> I have a good idea for key negotiations (NOTE:UNPUBLISHED).
>>>>>>  Here
>>>> it is:
>>>>>> Let the server have a public key y=h^x mod p, p=2q+1,
>>>>>> h=g^2, and
>>>> private
>>>>>> key x^-1 mod q, or z. (g is a generator).
>>>>>>
>>>>>> A client will send y^a and remember a. A server will send
>>>>>> back h^b and remember b. The client will compute (h^b)^a.
>>>>>> The server will compute (y^a)^(bz). We note that:
>>>>>> (y^a)^(bz)=h^(ax*bz)=h^(abxz)=h^(ab)=(h^b)^a, as z and x
>>>>>> are multiplicative inverses mod q. We further note that
>>>>>> this is just Diffie-Hellman if we replace y with h^z,  a
>>>>>> with a*x, and z with 1, b with b. So this is secure if
>>>> DDH holds.
>>>>>> I am not a cryptographer, so will someone please check this
>>>>>>  method. I have not found it anywhere.
>>>>> Why would we use this instead of plain-vanilla
>>>>> Diffie-Hellman? -J
>>>> To authenticate the server to the client. I want to dispense
>>>> with RSA as we are putting a critical egg into two baskets at
>>>> once. Also, we can migrate to exotic DDH assumption groups if a
>>>>  breakthrough happens. Like GF(p^n), n>1, or elliptic curves.
> 
No. A full proof. Sample code does not matter if it's an insecure
protocol. My presentation needs to be made a lot tighter first.
- --
They who would give up an essential liberty for temporary security,
 deserve neither liberty or security
- --Benjamin Franklin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE/EY0GV+aWVfIlEMRAvXzAJ90BUdOyM4FWaG9cJQeZAyMja+fawCdGN+2
f5yQerquBiBcgRLyZgpNTJU=
=JN+q
-----END PGP SIGNATURE-----

Follow-Ups:
- v2 directory?
  - From: numE

References:
- Better key negotiations
  - From: Watson Ladd
- Re: Better key negotiations
  - From: Jason Holt
- Re: Better key negotiations
  - From: Watson Ladd
- Re: Better key negotiations
  - From: Andrew Del Vecchio
- Re: Better key negotiations
  - From: Watson Ladd
- Re: Better key negotiations
  - From: Andrew Del Vecchio

Prev by Author: New key negotiations
Next by Author: Re: Tor network signature detection
Previous by thread: Re: Better key negotiations
Next by thread: v2 directory?
Index(es):
- Author
- Thread