[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Better Authentication/Key Negotiations
- To: or-talk@xxxxxxxxxxxxx
- Subject: Better Authentication/Key Negotiations
- From: Watson Ladd <watsonbladd@xxxxxxxxx>
- Date: Tue, 29 Aug 2006 10:31:30 -0400
- Delivered-to: archiver@seul.org
- Delivered-to: or-talk-outgoing@seul.org
- Delivered-to: or-talk@seul.org
- Delivery-date: Tue, 29 Aug 2006 10:31:50 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding; b=pZqprhcxpM3W3rgPByV0gcS6QpWm8HMbPQ1UUfcb1cC2vvS+puGMqVJ3e01NoqjQ6SblWcgiy8+UUdVzMI77Sp4h6xTHkhDfRp9xIzri2k6g+0A3DaCBtQNSrk7dYzszU3R39x2XRZLwY0aL1gfFJXcr64ATMgApZ/X30oTL0es=
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Thunderbird 1.5.0.5 (Macintosh/20060719)
One of the things I noticed about the TOR protocol is the amount of CPU
a key negotiation takes. It takes 3 exponentiations by the server to
decrypt the DH handshake, create the other part of the handshake, and
preform the DH exponentiation. As this needs to be preformed three times
to make a circuit, and each circuit only conducts a small amount of
information when web browsing, and the servers have load issues, it
looks like this is something we should simplify.
My idea is to sign the DH handshake half that the server sends to the
client with something like a Schnorr signature, which is cheap to make.
The client will still have to preform 3 exponentiations, but the server
only 2. We could also use XTR to make the calculations cheaper without
adopting Schnorr signatures, which are patented.