[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Better Authentication/Key Negotiations



One of the things I noticed about the TOR protocol is the amount of CPU a key negotiation takes. It takes 3 exponentiations by the server to decrypt the DH handshake, create the other part of the handshake, and preform the DH exponentiation. As this needs to be preformed three times to make a circuit, and each circuit only conducts a small amount of information when web browsing, and the servers have load issues, it looks like this is something we should simplify.
My idea is to sign the DH handshake half that the server sends to the client with something like a Schnorr signature, which is cheap to make. The client will still have to preform 3 exponentiations, but the server only 2. We could also use XTR to make the calculations cheaper without adopting Schnorr signatures, which are patented.