[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

HCR for key negotiation



First some background:
The NSA's Suit B uses a key negotiation mutual authentication method MQV.  This method was found to be insecure, and so HMQV was created. HMQV uses a signature protocol called HCR twice in one exchange to generate a key. HCR can prove identy of one endpoint and negotiate a key in a two message exchange with great efficiency for both sides.
In Tor the current key generation method is quite expensive. Would it be possible to change to HCR to improve efficency?

--
"Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin