[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Better key negotiations
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Better key negotiations
- From: Watson Ladd <watsonbladd@xxxxxxxxx>
- Date: Fri, 01 Sep 2006 22:56:36 -0400
- Delivered-to: archiver@seul.org
- Delivered-to: or-talk-outgoing@seul.org
- Delivered-to: or-talk@seul.org
- Delivery-date: Fri, 01 Sep 2006 22:56:47 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=OEmnBzvCvukzGEz1+9XfE9odHkNuQTZjX433n3ZPH7eCCblA0+KUyTLtjXNIitbTf/hh2GADnvGFeftzpO7misPt5DeJtUumA1dBizdSfjuEUdqx7ANpqrgCs8i18MRdrIwcQxPFV3viKVPdXRfwfe1it/2kane/2IjTQ1AFoM0=
- In-reply-to: <Pine.LNX.4.64.0609012133561.30153@pl2.zayda.com>
- Openpgp: url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x57C89443
- References: <44F8D422.905@gmail.com> <Pine.LNX.4.64.0609012133561.30153@pl2.zayda.com>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Thunderbird 1.5.0.5 (Macintosh/20060719)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jason Holt wrote:
>
> On Fri, 1 Sep 2006, Watson Ladd wrote:
>
>> I have a good idea for key negotiations (NOTE:UNPUBLISHED). Here it is:
>> Let the server have a public key y=h^x mod p, p=2q+1, h=g^2, and private
>> key x^-1 mod q, or z. (g is a generator).
>>
>> A client will send y^a and remember a.
>> A server will send back h^b and remember b.
>> The client will compute (h^b)^a.
>> The server will compute (y^a)^(bz).
>> We note that:
>> (y^a)^(bz)=h^(ax*bz)=h^(abxz)=h^(ab)=(h^b)^a, as z and x are
>> multiplicative inverses mod q.
>> We further note that this is just Diffie-Hellman if we replace y with
>> h^z, a with a*x, and z with 1, b with b. So this is secure if DDH holds.
>>
>> I am not a cryptographer, so will someone please check this method. I
>> have not found it anywhere.
>
> Why would we use this instead of plain-vanilla Diffie-Hellman?
>
> -J
>
To authenticate the server to the client. I want to dispense with RSA as
we are putting a critical egg into two baskets at once. Also, we can
migrate to exotic DDH assumption groups if a breakthrough happens. Like
GF(p^n), n>1, or elliptic curves.
- --
They who would give up an essential liberty for temporary security,
deserve neither liberty or security
- --Benjamin Franklin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE+PLkGV+aWVfIlEMRAmWjAJ9SifzRN7uce3DfpZxn2vSBXwT3vwCcC8Hj
puJTkaE6/eDjpoDnfOvDRCM=
=F+Sr
-----END PGP SIGNATURE-----