[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Better key negotiations

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Better key negotiations
From: Watson Ladd <watsonbladd@xxxxxxxxx>
Date: Sat, 02 Sep 2006 08:49:26 -0400
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Sat, 02 Sep 2006 08:49:40 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=Soo5+qhbpMFJNxyp6LNlk2mOOV1sLUzKlzKWbrAsAoARhhFgrjyrRQYnSgTrLCt1xpEMU3Q/ZdtMLCuGE+wU93HzHRoP0Pn3c4A+n0/RhJlRGq22WEfSDdtBjnCSSD+mJoq9v0/zHStNjOhMvG5pi8L7GzfUBtOezF7KBk0/KLI=
In-reply-to: <44F9065F.1000508@walala.org>
Openpgp: url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x57C89443
References: <44F8D422.905@gmail.com> <Pine.LNX.4.64.0609012133561.30153@pl2.zayda.com> <44F8F2E4.5010003@gmail.com> <44F9065F.1000508@walala.org>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.5 (Macintosh/20060719)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrew Del Vecchio wrote:
> What are "eliptic curves", Watson? I'm not a math master, I just know
> how to do IT :D
> 
> ~Andrew
> 
Elliptic curves are equations of the form y^2=x^3+ax+b. In cryptography
we consider them over the projective plane formed by a finite field, and
we can add points on the curve to form cyclic subgroups for which the
Diffie-Hellman problem is hard. The main advantage is a major speedup,
and key sizes can be smaller for the same security factor. There are a
lot of patents involved, meaning you need to pay care to how you are
doing the math. But the prize is very good security, as no breakthroughs
have been made since 1985. Check the wiki for details.
> Watson Ladd wrote:
>> Jason Holt wrote:
>>> On Fri, 1 Sep 2006, Watson Ladd wrote:
>>>> I have a good idea for key negotiations (NOTE:UNPUBLISHED).
>>>> Here
>> it is:
>>>> Let the server have a public key y=h^x mod p, p=2q+1, h=g^2,
>>>> and
>> private
>>>> key x^-1 mod q, or z. (g is a generator).
>>>>
>>>> A client will send y^a and remember a. A server will send back
>>>> h^b and remember b. The client will compute (h^b)^a. The server
>>>> will compute (y^a)^(bz). We note that:
>>>> (y^a)^(bz)=h^(ax*bz)=h^(abxz)=h^(ab)=(h^b)^a, as z and x are
>>>> multiplicative inverses mod q. We further note that this is
>>>> just Diffie-Hellman if we replace y with h^z,  a with a*x, and
>>>> z with 1, b with b. So this is secure if
>> DDH holds.
>>>> I am not a cryptographer, so will someone please check this
>>>> method. I have not found it anywhere.
>>> Why would we use this instead of plain-vanilla Diffie-Hellman?
>>> -J
>> To authenticate the server to the client. I want to dispense with
>> RSA as we are putting a critical egg into two baskets at once.
>> Also, we can migrate to exotic DDH assumption groups if a
>> breakthrough happens. Like GF(p^n), n>1, or elliptic curves.
> 
> 
- --
They who would give up an essential liberty for temporary security,
 deserve neither liberty or security
- --Benjamin Franklin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE+X3WGV+aWVfIlEMRAlqkAJ407sdbVmj8dWYWye3k+A3cm100UACeKNz5
ddFJnwSs/xNh7nyxiZOeFPI=
=Z8CW
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Better key negotiations
  - From: Andrew Del Vecchio

References:
- Better key negotiations
  - From: Watson Ladd
- Re: Better key negotiations
  - From: Jason Holt
- Re: Better key negotiations
  - From: Watson Ladd
- Re: Better key negotiations
  - From: Andrew Del Vecchio

Prev by Author: Re: Better key negotiations
Next by Author: Re: Holy shit I caught 1
Previous by thread: Re: Better key negotiations
Next by thread: Re: Better key negotiations
Index(es):
- Author
- Thread