[cryptography] Security Discussion: Password Based Key Derivation for Elliptic curve Diffie–Hellman key agreement
natanael.l at gmail.com
Tue Dec 17 20:25:18 EST 2013
Sounds just like the Bitcoin blockchain to me. Or maybe the fork Namecoin.
- Sent from my phone
Den 18 dec 2013 02:20 skrev "James A. Donald" <jamesd at echeque.com>:
> On 2013-12-18 04:38, Joseph Birr-Pixton wrote:
>> In very general terms, you cannot hope to achieve confidentiality
>> without authenticity.
>> Your key exchange does not offer authenticity. I would suggest instead
>> having the user's keys be signing keys, and do straightforward signed
>> ephemeral ECDH. This should also gain you forward secrecy.
>> Unfortunately this will introduce a data dependency in your protocol,
>> which may cause an unacceptable extra round trip.
>> With that assumed fixed, your protocol relies entirely on a third
>> party (the 'public key server') for authenticity of the key exchange.
>> If the overall aim is to avoid having to trust a third party
>> (Facebook) to keep messages secret, adding more third parties to the
>> problem doesn't seem a great solution.
> Google solution: Implement a protocol such that the key server cannot
> tell the owner of the name on thing, and someone else trying to contact the
> owner of the name a different thing, and cannot rewrite the past.
> Bittorrent serves immutable files globally, such that the file must be the
> same for all. Need a bittorent like algorithm for serving slowly mutable
> tree structures. Viewed as a history, it is a grow only data structure
> with an ever increasing immutable past. The history, however, is kind of
> like a git history, representing a fully mutable but slowly changing
> cryptography mailing list
> cryptography at randombit.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography