[cryptography] Security Discussion: Password Based Key Derivation for Elliptic curve Diffie–Hellman key agreement

Natanael natanael.l at gmail.com
Tue Dec 17 20:25:18 EST 2013


Sounds just like the Bitcoin blockchain to me. Or maybe the fork Namecoin.

- Sent from my phone
Den 18 dec 2013 02:20 skrev "James A. Donald" <jamesd at echeque.com>:

> On 2013-12-18 04:38, Joseph Birr-Pixton wrote:
>
>> In very general terms, you cannot hope to achieve confidentiality
>> without authenticity.
>>
>> Your key exchange does not offer authenticity. I would suggest instead
>> having the user's keys be signing keys, and do straightforward signed
>> ephemeral ECDH. This should also gain you forward secrecy.
>> Unfortunately this will introduce a data dependency in your protocol,
>> which may cause an unacceptable extra round trip.
>>
>> With that assumed fixed, your protocol relies entirely on a third
>> party (the 'public key server') for authenticity of the key exchange.
>> If the overall aim is to avoid having to trust a third party
>> (Facebook) to keep messages secret, adding more third parties to the
>> problem doesn't seem a great solution.
>>
>
> Google solution:  Implement a protocol such that the key server cannot
> tell the owner of the name on thing, and someone else trying to contact the
> owner of the name a different thing, and cannot rewrite the past.
>
> Bittorrent serves immutable files globally, such that the file must be the
> same for all.  Need a bittorent like algorithm for serving slowly mutable
> tree structures.  Viewed as a history, it is a grow only data structure
> with an ever increasing immutable past.  The history, however, is kind of
> like a git history, representing a fully mutable but slowly changing
> present.
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20131218/18a52314/attachment.html>


More information about the cryptography mailing list