[cryptography] Using same key for ECDSA and ECIES
dominik at dominikschuermann.de
Fri Sep 20 14:35:20 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 20.09.2013 17:17, Paterson, Kenny wrote:
> It is "technically secure". See:
Thanks you so much for this paper, it's even mostly understandable
with some basic knowledge of attack models :)
> Even so, I would not recommend this approach unless you absolutely
> have to use it.
Could you elaborate more on this? Do you see problems besides Alan
In my scenario I have a network with nodes sending messages
hop-by-hop, where the ids of these nodes are the public keys itself.
The problem is that these networks are highly unreliable and have high
delays (Delay tolerant networking). Thus, DH key exchange protocols
are out of scope. The idea is to always sign messages with your
private key which could be verified by anyone using the node id itself
(your pub key), and encrypted using the destination's node id (which
is the pub key of the destination).
How you know if you are using the right node id (for verification or
encryption) is not a problem which should be discussed here.
Because ids should be as short as possible it would be nice to use the
same pub key for verification and encryption.
After reading related literature, I came to the conclusion to use
ECDSA and ECIES (Both with Koblitz curves, as I am sceptical about the
random curves ;),
Bernstein's curve25519 would be too difficult to integrate, as I
didn't found a library, which is present in current linux distros and
handles both EC sign and encryption schemes.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the cryptography