[cryptography] Using same key for ECDSA and ECIES

Dominik Schürmann dominik at dominikschuermann.de
Fri Sep 20 14:35:20 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 20.09.2013 17:17, Paterson, Kenny wrote:
> It is "technically secure". See:
> 
> http://eprint.iacr.org/2011/615

Thanks you so much for this paper, it's even mostly understandable
with some basic knowledge of attack models :)

> Even so, I would not recommend this approach unless you absolutely
> have to use it.

Could you elaborate more on this? Do you see problems besides Alan
Braggins remark?


In my scenario I have a network with nodes sending messages
hop-by-hop, where the ids of these nodes are the public keys itself.
The problem is that these networks are highly unreliable and have high
delays (Delay tolerant networking). Thus, DH key exchange protocols
are out of scope. The idea is to always sign messages with your
private key which could be verified by anyone using the node id itself
(your pub key), and encrypted using the destination's node id (which
is the pub key of the destination).
How you know if you are using the right node id (for verification or
encryption) is not a problem which should be discussed here.

Because ids should be as short as possible it would be nice to use the
same pub key for verification and encryption.

After reading related literature, I came to the conclusion to use
ECDSA and ECIES (Both with Koblitz curves, as I am sceptical about the
random curves ;),
Bernstein's curve25519 would be too difficult to integrate, as I
didn't found a library, which is present in current linux distros and
handles both EC sign and encryption schemes.

Regards
Dominikh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJSPJVmAAoJEHGMBwEAASKC6rMH/1Q4edycmw1CIwTVBsz0RG0E
wlstAuBkHm4Msd7nnVzK601imXfkqRaXI8uuzhm4XlCFhykh6DrPQ7W9idWqJSyG
ioefr7od5up0aGZna5PZQCinm0X7b1e8HbcMLXFhgYcXVvQWMbcLfdikUpHgotbW
XgiH4JwR9xC178bPzacduBZI0Gy7IZPNUO0geTCYEvvcS144V+w5WlGidzsP6F1p
sDYEjI6oxfYxQ8ThzKnzxYQSNfzpPGaLIUdSb6WkLSJOGGtoPGCigxlAXUC3L6fE
n3V6n2mALHDgjmnReMg/4cNK+8TFjJcohCL2k0ZO+8WiHNAl5PT//D+6Q8FSbPc=
=Z59x
-----END PGP SIGNATURE-----


More information about the cryptography mailing list