[Cryptography] Are there other anonymous key exchange algorithms?
Miroslav Kratochvil
exa.exa at gmail.com
Sun May 18 04:03:27 EDT 2014
>... Forward secrecy simply means that
> you generate a new keypair for every exchange.
To sum up what you provided, generic PFS protocol could look like this:
1- both endpoints each generate a keypair and send the pubkey to the
other endpoint
2- both endpoints generate random string r, encrypt with other
endpoint's pubkey and send it
3- shared secret is hash(r1+r2). (with no big cryptographic
requirements on the hash -- XOR is perfectly possible)
4- both endpoints make sure that privkeys get erased asap
For usage in realtime TLS or similar protocol, problems reside in step
1, generating the keypairs is usually a bit slow for realtime usage
(~200ms in my case for McE-QD, but it can get much worse). Would
there be any serious security implications on reusing the same key in
more exchanges and having some efficient key schedule? For example,
only generating new key every minute or similar.
Post-quantum pubkeys also tend to be a bit large (around 4kB in my
case, but megabytes for generic McE and more kBs for NTRU etc.) but I
guess that isn't a really big deal - it still fits in a few packets.
Thanks,
-mk
More information about the cryptography
mailing list