[Cryptography] Are there other anonymous key exchange algorithms?

Stuart Longland stuartl at longlandclan.yi.org
Sun May 25 04:42:56 EDT 2014 

On Sun, 18 May 2014 10:03:27 +0200, Miroslav Kratochvil wrote:

> Would there be any serious security implications on reusing the same key
> in more exchanges and having some efficient key schedule? For example,
> only generating new key every minute or similar.

Perhaps make it a fraction of the time it takes to crack the key?  So if 
with today's hardware it would take 100 years to crack a key, replace the 
keys daily?

I'm considering this problem elsewhere, some would recall my query about 
using digital signatures for authentication over packet radio: here I've 
settled on 192-bit ECDSA.  Apparently 256-bit ECDSA, as used in Bitcoin 
supposedly would take a contemporary supercomputer a ridiculous amount of 
time to crack.

http://bitcoin.stackexchange.com/a/2852 estimates that for a 256-bit key, 
it was around 650 million, billion years for today's equipment, and the 
estimate was it'd be 60+ years before we'd see a computer capable of 
giving the problem a good bash (just over a year).

I'd be interested to know how close the maths is there, the author 
mentions it being a very conservative estimate and that in reality, it'd 
be a lot more.  I've taken that as a rough guide, and so if that post is 
true, it'd take ~152224491 years for a 192-bit key.  And maybe in 10 
years we might see a computer that can grind through the combinations 
quickly enough.

192-bit ECDSA is not as strong of course, but was still a case of "not in 
my lifetime without a computing breakthrough".  So I'm working on the 
theory: the keys are not encrypting, just signing and the keys should be 
replaced every few years, by the time someone cracks one, it'll be 
useless anyway.

In the case of encryption, the situation is different: the (private) key, 
once revealed, is not useless, any ciphertext produced by it (or its 
public counterpart) can now be deciphered.

It's then a matter of how old the data is, and whether you care about it 
being revealed that far in the future.  You might be dead by then, in 
which case it may only upset your great grandkids.

Authorities probably won't have this sort of patience and will just 
demand you hand over the keys, or find some other way of obtaining them.

More information about the cryptography mailing list