[Cryptography] zeromq/libsodium/elliptic question: are shared keys okay?
Kent Borg
kentborg at borg.org
Thu Dec 14 09:48:05 EST 2017
Context: I am looking at using Zero MQ in a project. It has security
features using libsodium's elliptic curve public key cryptography.
Question: Is it okay for Alice and Bob to communicate with each other
using a single shared public/private elliptic key pair? Experimentally
it seems to work, but does it introduce any security holes? (Beyond the
obvious that keys can't be individually deployed and revoked when they
are not individually issued.)
Motivation: Alice and Bob are in the same household, they trust each
other. They are, um, liberal, Charlie might be joining, too, they will
trust him, too. When he does join they would rather not do a bunch of
two-way key distribution. Also, there might be more than one instance of
Alice (and of Bob and Charlie), and the Alices (and Bobs and Charlies)
want to be able to talk to among themselves. They are willing to rekey
the entire household if need be. And if later they need more resolution
of who trusts whom they can start issuing some unique keys then. But in
the meantime, does sharing keys open up any vulnerabilities?
Thanks,
-kb
More information about the cryptography
mailing list