[Cryptography] Announcing XSTREAM v0.1: misuse-resistant public-key cryptography combining X25519+HKDF+Miscreant
Tony Arcieri
bascule at gmail.com
Sun Jan 7 23:36:47 EST 2018
On Sun, Jan 7, 2018 at 5:41 PM, John Gilmore <gnu at toad.com> wrote:
> Am I confused? Doing Diffie-Hellman requires talking with another
> party. For data-at-rest, who is the other party? And how does your
> library communicate with that other party?
XSTREAM encryption performs Diffie-Hellman with a static public key and an
ephemeral private key. You can still think of these as a recipient and a
sender respectively, but if the recipient's public key is known in advance,
the sender can simply generate a random private key, perform Diffie-Hellman
with it completely offline, and then throw it away after encryption,
"stapling" the ephemeral public key to the resulting ciphertext.
This also has the interesting property that if the sender erases the
private scalar and shared secret, they will no longer be able to decrypt a
ciphertext they generated themselves, and is generally referred to as
"sealing"
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180107/e5780044/attachment.html>
More information about the cryptography
mailing list