[Cryptography] Hohha Protocol : 1. Key renewal review

Ismail Kizir ikizir at gmail.com
Fri Nov 23 17:34:59 EST 2018

Dear Colleagues,

When I've sent here Hohha Protocol Draft, was to find the best
protocol with your helps.
And I am glad to see that it works.
I thank you everybody who cared and gave new ideas.
Including Peter.
Peter: If you tell what you want to tell in a more professional
manner, you can be very useful for me.
It will be an open-sourced project. So, it will be useful for everybody.
I am not a cryptologist. But I am an experienced programmer. And I am
trying to implement every good idea immediately.
I have no complexes.
If there is a better idea, I want to implement. And I will also be
glad to refer to your names.
My aim, is to create the best messenger I can.

So, let's go step by step.
When I read critics, I decided to find out the easiest and best way
for key renewal.
I wanted to start a new thread specifically about this subject.
When we find the best solution, we can pass to next issue.

I didn't want to use key derivation methods in previous drafts.
Because, it is deterministic.
But, "forward secrecy" has a magical effect on crypto world.
And my very simple and raw method has been criticized much.
So, I decided to replace key renewal with a deterministic method.

I thought, the following method may be a good idea.
I also shared it privately with Ersin, yesterday, when I read his messages.

During optical key exchange or DH key exchange, I want to create two
keys, instead of one!

K1 and K2

When both parties have K1 and K2, they will not use directly as they are.

Every time they need common shared secret K:

They will first calculate which week of year we're in(Greenwich time)

Then, they append 4 digit year
For example, we are actually week #47 of 2018
We will obtain 472018
And then, we  append K2 at the end of this buffer.

Then, take SHA512 hash of resulting buffer.
Then xor first 32 bytes half of resulting sha512 with last 32 bytes.
for (unsigned t=0; t<32; t++)
  sha512res[t] ^=  sha512res[t+32];

then, they will xor first 32 bytes of sha512res with K1 to obtain
actual 32 bytes shared key

for (t=0; t<32; t++)
  ActualSharedSecret[t] =  sha512res[t] ^ K1[t];

This method doesn't require key renewal.
And it also provides forward secrecy.

What do you think?
Is it a reliable, acceptable solution?
I would like to know your comments.

Ismail Kizir

More information about the cryptography mailing list