-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jason Holt wrote: > > On Fri, 1 Sep 2006, Watson Ladd wrote: > >> I have a good idea for key negotiations (NOTE:UNPUBLISHED). Here it is: >> Let the server have a public key y=h^x mod p, p=2q+1, h=g^2, and private >> key x^-1 mod q, or z. (g is a generator). >> >> A client will send y^a and remember a. >> A server will send back h^b and remember b. >> The client will compute (h^b)^a. >> The server will compute (y^a)^(bz). >> We note that: >> (y^a)^(bz)=h^(ax*bz)=h^(abxz)=h^(ab)=(h^b)^a, as z and x are >> multiplicative inverses mod q. >> We further note that this is just Diffie-Hellman if we replace y with >> h^z, a with a*x, and z with 1, b with b. So this is secure if DDH holds. >> >> I am not a cryptographer, so will someone please check this method. I >> have not found it anywhere. > > Why would we use this instead of plain-vanilla Diffie-Hellman? > > -J > To authenticate the server to the client. I want to dispense with RSA as we are putting a critical egg into two baskets at once. Also, we can migrate to exotic DDH assumption groups if a breakthrough happens. Like GF(p^n), n>1, or elliptic curves.
- -- They who would give up an essential liberty for temporary security, deserve neither liberty or security - --Benjamin Franklin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE+PLkGV+aWVfIlEMRAmWjAJ9SifzRN7uce3DfpZxn2vSBXwT3vwCcC8Hj puJTkaE6/eDjpoDnfOvDRCM= =F+Sr -----END PGP SIGNATURE-----