Hi , Can we not use the existing RSA keys to get the shared secret without using the DH computation Because of the calculation that are involved. Let's say A wants to initiate a session with B. Let A get the Public key of B from CA by sending a protected message using public key of CA. Use the obtained public key for sending the shared secret to B and same from the other End has well, this will ensure authentication and avoiding DH computation.
I feel that certificate can be used for authentication and as well has negotiated Symmetric key using the Concept of Asymmetric cryptography which is one of the good features of certificate. Why in Ikev2, certificates are just used for authentication and why they are not used for negotiating Symmetric key instead in place of DH computation. Is it to avoid use of Trusted CA negotiation. Thanks and Regards Naveen From: [email protected] [mailto:[email protected]] On Behalf Of Prashant Batra (prbatra) Sent: Tuesday, July 26, 2011 6:33 PM To: Yaron Sheffer; Yoav Nir Cc: [email protected] Subject: Re: [IPsec] DH keys calculation performance Thanks Yoav and Yaron for the suggestions. Even I was thinking and tried generating and storing the key pair well in the beginning,. This helped to some extent. The secret calculation is also very expensive, but this has to be done in midst of the exchange only. Regards, Prashant From: Yaron Sheffer [mailto:[email protected]] Sent: Tuesday, July 26, 2011 4:47 PM To: Yoav Nir Cc: Prashant Batra (prbatra); [email protected] Subject: Re: [IPsec] DH keys calculation performance You might want to review http://tools.ietf.org/html/rfc5996#section-2.12. Also, session resumption (http://tools.ietf.org/html/rfc5723) reduces the computational costs of renewing an IKE SA when a client needs to reconnect to a gateway a second time after some failure. Thanks, Yaron On 07/26/2011 01:40 PM, Yoav Nir wrote: On Jul 25, 2011, at 11:29 PM, Prashant Batra (prbatra) wrote: Hello, The DH exchange (Calculation of Public/Private key and the Secret) in IKEV2 Initial exchange seems to be very expensive. This is slowing down the overall IKEv2 tunnel establishment. Is there a way to optimize it? Hi Prashant. I know of three ways to optimize the D-H exchange. First, note that each peer has to perform two operations: 1. Generate: create a random x and calculate X=2^x mod p 2. Derive: calculate the shared secret S=Y^x mod p The "Derive" operation has to be done during the exchange, but the "Generate" operation can be done long before the exchange. If your problem is degraded performance at some peak, you can pre-generate some values. This has a high cost in memory, but can be useful for dealing with peaks. Second, note that 2^73 mod p = ((2^64 mod p) * (2^8 mod p) * (2^1 mod p)) mod p If you're using a 2048-bit D-H group, you can pre-calculate 2^x mod p for 0<=x<=2048 and store these values. After that, both the generate and derive operations become simple multiplications of the resulting values. This has a fixed cost in memory, but can accelerate things. Third, you may want to look at the EC groups. The EC operations require less computation. Hope this helps Yoav _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
