First some background:
The NSA's Suit B uses a key negotiation mutual authentication method MQV. This method was found to be insecure, and so HMQV was created. HMQV uses a signature protocol called HCR twice in one exchange to generate a key. HCR can prove identy of one endpoint and negotiate a key in a two message exchange with great efficiency for both sides.
In Tor the current key generation method is quite expensive. Would it be possible to change to HCR to improve efficency?
--
"Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety."
-- Benjamin Franklin
- HCR for key negotiation Watson Ladd
- Re: HCR for key negotiation Nick Mathewson
- Re: HCR for key negotiation Watson Ladd
