[messaging] Addition in place of concatenation in TripleDH
Trevor Perrin
trevp at trevp.net
Wed Aug 26 17:43:16 PDT 2015
On Wed, Aug 26, 2015 at 5:17 PM, Jeff Burdges <burdges at gnunet.org> wrote:
>
> TripleDH combines the three DH values by feeding them into a hash
> function.
>
> What would be lost by using addition in the curve instead?
> I.e. KDF( DH(a,b) + DH(A,b) + DH(a,B) )
Lookup MQV and HMQV, there's a lot of literature on fast implicit key
agreements, and there was some discussion here:
https://moderncrypto.org/mail-archive/curves/2014/000148.html
These are nice algorithms, but patents from Certicom and IBM have
probably held back adoption.
You'll generally want to hash or MAC or somehow "bind" the actual
public key values, so someone can't tamper with keys in ways that
compute the same value.
Trevor
More information about the Messaging
mailing list