[messaging] libforwardsec: forward secure encryption for email and asynchronous messaging

Jeff Burdges burdges at gnunet.org
Thu Sep 10 07:19:23 PDT 2015

How damaging are the bilinear Diffie-Helman assumptions needed by the
pairing based cryptography here?  It's simply that the curve involved
must be huge or something?  Are those costs and risks well understood?

Also, I'm curious about the scheme for sterilizing HIBE keys mentioned
on page 9, sounds useful for air-gapped keys.  Is there is reasonable
way to do that but avoid the bilinear Diffie-Helman assumptions needed
by pairing based cryptography?  I could imagine doing that with a server
that stores signed keys for each time interval, not sure if the server
can be avoided though.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150910/9f0c72f5/attachment.sig>

More information about the Messaging mailing list