Questions tagged [diffie-hellman]
The Diffie–Hellman key agreement is an anonymous, non-authenticated key-agreement protocol.
1,121 questions
-2
votes
0
answers
50
views
In TLSv1.2 handshake message which are IV and Tag when encrypting finished message? I'm using TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
I'm implementing a limited subset of TLS v1.2 on server side exactly for ECDHE_ECDSA_WITH_AES_256_GCM_SHA384. (Erlang). I've lost in OpenSSL and OTP library sources. Where server and client are ...
- 97
3
votes
1
answer
288
views
Apple use of One-Pass-Diffie-Hellman
I am trying to understand how Apple Data Protection model works.
I have come across this:
NSFileProtectionCompleteUnlessOpen: Some files may need to be written while the
device is locked or the user ...
- 29
8
votes
2
answers
3k
views
What does this "lightbulb-ish" symbol mean in figure 1 of the Diffie Hellmann paper?
In Diffie and Hellmanns famous paper New Directions in Cryptography from 1976, figure 1 on p. 645 (resp. second page in the linked pdf) visualizes the flow of information in symmetric cryptosystems.
...
- 191
3
votes
1
answer
130
views
Why is X3DH deniable but 3DH is not?
I'm having trouble understanding the difference between 3DH and X3DH when it comes to deniability. According to Signal's X3DH spec, deniability is relatively straight-forward. And indeed, there are ...
- 111
1
vote
0
answers
61
views
Is it possible to use Miller’s inversion algorithms to transfer the ffdlp to the ecdlp if a supersingular curve exist for the given finite field? [closed]
Simple question : everything is in the title : Pairings allows transferring the ecdlp to finite field dlp and I want to do the reverse : the aim isn’t to find a secret point but to transfer the finite ...
- 294
0
votes
1
answer
88
views
Can this algorithm about pairing inversion work in case of pairings that don’t use final exponentiation?
According to this paper page 248 and unlike it’s title subject, it’s possible to invert a pairing on ʙɴ curves if exponentiation inversion is easy… But what about cases where final exponentiation isn’...
- 294
1
vote
1
answer
107
views
In Diffie-Hellman key exchange, is $a=p−2$ a bad choice?
Sorry for my English.
I assume that in Diffie-Hellman key exchange, $a=p−2$ is a bad choice.
Example:
$p=11, g = 7$
Alice chooses a private key $a = 9$ and computes a public key $A = 7^9 \pmod {11} = ...
0
votes
0
answers
20
views
k- out of N oblivious transfer based on "blindable" one-more assumptions?
I was thinking about one paper I was writing and suddenly it occurred to me that I can build k-out of n oblivious transfer using any of the blindable one-more type problems (One more RSA-inversion, ...
- 661
1
vote
0
answers
58
views
How is SAE authenticated?
I can't find a good description of how WPA3 Simultaneous Authentication of Equals. I vaguely understand that Diffie–Hellman is used in authentication and that ECDH, or something like it, is used to ...
- 4,328
4
votes
1
answer
262
views
Confused about converting Ed25519 public key to X25519 public key
I'm writing an application where the users communicating know each others' ED25519 public keys, but are using ECDH to do the encryption handshake, and therefore are receiving an X25519 public key as ...
- 81
0
votes
1
answer
103
views
DDH does not hold when $n$ has small prime in factorization
I had to prove that DDH does not hold when $n$ is has small prime in factorization.
With my proof, the idea was to use the fact that $\mathbb{Z}^*_n \cong \mathbb{Z}_p \times \mathbb{Z}_q$ with $n = p ...
0
votes
0
answers
29
views
On showing an Inequality on a Generalized Decisional Diffie-Hellman Problem
This paper talks about a generalization of the Decisional Diffie-Hellman problem over different polynomial exponents of the base generator to be given and be distinguished from each other. Throughout ...
0
votes
2
answers
113
views
Is there any sense to execute the Diffie-Hellman key exchange protocol many times (with a short delay) between the same parties $A$ and $B$?
Is there any sense to execute the Diffie-Hellman key exchange protocol many times (with a short delay) between the same parties $A$ and $B$? What if I know how to generate simultaneously many ...
- 495
2
votes
0
answers
47
views
Exploring Schemes for Additive Homomorphism and Nested Encryption
Is there an algorithm that satisfies both additive homomorphism and allows for double encryption?
That is:
$$m = Dec_{sk_2}(Dec_{sk_1}(Enc_{pk_2}(Enc_{pk_1}(m))))$$
$$Enc_{pk}(m_1) + Enc_{pk}(m_2) = ...
- 169
3
votes
2
answers
166
views
Reduction to the DDH problem
I am struggling with a specific reduction as a part of a question I am solving and I was wondering if I can get some advice.
Assume we have Adversary A that can distinguish with high probability ...
- 111