Re: comments on draft 03 of SKIP

["Housley, Russ" <housley@spyrus.com>]

Chris wrote:
> We started implementing draft 04 and ran into the following problem:
> There is large number computation involved in generating Kijn for 1.3.1 and 
> there are (mainly) two ways to do it:
> - Calc Kijn as you need it (which means 1. the key is not ready when you need
>   it, no packet transmission is possible until the computation is finished
>   and 2. (_even worse_) you can't rely on having Kij(n-1) to get Kijn which
>   may force you to exponentiate.
> - Keep all entries up-to-date, i.e. calc Kij(n+1) _every hour for every
>   entry you have_. Certainly better but still pretty stupid IMHO.

The ANSI X9.F.1 committe is looking at a variant of Diffie-Hellman that may 
help.  The shared secret is computed in the normal way.  I guess SKIP calls 
that Kij.

The ANSI X9.F.1 variant hashes the shared secret with randoms that are 
provided by each party and a counter.  Each value of the counter yields a 
different traffic key.  To support e-mail, a constant is used instead of a 
random for the recipient.

For SKIP, constants could be used for both parties or they could be 
omitted.  The idea of hashing Kij concatenated with a counter should be 
more efficient than the multiply associated with the current Kijn.  Also, 
with the hash-based scheme you do not need Kij(n-1) to efficiently compute 
Kijn.

To summarize the alternative:

        Kijn = hash (Kij || n)

Food for thought,
  Russ

---

• Prev by Date: Re: SKIP: Interoperability proposal
• Next by Date: Re: SKIP: Interoperability proposal
• Prev by thread: Re: comments on draft 03 of SKIP
• Next by thread: Re: comments on draft 03 of SKIP
• Index(es):
  • Main
  • Thread