[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: comments on draft 03 of SKIP
Chris wrote:
> We started implementing draft 04 and ran into the following problem:
> There is large number computation involved in generating Kijn for 1.3.1 and
> there are (mainly) two ways to do it:
> - Calc Kijn as you need it (which means 1. the key is not ready when you need
> it, no packet transmission is possible until the computation is finished
> and 2. (_even worse_) you can't rely on having Kij(n-1) to get Kijn which
> may force you to exponentiate.
> - Keep all entries up-to-date, i.e. calc Kij(n+1) _every hour for every
> entry you have_. Certainly better but still pretty stupid IMHO.
The ANSI X9.F.1 committe is looking at a variant of Diffie-Hellman that may
help. The shared secret is computed in the normal way. I guess SKIP calls
that Kij.
The ANSI X9.F.1 variant hashes the shared secret with randoms that are
provided by each party and a counter. Each value of the counter yields a
different traffic key. To support e-mail, a constant is used instead of a
random for the recipient.
For SKIP, constants could be used for both parties or they could be
omitted. The idea of hashing Kij concatenated with a counter should be
more efficient than the multiply associated with the current Kijn. Also,
with the hash-based scheme you do not need Kij(n-1) to efficiently compute
Kijn.
To summarize the alternative:
Kijn = hash (Kij || n)
Food for thought,
Russ