headers
bert hubert | 28 Sep 15:47
Picon

curve25519 application for simple 'in place' protection of socket traffic

Hi everybody,

I hope this is the right place to discuss CURVE25519!

For a small project, I needed a way to do almost 'drop in' encryption
over nonblocking sockets. This ruled out a lot of existing libraries.
Plus doing crypto is fun! Especially for an amateur like me.

So, I decided to try out CURVE25519 + AES128-CTR.

My goals:
       Perfect forward secrecy
       Complete shrouding of all traffic (including negotiation)
except against main in the middle
       Authentication of server identity
       1-bit-in-1-bit-out
       High performance
       Small code base

Non-goals for now:
       Preventing timing attacks
       Message authentication
       Rekeying

I've implemented the following, using CURVE25519 and (for now) AES-128:
- you create & connect the socket, or create & bind it

- clients & servers have static CURVE25519 keys which change rarely

- both ends call establishSecret(sock): writes a random public key to
(Continue reading)

Permalink | Reply | 0 comments |
headers
Paul Crowley | 13 Mar 12:10
Favicon

Patent on Bleichenbacher signature compression?

http://www.freshpatents.com/Method-and-apparatus-for-compressing-rabin-signatures-dt20050728ptan20050163314.php

seems to indicate that there's a patent application outstanding on 
Bleichenbacher's signature compression scheme.  I'm not sure this 
application can be valid; it appears that at least some related 
technique was published here:

http://www.springerlink.com/content/u8bmq3au94w6f96n/

in February 2004, while the date of application on the patent appears to 
be July 2005.  However, I could be misreading the situation.

Any thoughts?
--

-- 
   __
\/ o\ Paul Crowley, paul <at> ciphergoth.org
/\__/ http://www.ciphergoth.org/
Permalink | Reply | 1 comment |
headers
akcom | 18 Nov 20:33
Picon

curve25519

I would love to fool around with curve25519, but unfortunately I'm on a windows
box and cannot use the (.a) library.  Is there any place to obtain the source
code or at least a windows-compatible version?
Permalink | Reply | 1 comment |
headers
Zed A. Shaw | 5 Nov 19:35

Question about Curve25519

Hey,

Didn't see a list for Curve25519 so I tried this one.  I'm basically
curious whether it's possible to leverage Curve25519 to provide simple
signing such that anyone can verify the signature.  I came up with the
following probably incredibly retarded code to generate a signature
key, but I just know it has to be wrong:

    unsigned char a_prv[32];
    unsigned char a_pub[32] = {0};
    unsigned char basepoint[32] = {9};
    unsigned char null_pubkey[32] = {0};
    unsigned char a_sigkey[32] = {0};
    unsigned char b_sigkey[32] = {0};

    a_prv[0] &= 248; a_prv[31] &= 127; a_prv[31] |= 64;

    // generate A's public key
    curve25519(a_pub, a_prv, basepoint);
    // generate a generic "null" pubkey from basepoint
    curve25519(null_pubkey, basepoint, basepoint);

    curve25519(a_sigkey, a_prv, null_pubkey);
    // A would use a_sigkey to encrypt a hash from this

    curve25519(b_sigkey, basepoint, a_pub);
    // B, knowing basepoint and A's pubkey can now verify the hash

The idea being that using basepoint for both public and private keys
generates a key everyone can create and use to verify.  But, I'm pretty
(Continue reading)

Permalink | Reply | 1 comment |
headers
Matthew Dempsky | 29 Aug 23:15

http://cr.yp.to/sigs/h0.html?

Following the description on http://cr.yp.to/sigs/h0.html, I wrote a
routine to expand a SHA-1 hash into a 1536-bit hash (the complete source
code is attached):

static void
expand_h (uint32_t h[48])
{
  int i;
  for (i = 5; i < 48; ++i)
    h[i] = h[i-5] + ((h[i-2] + s[i]) ^ ROT (h[i-1], 5));
}

When I use this routine to expand the 5 test cases following the
description, none of them fully coincide.  The first and third columns
match one value, the second and fourth columns match two values, and the
fifth column matches a whopping six values.

Are the test cases bogus, or did I misunderstand the hash expand
function?

--

-- 
Matthew Dempsky <mrd <at> alkemio.org>
Attachment (h0.c): text/x-csrc, 1599 bytes
Permalink | Reply | 0 comments |
headers
Russell Nelson | 19 Oct 06:57
Favicon

new implementation?

Is there going to be a new implementation of sigs soon?  I'm needing a
reliable public key system.  There are some problems with sigs-0.50,
e.g. the signing code isn't in any library, nor in any file designed to
be used like a library.

--

-- 
--My blog is at angry-economist.russnelson.com  | Can I recommend python?
Crynwr sells support for free software  | PGPok | Just a thought.
521 Pleasant Valley Rd. | +1 315 268 1925 voice | -Dr. Jamey Hicks
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   |
Permalink | Reply | 2 comments |
headers
D. J. Bernstein | 26 Sep 17:09
Picon

revamped sigs web pages

There have been several recent advances in Rabin-Williams signatures.
For example, 1536-bit security can now be achieved with 58-byte keys and
97-byte compressed signatures.

http://cr.yp.to/sigs.html now has several pages specifying a signature
system that combines all the latest techniques. It also has a new paper
proving that generic attacks on this system are as hard as factoring pq.

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago
Permalink | Reply | 2 comments |

Gmane