this is for holding javascript data
Scott Fluhrer edited untitled.tex
over 8 years ago
Commit id: 56192481abbfafe546705d718da216fc4e60c86c
deletions | additions
diff --git a/untitled.tex b/untitled.tex
index 9b5d566..d7a3ee3 100644
--- a/untitled.tex
+++ b/untitled.tex
...
\section{Introduction}
Key agreement protocols are one of the oldest public key protocols known, dating back to the Diffie-Hellman protocol\cite{Diffie_1976}. In a key agreement protocol, each side selects private values, and exchange public values (key shares); in most such protocols, each side sends a single message. Then, both side do computations based on their private values and the other side's public key shares, and derive the same secret value. The security goal is that someone just listening into the exchanged public key shares would find it infeasible to derive that secret value.
Now, Diffie-Hellman would be vulnerable to a Quantum Computer; one research topic is to find alternatives that would be secure in that environment. Several such
proposed alternatives are based on the ring-LWE
problem; just problem. From a protocol standpoint, these proposals work largely like Diffie-Hellman, each side selects private values, one side sends its public value, the other side replies, and then they both compute a shared secret.
With Diffie-Hellman, it is perfectly safe to reuse the same public key share for multiple exchanges. For example, Alice might select a private value, and publish the corresponding key share. Then, when Bob, Carol, Dave and Eve want to communicate with Alice, they can take Alice's key share, select their own private values, and then send to Alice their key shares, thus creating a secure connection. In this case, as long as Alice takes some well-known precautions, the connections are independent; Eve gets no advantage on deriving the secret used in the Alice to Bob connection.