Skip to main content
Cryptography

Questions tagged [diffie-hellman]

Ask Question

The Diffie–Hellman key agreement is an anonymous, non-authenticated key-agreement protocol.

157 questions with no upvoted or accepted answers
Newest Active Bountied Unanswered
16 votes
0 answers
1k views

Diffie-Hellman Key-Exchange (DHKE) should be used carefully during the end-to-end encryption. A man-in-the-middle (MITM) attack is possible. Standard DHKE The simple protocol on the multiplicative ...
kelalaka's user avatar
  • 50.2k
7 votes
0 answers
347 views

There have been comparisons between RSA and ECDH with regards to the number of qubits required to break the algorithm with a specific key size. But how many qubits are required to break "...
Maarten Bodewes's user avatar
  • 97.3k
6 votes
0 answers
196 views

I'm following these three articles: Kleptography: Using Cryptography Against Cryptography, Kleptographic Attack on Elliptic Curve Based Cryptographic Protocols and Elliptic Curve Kleptography . In ...
Davide Motta's user avatar
  • 19
6 votes
0 answers
363 views

I was looking at the LibSodium documentation where it says [...] and to mitigate subtle attacks due to the fact many $(p, n)$ [public key - secret scalar] pairs produce the same result, using the ...
Bob Semple's user avatar
  • 143
6 votes
0 answers
482 views

Diffie-Hellman groups are vulnerable to sieving precomputation attacks. These attacks allow a one-time computation against a given DH modulus that makes it practical to attack all subsequent key ...
forest's user avatar
  • 16.2k
5 votes
0 answers
151 views

For one of my projects, I need a pairing group which holds the External co-Diffie-Hellman assumption. I am trying to implement it using Charm crypto python modules which provides support for MNT ...
alwaysn00b's user avatar
  • 123
5 votes
0 answers
1k views

OpenSSH 8 supports a post quantum KEX, namely [email protected] It says in its description that it is basically NTRU + ECC X25519. However, I have tried but cannot understand how ...
xkcd's user avatar
  • 260
4 votes
0 answers
89 views

I m looking for a way to perform pairings without final exponentiation or where the last step is easy to inverse (in order to perform pairing inversion through Miller inversion using https://eprint....
user2284570's user avatar
  • 376
4 votes
0 answers
241 views

Are there examples (in code, or a blog post / writeup) of using Noise and Signal together? Here is a link to Noise. For example, using the Double Ratchet per each message to achieve forward secrecy, ...
user3325588's user avatar
  • 111
4 votes
0 answers
309 views

I am studying the Elliptic Curve Diffie-Hellman (ECDH) on Bluetooth 4.2. There are some questions about the PK.. Where do these public and private keys come from? Who defines them? and Will it be ...
Claire Liu's user avatar
  • 41
4 votes
0 answers
386 views

Let's say Alice has the private EC keys $a$ and $b$, with a base point of prime order $G$. Alice computes the corresponding public keys $A = aG$ and $B = bG$, and sends them to Bob. Bob now wants to ...
esneider's user avatar
  • 141
4 votes
0 answers
322 views

In the Socialist Millionaire Protocol, the roles of Alice and Bob are almost symmetric. By this I mean they do almost the same thing, until the very last step. In the final step, both parties check a ...
cowlicks's user avatar
  • 151
3 votes
0 answers
186 views

I am trying to implement a basic Diffie-Hellman key exchange using ECC and HECC of genus 2 and 3 and compare them. However, I am a bit confused about the concept of key size in HECC. In ECC, from my ...
PanosDgs's user avatar
  • 61
3 votes
0 answers
119 views

Below is a description of a "cube" Diffie-Hellman, based on commuting matrix actions on tensor products. Some questions: References for something similar? Obvious flaws, is this a terrible ...
yoyo's user avatar
  • 607
3 votes
0 answers
205 views

Suppose an adversary wins IND-CPA against ElGamal, They're given public key $h=g^x$, Give a pair of messages $m = [m0,m1]$, Get back ciphertext $(a,b) = (g^r, g^{xr} \cdot g^{m[b]})$, from which ...
bs-'s user avatar
  • 83

15 30 50 per page
1
2 3 4 5
11