Better Authentication/Key Negotiations
Watson Ladd
watsonbladd at gmail.com
Tue Aug 29 14:31:30 UTC 2006
One of the things I noticed about the TOR protocol is the amount of CPU
a key negotiation takes. It takes 3 exponentiations by the server to
decrypt the DH handshake, create the other part of the handshake, and
preform the DH exponentiation. As this needs to be preformed three times
to make a circuit, and each circuit only conducts a small amount of
information when web browsing, and the servers have load issues, it
looks like this is something we should simplify.
My idea is to sign the DH handshake half that the server sends to the
client with something like a Schnorr signature, which is cheap to make.
The client will still have to preform 3 exponentiations, but the server
only 2. We could also use XTR to make the calculations cheaper without
adopting Schnorr signatures, which are patented.
More information about the tor-talk
mailing list