HCR for key negotiation

Watson Ladd watsonbladd at gmail.com
Tue May 2 23:07:56 UTC 2006

First some background:
The NSA's Suit B uses a key negotiation mutual authentication method MQV.
This method was found to be insecure, and so HMQV was created. HMQV uses a
signature protocol called HCR twice in one exchange to generate a key. HCR
can prove identy of one endpoint and negotiate a key in a two message
exchange with great efficiency for both sides.
In Tor the current key generation method is quite expensive. Would it be
possible to change to HCR to improve efficency?

"Those who would give up Essential Liberty to purchase a little Temporary
Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060502/941daf70/attachment.htm>

More information about the tor-talk mailing list