Author: Alan Reiner 2014-03-08 23:13:10
Published on: 2014-03-08T23:13:10+00:00
In an email thread discussing the security of public key exchange, Joel Kaartinen suggests that if both parties insist on seeing a hash of the other party's public key before they'll show their own public key, they can be sure that the public key is not chosen based on the public key they themselves presented. Edmund Edgar responds by suggesting that to salvage the situation in the original case, both parties should exchange their public keys first before they're allowed to see the public keys they'll be combining them with. Alan Reiner adds that a good cryptosystem doesn't have strange restrictions, like "your public key can only be public sometimes, but needs to protected like your private key other times." He also notes that one reason why EC point addition is insecure is because it is invertible whereas EC-scalar multiplication is not, which is why EC Diffie-Hellman is secure even when this asymmetry exists. Finally, Alan Reiner suggests creating a new keypair with which he knows and giving minus to the other party, which they won't be able to detect until after the private key has been abused.
Updated on: 2023-06-08T03:54:58.521649+00:00