[PATCH] curve25519-sha256 at libssh.org key exchange proposal

mancha mancha1 at hush.com
Tue Nov 5 07:40:42 EST 2013


Aris Adamantiadis <aris <at> 0xbadc0de.be> writes:
> I've worked this week on an alternative key exchange mechanism, in
> reaction to the whole NSA leaks and claims over cryptographic backdoors
> and/or cracking advances...
> I believe Curve25519 from DJB can give users a secure alternative to
> classical Diffie-Hellman (with fixed groups or group exchanges) and
> NIST-approved elliptic curves.

Damien Miller <djm <at> mindrot.org> writes:
> I'm interested in supporting ed25519 as a key algorithm, EC-DH in
> curve25519 and ChaCha/Salsa20+poly1305 as an AEAD cipher+MAC. Just need
> to figure out when and how :)

Hello.

I applaud the interest in augmenting the set of key exchange algos from
dhg1,dhg14,dhgex,p256,p384,p521) to include a DJB-sanctioned curve. 

I do have a few questions...

1. Why is Curve25519 receiving more attention than other Bernstein
recommendations such as: Curve2213, Curve1174, Curve383187, and Curve3617?
Is it as simple as there being a 25519 implementation readily available in NaCl?

2. Those 5 curves have received Bernstein's seal of approval based on a set
of criteria he refers to as twists, completeness, etc. What other academic
review of ECC should be taken into account?

3. Has similar consideration been given to encryption ciphers? For starters,
has inclusion of any "optional" ciphers per RFC 4253/4344 (blowfish-ctr,
twofish{128,192,256}-{cbc,ctr}, serpent{128,192,256}-{cbc,ctr}, cast128-ctr)
been contemplated?

Thanks!

--mancha





More information about the openssh-unix-dev mailing list