ECDH共享密钥与循环不匹配,使用Crypto ++
[英]ECDH shared secret doesn't match in loop, with Crypto++
问题描述
CryptoPP::OID CURVE = CryptoPP::ASN1::secp256r1();
CryptoPP::AutoSeededRandomPool prng;
std::vector<kpStruct> KPVecRSU;
(loop begin)
kpStruct keyP;
CryptoPP::ECDH < CryptoPP::ECP >::Domain dhA( CURVE );
CryptoPP::SecByteBlock privA(dhA.PrivateKeyLength()), pubA(dhA.PublicKeyLength());
dhA.GenerateKeyPair(prng, privA, pubA);
CryptoPP::SecByteBlock sharedA(dhA.AgreedValueLength());
keyP.sharedECDH = sharedA;
KPVecRSU.push_back(keyP);
(loop end)
I want to create shared secret between 3 units, but this code give me different ones ! 
我想在3个单元之间创建共享密钥,但是这个代码给了我不同的代码! any idea please ? 有什么想法吗?
1 个解决方案
解决方案1
0 已采纳 2016-08-18 02:24:12
ECDH shared secret doesn't match in loop, with Crypto++
Each run of the protocol produces a different shared secret because both the client and server are contributing random values during the key agreement. 每次运行协议都会产生不同的共享密钥,因为客户端和服务器都在密钥协议期间提供随机值。 The inherit randomness provides forward secrecy, meaning bad guys cannot recover plain text at a later point in time because the random values were temporary or ephemeral (forgotten after the protocol execution). 继承随机性提供了前向保密,这意味着坏人无法在稍后的时间点恢复纯文本,因为随机值是临时的或短暂的(在协议执行后被遗忘)。
In the Crypto++ implementation, the library does not even make a distinction between client and server because there's so much symmetry in the protocol. 在Crypto ++实现中,库甚至不区分客户端和服务器,因为协议中存在如此多的对称性。 Protocols with too much symmetry can suffer the Chess Grand-Master attack, where one protocol execution is used to solve another protocol execution (think of it like a man-in-the-middle, where the bad guy is a proxy for both grand-masters). 具有太多对称性的协议可能会受到Chess Grand-Master攻击,其中一个协议执行用于解决另一个协议执行(将其视为中间人,其中坏人是两者的代理)大师)。 Often, you tweak a parameter on one side or the other to break the symmetry (client uses 14-byte random, server uses 18-byte random). 通常,您在一侧或另一侧调整参数以打破对称性(客户端使用14字节随机,服务器使用18字节随机)。
Other key agreement schemes we are adding do need to make the distinction between client and server, like Hashed MQV (HMQV) and Fully Hashed MQV (FHMQV) . 我们添加的其他关键协议方案确实需要区分客户端和服务器,如Hashed MQV(HMQV)和Fully Hashed MQV(FHMQV) 。 Client and Server are called Initiator and Responder in HMQV and FHMQV. 客户端和服务器在HMQV和FHMQV中称为启动器和响应 器 。
I want to create shared secret between 3 units, but this code give me different ones.
This is a different problem. 这是一个不同的问题。 This is known as Group Diffie-Hellman or Multi-party Diffie-Hellman. 这被称为Group Diffie-Hellman或Multi-party Diffie-Hellman。 It has applications in, for example, chat and broadcast of protected content, where users are part of a group or join a group. 它具有应用程序,例如,受保护内容的聊天和广播,其中用户是组的一部分或加入组。 The trickier part of the problem is how to revoke access to a group when a user leaves the group or is no longer authorized. 问题的棘手部分是当用户离开组或不再授权时如何撤销对组的访问。
Crypto++ does not provide any group DH schemes, as far as I know. 据我所知,Crypto ++不提供任何组DH方案。 You may be able to modify existing sources to do it. 您可以修改现有源来执行此操作。
For Group Diffie-Hellman, you need to search Google Scholar for the papers . 对于Group Diffie-Hellman,您需要在Google Scholar上搜索论文 。 Pay particular attention to the security attributes of the scheme, like how to join and leave a group (grant and revoke access). 特别注意方案的安全属性,例如如何加入和离开组(授予和撤销访问权限)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.