consistent pcp/pbp formats (was: Curve p25519 Replacements for GnuPG?(x2 now) ..)

stef s at ctrlc.hu
Wed Jan 15 09:30:00 PST 2014 

howdy,

On Tue, Jan 14, 2014 at 12:16:53PM +0100, Thomas von Dein wrote:
> > - coordinate representation x, x&y, x and sign ...
> > or bits to show which of these ... perhaps borrow ANSI method
> 
> Could you please explain this further?

i believe this is not really necessary for this type of curve. especially if
we manage to switch to elligator curves soonish.

> > - hint / indication of cipher suite / curve 
> 
> In pcp there's already such a hint included in exported keys, however
> I'm not using it, since there's no choice of different curves in
> libsodium so far. But it's on the list.

unfortunately pbp has such a distinguisher, it decides between asym/sym
encryption. i should somehow get rid of that.

> > - text encoding of binary format (ascii)
> 
> As already stated in the other subthread, I use Z85, while stef is using
> base85. Since Z85 is a subset of base85, I'm pretty sure we can agree on
> something.

absolutely. i like small keys, that's why we do ecc, not RSA. as it allows to
use crypto e.g. also in tweets, signed tweets leave you with  ~55 chars for
messages, or as we recently found out also in the comment field of bank
wiretransfers. i wasn't really joking doing a numberstation style output
format. the https://en.wikipedia.org/wiki/PGP_word_list might be quite good
for easy human voice transmission, like in key parties. takes a bit of time
reciting 32 words, but might be easier than reciting a pgp keyid.

> I'm not sure, how stef solved the ed25519 issue (you can't use a
> curve25519 secret key to create an ed25519 signature directly). After
> some discussion on the libsodium mailinglist we came up with this:
> 
> When the user generates a new key, the ed25519 secret key will be
> generated first. The curve25519 secret will be derived from that, since
> the ed25519 already contains a usable curve25519 key. In pcp I store
> both of them for easier access, so the ed25519 and curve25519 secret and
> public keys are stored, the secret keys are encrypted and I store the
> nonce as well (see include/pcp/key.h).

pbp uses separate and unrelated keys for confidentiality and others for signing.

> Speaking of key encryption: @stef: according to your docs you're already
> using scrypt() for key derivation. I'd like to use that as well, but
> it's not part of libsodium (afaik), so I use my own method for this til
> scrypt() is implemented in libsodium. That's because I want to avoid
> writing crypto code myself.

http://ftp.de.debian.org/debian/pool/main/s/scrypt/scrypt_1.1.6.orig.tar.gz

seems like a good start for reusing code.

-- 
pgp: https://www.ctrlc.hu/~stef/stef.gpg
pgp fp: FD52 DABD 5224 7F9C 63C6  3C12 FC97 D29F CA05 57EF
otr fp: https://www.ctrlc.hu/~stef/otr.txt

More information about the cypherpunks mailing list