Dominik, You can certainly do it safely in this instance, because we have a security analysis that says it's OK, but in general it's a bad idea to use the same key-pair for more than one purpose, and, as the RSA-based example in the paper shows, it can sometimes get you into serious trouble. Indeed, there's even a cryptographic principle - key separation - which says "use different keys for different functions".
Regards Kenny On 20/09/2013 19:35, "Dominik Schürmann" <domi...@dominikschuermann.de> wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > > >On 20.09.2013 17:17, Paterson, Kenny wrote: >> It is "technically secure". See: >> >> http://eprint.iacr.org/2011/615 > >Thanks you so much for this paper, it's even mostly understandable >with some basic knowledge of attack models :) > >> Even so, I would not recommend this approach unless you absolutely >> have to use it. > >Could you elaborate more on this? Do you see problems besides Alan >Braggins remark? > > >In my scenario I have a network with nodes sending messages >hop-by-hop, where the ids of these nodes are the public keys itself. >The problem is that these networks are highly unreliable and have high >delays (Delay tolerant networking). Thus, DH key exchange protocols >are out of scope. The idea is to always sign messages with your >private key which could be verified by anyone using the node id itself >(your pub key), and encrypted using the destination's node id (which >is the pub key of the destination). >How you know if you are using the right node id (for verification or >encryption) is not a problem which should be discussed here. > >Because ids should be as short as possible it would be nice to use the >same pub key for verification and encryption. > >After reading related literature, I came to the conclusion to use >ECDSA and ECIES (Both with Koblitz curves, as I am sceptical about the >random curves ;), >Bernstein's curve25519 would be too difficult to integrate, as I >didn't found a library, which is present in current linux distros and >handles both EC sign and encryption schemes. > >Regards >Dominikh >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.14 (GNU/Linux) >Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > >iQEcBAEBAgAGBQJSPJVmAAoJEHGMBwEAASKC6rMH/1Q4edycmw1CIwTVBsz0RG0E >wlstAuBkHm4Msd7nnVzK601imXfkqRaXI8uuzhm4XlCFhykh6DrPQ7W9idWqJSyG >ioefr7od5up0aGZna5PZQCinm0X7b1e8HbcMLXFhgYcXVvQWMbcLfdikUpHgotbW >XgiH4JwR9xC178bPzacduBZI0Gy7IZPNUO0geTCYEvvcS144V+w5WlGidzsP6F1p >sDYEjI6oxfYxQ8ThzKnzxYQSNfzpPGaLIUdSb6WkLSJOGGtoPGCigxlAXUC3L6fE >n3V6n2mALHDgjmnReMg/4cNK+8TFjJcohCL2k0ZO+8WiHNAl5PT//D+6Q8FSbPc= >=Z59x >-----END PGP SIGNATURE----- >_______________________________________________ >cryptography mailing list >cryptography@randombit.net >http://lists.randombit.net/mailman/listinfo/cryptography > _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
