4431:
786:
791:
The only information about her key that Alice initially exposes is her public key. So, no party except Alice can determine Alice's private key (Alice of course knows it by having selected it), unless that party can solve the elliptic curve
661:
830:
If Alice maliciously chooses invalid curve points for her key and Bob does not validate that Alice's points are part of the selected group, she can collect enough residues of Bob's key to derive his private key. Several
595:
523:
2782:
448:
402:
1772:
1366:
1100:
3131:
3068:
3005:
819:
nor key-compromise impersonation resilience, among other advanced security properties. Holders of static private keys should validate the other public key, and should apply a secure
2942:
2879:
2688:
1433:
1167:
2154:
811:
are temporary and not necessarily authenticated, so if authentication is desired, authenticity assurances must be obtained by other means. Authentication is necessary to avoid
203:
2296:
1508:
1308:
1003:
132:
955:
2543:
2626:
2498:
2456:
313:
2582:
2414:
2355:
1855:
1692:
1607:
1253:
1042:
3387:. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds) Public Key Cryptography - PKC 2006. Lecture Notes in Computer Science, vol 3958. Springer, Berlin, Heidelberg.
3331:. In Joppe W. Bos and Arjen K. Lenstra, editors, Topics in Computational Number Theory inspired by Peter L. Montgomery, pages 82–115. Cambridge University Press, 2017.
1968:
1528:
1453:
1187:
908:
2221:
2090:
2015:
1942:
1214:
868:
653:
622:
2808:
2714:
2059:
1816:
1630:
796:
problem. Bob's private key is similarly secure. No party other than Alice or Bob can compute the shared secret, unless that party can solve the elliptic curve
2375:
2316:
2241:
2194:
2174:
1895:
1875:
1650:
1568:
1548:
356:
336:
281:
223:
4411:
4241:
261:
3856:
3402:. In Advances in Cryptology - CRYPTO’85, Santa Barbara, California, USA, August 18-22, 1985, Proceedings, pages 417–426. Springer Berlin Heidelberg, 1985.
781:{\displaystyle d_{\text{A}}\cdot Q_{\text{B}}=d_{\text{A}}\cdot d_{\text{B}}\cdot G=d_{\text{B}}\cdot d_{\text{A}}\cdot G=d_{\text{B}}\cdot Q_{\text{A}}}
3566:
205:
in the binary case) must be agreed upon. Also, each party must have a key pair suitable for elliptic curve cryptography, consisting of a private key
823:
to the raw Diffie–Hellman shared secret to avoid leaking information about the static private key. For schemes with other security properties, see
3984:
4079:
815:. If one of either Alice's or Bob's public keys is static, then man-in-the-middle attacks are thwarted. Static public keys provide neither
3979:
910:. For this reason, the secret should not be used directly as a symmetric key, but it can be used as entropy for a key derivation function.
3267:
3414:
3310:
2223:. Following Miller, Montgomery and Bernstein, the Diffie-Hellman key agreement can be carried out on a Montgomery curve as follows. Let
3708:
3887:
3881:
528:
456:
3511:
1655:
For computational efficiency, it is preferable to work with projective coordinates. The projective form of the
Montgomery curve
1530:
as the identity element. It is known that the order of this group is a multiple of 4. In fact, it is usually possible to obtain
4005:
3559:
3285:
4464:
75:
3239:
Special
Publication 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
316:
3238:
3623:
4072:
3648:
3613:
4459:
3603:
3552:
2723:
3767:
3681:
3628:
3214:
407:
361:
51:
1697:
1313:
1047:
4290:
4221:
3792:
3073:
3010:
2947:
3448:"Security and Efficiency Trade-offs for Elliptic Curve Diffie-Hellman at the 128- and 224-bit Security Levels"
3676:
2884:
2821:
4065:
3933:
3866:
2642:
1371:
1105:
4406:
4361:
4164:
4030:
3923:
3772:
3686:
3608:
3209:
2095:
55:
137:
4285:
3782:
3671:
3653:
2629:
797:
2246:
1458:
1258:
960:
4401:
4035:
4015:
3918:
2944:. At 256-bit security level, three Montgomery curves named M, M and M have been proposed in. For M,
4391:
4381:
4236:
3974:
3745:
832:
812:
803:
The public keys are either static (and trusted, say via a certificate) or ephemeral (also known as
81:
921:
4386:
4376:
4169:
4129:
4122:
4107:
4102:
3928:
3575:
2503:
820:
628:
coordinate of the point). Most standardized protocols based on ECDH derive a symmetric key from
47:
43:
2587:
2461:
2419:
286:
4174:
4117:
4010:
3861:
3800:
3735:
3447:
3264:
3184:
2548:
2380:
2321:
1821:
1658:
1573:
1219:
1008:
74:, but the only channel available for them may be eavesdropped by a third party. Initially, the
3346:
46:. The key, or the derived key, can then be used to encrypt subsequent communications using a
4434:
4280:
4226:
3876:
3633:
3590:
3399:
3174:
1947:
1513:
1438:
1172:
873:
3183:
uses ECDH to obtain post-compromise security. Implementations of this protocol are found in
3163:, an elliptic curve potentially offering 224 bits of security, developed by Mike Hamburg of
4396:
4320:
3787:
3598:
2199:
2068:
1973:
1900:
1652:. For more extensive discussions of Montgomery curves and their arithmetic one may follow.
1192:
841:
631:
600:
3133:
respectively. Apart from these two, other proposals of
Montgomery curves can be found at.
8:
4149:
3893:
3146:
2787:
2693:
2062:
2020:
1777:
1612:
450:. Each party must know the other party's public key prior to execution of the protocol.
4265:
4249:
4191:
3740:
3663:
3643:
3638:
3618:
3192:
2360:
2301:
2226:
2179:
2159:
1880:
1860:
1635:
1553:
1533:
793:
341:
321:
266:
208:
3519:
228:
4325:
4315:
4181:
4000:
3943:
3871:
3757:
4260:
4112:
3846:
3467:"Efficient Elliptic Curve Diffie-Hellman Computation at the 256-bit Security Level"
3154:
39:
3347:"Montgomery curves and their arithmetic - the case of large characteristic fields"
3271:
3219:
3180:
3170:
816:
4335:
4255:
4211:
4154:
4139:
3361:
31:
3145:
is a popular set of elliptic curve parameters and reference implementation by
4453:
4416:
4371:
4330:
4310:
4201:
4159:
4134:
808:
71:
67:
35:
27:
3489:
3466:
4366:
4206:
4196:
4186:
4144:
4088:
4040:
4020:
66:
The following example illustrates how a shared key is established. Suppose
4345:
3938:
3815:
3252:
Standards for efficient cryptography, SEC 1: Elliptic Curve
Cryptography
4305:
4275:
4270:
4231:
3964:
3696:
3476:
3283:
3150:
3142:
2811:
2636:
3472:
3384:
4295:
3718:
913:
4340:
4300:
4025:
3959:
3830:
3825:
3820:
3723:
3701:
3490:"Safecurves: choosing safe curves for elliptic- curve cryptography"
3432:
3328:
3188:
3160:
2815:
2717:
3453:
3311:"Speeding the Pollard and elliptic curve methods of factorization"
3251:
3851:
3810:
3362:"Can we avoid tests for zero in fast elliptic-curve arithmetic?"
3293:
European
Symposium on Research in Computer Security (ESORICS'15)
2458:. Using classical computers, the best known method of obtaining
4216:
3969:
3164:
658:
The shared secret calculated by both parties is equal, because
1189:. This is called the affine form of the curve. The set of all
3805:
3762:
3730:
3713:
3196:
590:{\displaystyle (x_{k},y_{k})=d_{\text{B}}\cdot Q_{\text{A}}}
518:{\displaystyle (x_{k},y_{k})=d_{\text{A}}\cdot Q_{\text{B}}}
2810:. Couple of Montgomery curves named M and M competitive to
3284:
Tibor Jager; Jorg
Schwenk; Juraj Somorovsky (2015-09-04).
838:
The shared secret is uniformly distributed on a subset of
42:. This shared secret may be directly used as a key, or to
3898:
3752:
3177:
of all messages sent through said app since
October 2015.
2716:. The other Montgomery curve which is part of TLS 1.3 is
824:
3503:
4242:
Cryptographically secure pseudorandom number generator
835:
libraries were found to be vulnerable to this attack.
3076:
3013:
2950:
2887:
2824:
2790:
2726:
2696:
2645:
2590:
2551:
2506:
2464:
2422:
2383:
2363:
2324:
2304:
2249:
2229:
2202:
2182:
2162:
2098:
2071:
2023:
1976:
1950:
1903:
1883:
1863:
1824:
1780:
1700:
1661:
1638:
1615:
1576:
1556:
1536:
1516:
1461:
1441:
1374:
1316:
1261:
1222:
1195:
1175:
1108:
1050:
1011:
963:
924:
876:
844:
664:
634:
603:
531:
459:
410:
364:
344:
324:
289:
269:
231:
211:
140:
84:
3536:
3512:"New generation of safe messaging: "Letter Sealing""
3316:. Mathematics of Computation, 48(177):243–264, 1987.
3173:
has used the ECDH protocol for its "Letter
Sealing"
3349:. J. Cryptographic Engineering, 8(3):227–240, 2018.
3157:
and alternative implementations are also available.
2639:which was introduced by Bernstein. For Curve25519,
3125:
3062:
2999:
2936:
2873:
2802:
2776:
2708:
2682:
2620:
2576:
2537:
2492:
2450:
2408:
2369:
2349:
2310:
2290:
2235:
2215:
2188:
2168:
2148:
2084:
2053:
2009:
1962:
1936:
1889:
1869:
1849:
1810:
1766:
1686:
1644:
1624:
1601:
1562:
1542:
1522:
1502:
1447:
1427:
1360:
1302:
1247:
1208:
1181:
1161:
1094:
1036:
997:
949:
902:
862:
780:
647:
616:
589:
517:
442:
396:
350:
330:
307:
275:
255:
217:
197:
126:
3415:"Monte Carlo methods for index computation mod p"
914:Diffie-Hellman Key Agreement on Montgomery Curves
30:protocol that allows two parties, each having an
4451:
3435:. ACR Cryptology ePrint Archive, 2015:625, 2015.
3469:. IET Information Security, 14(6):633640, 2020.
3420:. Mathematics of Computation, 32:918–924, 1978.
2720:which was introduced by Hamburg. For Curve448,
2635:The most famous example of Montgomery curve is
1455:. Under a suitably defined addition operation,
655:using some hash-based key derivation function.
3385:"Curve25519: New Diffie-Hellman Speed Records"
3340:
3338:
3265:Suite B Implementers' Guide to NIST SP 800-56A
4073:
3560:
3329:"Montgomery curves and the Montgomery ladder"
3286:"Practical Invalid Curve Attacks on TLS-ECDH"
2243:be a generator of a prime order subgroup of
225:(a randomly selected integer in the interval
61:
3378:
3376:
3374:
2777:{\displaystyle p=2^{448}-2^{224}-1,A=156326}
2416:. The shared secret key of Alice and Bob is
1169:along with the point at infinity denoted as
807:, where final 'E' stands for "ephemeral").
3574:
3439:
3335:
2818:respectively have been proposed in. For M,
443:{\displaystyle (d_{\text{B}},Q_{\text{B}})}
397:{\displaystyle (d_{\text{A}},Q_{\text{A}})}
4080:
4066:
3567:
3553:
3487:
3326:
1767:{\displaystyle BY^{2}Z=X(X^{2}+AXZ+Z^{2})}
1361:{\displaystyle (x,y)\in F_{p}\times F_{p}}
1095:{\displaystyle (x,y)\in F_{p}\times F_{p}}
263:) and a public key represented by a point
3371:
3344:
3126:{\displaystyle p=2^{521}-1,A=1504058,B=1}
3063:{\displaystyle p=2^{510}-75,A=952902,B=1}
3000:{\displaystyle p=2^{506}-45,A=996558,B=1}
3433:"Ed448-goldilocks, a new elliptic curve"
3400:"Use of elliptic curves in cryptography"
3304:
3302:
34:public–private key pair, to establish a
2937:{\displaystyle p=2^{444}-17,A=4058,B=1}
4452:
3464:
3445:
3320:
3308:
2874:{\displaystyle p=2^{251}-9,A=4698,B=1}
4061:
3548:
3382:
3359:
3299:
2683:{\displaystyle p=2^{255}-19,A=486662}
1005:. The Montgomery form elliptic curve
70:wants to establish a shared key with
3888:Naccache–Stern knapsack cryptosystem
3488:Bernstein, Daniel J.; Lange, Tanja.
3477:https://github.com/kn-cs/mont256-vec
3450:. J Cryptogr Eng 12, 107–121 (2022).
3327:Bernstein, Daniel J.; Lange, Tanja.
1428:{\displaystyle By^{2}=x(x^{2}+Ax+1)}
1162:{\displaystyle By^{2}=x(x^{2}+Ax+1)}
3473:https://github.com/kn-cs/mont256-dh
3430:
3412:
2156:which is defined for all values of
2149:{\displaystyle x_{0}(X:Z)=XZ^{p-2}}
13:
3518:. LINE Corporation. Archived from
3509:
3397:
3345:Costello, Craig; Smith, Benjamin.
1517:
1442:
1176:
198:{\displaystyle (m,f(x),a,b,G,n,h)}
14:
4476:
4430:
4429:
4087:
2291:{\displaystyle E_{M,A,B}(F_{p})}
1503:{\displaystyle E_{M,A,B}(F_{p})}
1303:{\displaystyle E_{M,A,B}(F_{p})}
998:{\displaystyle B(A^{2}-4)\neq 0}
358:times). Let Alice's key pair be
3919:Discrete logarithm cryptography
3481:
3465:Nath, Kaushik; Sarkar, Palash.
3458:
3454:https://github.com/kn-cs/x25519
3446:Nath, Kaushik; Sarkar, Palash.
3424:
3406:
3391:
4291:Information-theoretic security
3353:
3277:
3257:
3244:
3231:
2615:
2594:
2571:
2562:
2532:
2523:
2487:
2475:
2445:
2433:
2403:
2394:
2344:
2335:
2285:
2272:
2121:
2109:
2048:
2030:
2004:
1992:
1986:
1980:
1931:
1919:
1913:
1907:
1805:
1787:
1761:
1723:
1497:
1484:
1422:
1394:
1329:
1317:
1297:
1284:
1156:
1128:
1063:
1051:
986:
967:
889:
877:
857:
845:
558:
532:
486:
460:
437:
411:
391:
365:
250:
232:
192:
159:
153:
141:
121:
85:
1:
3225:
2298:. Alice chooses a secret key
127:{\displaystyle (p,a,b,G,n,h)}
20:Elliptic-curve Diffie–Hellman
3934:Non-commutative cryptography
3254:, Version 2.0, May 21, 2009.
2357:; Bob chooses a secret key
950:{\displaystyle A,B\in F_{p}}
7:
4465:Elliptic curve cryptography
4407:Message authentication code
4362:Cryptographic hash function
4165:Cryptographic hash function
4031:Identity-based cryptography
3924:Elliptic-curve cryptography
3215:Diffie–Hellman key exchange
3210:Elliptic-curve cryptography
3203:
3136:
2538:{\displaystyle Q,x_{0}(sQ)}
56:elliptic-curve cryptography
10:
4481:
4286:Harvest now, decrypt later
3263:NSA Suite B Cryptography,
2621:{\displaystyle O(p^{1/2})}
2493:{\displaystyle x_{0}(stQ)}
2451:{\displaystyle x_{0}(stQ)}
308:{\displaystyle Q=d\cdot G}
62:Key establishment protocol
4425:
4402:Post-quantum cryptography
4354:
4095:
4057:
4036:Post-quantum cryptography
3993:
3985:Post-Quantum Cryptography
3952:
3911:
3839:
3781:
3662:
3589:
3582:
3544:
3540:
2577:{\displaystyle x_{0}(tQ)}
2409:{\displaystyle x_{0}(tQ)}
2350:{\displaystyle x_{0}(sQ)}
1850:{\displaystyle E_{M,A,B}}
1687:{\displaystyle E_{M,A,B}}
1602:{\displaystyle E_{M,A,B}}
1248:{\displaystyle E_{M,A,B}}
1037:{\displaystyle E_{M,A,B}}
813:man-in-the-middle attacks
315:, that is, the result of
50:. It is a variant of the
4392:Quantum key distribution
4382:Authenticated encryption
4237:Random number generation
1102:satisfying the equation
597:. The shared secret is
4460:Key-agreement protocols
4387:Public-key cryptography
4377:Symmetric-key algorithm
4170:Key derivation function
4130:Cryptographic primitive
4123:Authentication protocol
4108:Outline of cryptography
4103:History of cryptography
3929:Hash-based cryptography
3576:Public-key cryptography
1963:{\displaystyle Z\neq 0}
1570:such that the order of
1523:{\displaystyle \infty }
1448:{\displaystyle \infty }
1182:{\displaystyle \infty }
903:{\displaystyle (n+1)/2}
821:key derivation function
4175:Secure Hash Algorithms
4118:Cryptographic protocol
3510:JI (13 October 2015).
3167:Cryptography Research.
3127:
3064:
3001:
2938:
2875:
2804:
2778:
2710:
2684:
2630:Pollards rho algorithm
2622:
2578:
2539:
2494:
2452:
2410:
2371:
2351:
2312:
2292:
2237:
2217:
2190:
2170:
2150:
2086:
2055:
2011:
1964:
1938:
1891:
1871:
1851:
1812:
1768:
1688:
1646:
1626:
1603:
1564:
1544:
1524:
1504:
1449:
1429:
1362:
1304:
1249:
1210:
1183:
1163:
1096:
1038:
999:
951:
904:
864:
798:Diffie–Hellman problem
782:
649:
618:
591:
519:
444:
404:and Bob's key pair be
398:
352:
332:
309:
277:
257:
219:
199:
128:
16:Key agreement protocol
4281:End-to-end encryption
4227:Cryptojacking malware
3591:Integer factorization
3383:Bernstein, Daniel J.
3360:Bernstein, Daniel J.
3309:Montgomery, Peter L.
3175:end-to-end encryption
3128:
3065:
3002:
2939:
2876:
2805:
2779:
2711:
2685:
2623:
2579:
2540:
2495:
2453:
2411:
2372:
2352:
2313:
2293:
2238:
2218:
2216:{\displaystyle F_{p}}
2191:
2171:
2151:
2087:
2085:{\displaystyle x_{0}}
2056:
2012:
2010:{\displaystyle x(P)=}
1965:
1939:
1937:{\displaystyle x(P)=}
1892:
1872:
1852:
1813:
1769:
1689:
1647:
1627:
1604:
1565:
1545:
1525:
1505:
1450:
1430:
1363:
1305:
1250:
1211:
1209:{\displaystyle F_{p}}
1184:
1164:
1097:
1039:
1000:
952:
905:
865:
863:{\displaystyle [0,p)}
783:
650:
648:{\displaystyle x_{k}}
619:
617:{\displaystyle x_{k}}
592:
525:. Bob computes point
520:
453:Alice computes point
445:
399:
353:
333:
310:
278:
258:
220:
200:
134:in the prime case or
129:
4397:Quantum cryptography
4321:Trusted timestamping
3516:LINE Engineers' Blog
3471:, Code available at
3452:, Code available at
3074:
3011:
2948:
2885:
2822:
2788:
2724:
2694:
2643:
2588:
2549:
2504:
2462:
2420:
2381:
2361:
2322:
2302:
2247:
2227:
2200:
2180:
2160:
2096:
2069:
2021:
1974:
1948:
1901:
1881:
1861:
1822:
1778:
1698:
1659:
1636:
1613:
1574:
1554:
1534:
1514:
1459:
1439:
1372:
1314:
1259:
1220:
1216:-rational points of
1193:
1173:
1106:
1048:
1009:
961:
922:
874:
842:
662:
632:
601:
529:
457:
408:
362:
342:
322:
287:
267:
229:
209:
138:
82:
48:symmetric-key cipher
4150:Cryptographic nonce
3894:Three-pass protocol
3250:Certicom Research,
3147:Daniel J. Bernstein
2803:{\displaystyle B=1}
2709:{\displaystyle B=1}
2377:and has public key
2318:and has public key
2065:introduced the map
4266:Subliminal channel
4250:Pseudorandom noise
4192:Key (cryptography)
3664:Discrete logarithm
3522:on 1 February 2019
3398:Miller, Victor S.
3270:2016-03-06 at the
3193:Facebook Messenger
3171:LINE messenger app
3123:
3060:
2997:
2934:
2871:
2800:
2774:
2706:
2680:
2618:
2574:
2535:
2490:
2448:
2406:
2367:
2347:
2308:
2288:
2233:
2213:
2186:
2166:
2146:
2082:
2054:{\displaystyle P=}
2051:
2007:
1960:
1934:
1897:is the following:
1887:
1867:
1847:
1811:{\displaystyle P=}
1808:
1764:
1684:
1642:
1625:{\displaystyle 4q}
1622:
1599:
1560:
1540:
1520:
1500:
1445:
1425:
1358:
1310:is the set of all
1300:
1245:
1206:
1179:
1159:
1092:
1044:is the set of all
1034:
995:
947:
900:
860:
794:discrete logarithm
778:
645:
614:
587:
515:
440:
394:
348:
328:
305:
273:
253:
215:
195:
124:
44:derive another key
4447:
4446:
4443:
4442:
4326:Key-based routing
4316:Trapdoor function
4182:Digital signature
4053:
4052:
4049:
4048:
4001:Digital signature
3944:Trapdoor function
3907:
3906:
3624:Goldwasser–Micali
3413:Pollard, John M.
2370:{\displaystyle t}
2311:{\displaystyle s}
2236:{\displaystyle Q}
2189:{\displaystyle Z}
2169:{\displaystyle X}
1890:{\displaystyle x}
1870:{\displaystyle x}
1645:{\displaystyle q}
1563:{\displaystyle B}
1543:{\displaystyle A}
775:
762:
743:
730:
711:
698:
685:
672:
584:
571:
512:
499:
434:
421:
388:
375:
351:{\displaystyle d}
331:{\displaystyle G}
276:{\displaystyle Q}
218:{\displaystyle d}
76:domain parameters
4472:
4433:
4432:
4261:Insecure channel
4113:Classical cipher
4082:
4075:
4068:
4059:
4058:
3890:
3791:
3786:
3746:signature scheme
3649:Okamoto–Uchiyama
3587:
3586:
3569:
3562:
3555:
3546:
3545:
3542:
3541:
3538:
3537:
3532:
3531:
3529:
3527:
3507:
3501:
3500:
3498:
3496:
3485:
3479:
3470:
3462:
3456:
3451:
3443:
3437:
3436:
3428:
3422:
3421:
3419:
3410:
3404:
3403:
3395:
3389:
3388:
3380:
3369:
3368:
3366:
3357:
3351:
3350:
3342:
3333:
3332:
3324:
3318:
3317:
3315:
3306:
3297:
3296:
3290:
3281:
3275:
3274:, July 28, 2009.
3261:
3255:
3248:
3242:
3235:
3132:
3130:
3129:
3124:
3092:
3091:
3069:
3067:
3066:
3061:
3029:
3028:
3006:
3004:
3003:
2998:
2966:
2965:
2943:
2941:
2940:
2935:
2903:
2902:
2880:
2878:
2877:
2872:
2840:
2839:
2809:
2807:
2806:
2801:
2783:
2781:
2780:
2775:
2755:
2754:
2742:
2741:
2715:
2713:
2712:
2707:
2689:
2687:
2686:
2681:
2661:
2660:
2627:
2625:
2624:
2619:
2614:
2613:
2609:
2583:
2581:
2580:
2575:
2561:
2560:
2544:
2542:
2541:
2536:
2522:
2521:
2499:
2497:
2496:
2491:
2474:
2473:
2457:
2455:
2454:
2449:
2432:
2431:
2415:
2413:
2412:
2407:
2393:
2392:
2376:
2374:
2373:
2368:
2356:
2354:
2353:
2348:
2334:
2333:
2317:
2315:
2314:
2309:
2297:
2295:
2294:
2289:
2284:
2283:
2271:
2270:
2242:
2240:
2239:
2234:
2222:
2220:
2219:
2214:
2212:
2211:
2195:
2193:
2192:
2187:
2175:
2173:
2172:
2167:
2155:
2153:
2152:
2147:
2145:
2144:
2108:
2107:
2091:
2089:
2088:
2083:
2081:
2080:
2060:
2058:
2057:
2052:
2016:
2014:
2013:
2008:
1969:
1967:
1966:
1961:
1943:
1941:
1940:
1935:
1896:
1894:
1893:
1888:
1877:-coordinate map
1876:
1874:
1873:
1868:
1856:
1854:
1853:
1848:
1846:
1845:
1817:
1815:
1814:
1809:
1773:
1771:
1770:
1765:
1760:
1759:
1735:
1734:
1713:
1712:
1693:
1691:
1690:
1685:
1683:
1682:
1651:
1649:
1648:
1643:
1631:
1629:
1628:
1623:
1608:
1606:
1605:
1600:
1598:
1597:
1569:
1567:
1566:
1561:
1549:
1547:
1546:
1541:
1529:
1527:
1526:
1521:
1510:is a group with
1509:
1507:
1506:
1501:
1496:
1495:
1483:
1482:
1454:
1452:
1451:
1446:
1434:
1432:
1431:
1426:
1406:
1405:
1387:
1386:
1367:
1365:
1364:
1359:
1357:
1356:
1344:
1343:
1309:
1307:
1306:
1301:
1296:
1295:
1283:
1282:
1254:
1252:
1251:
1246:
1244:
1243:
1215:
1213:
1212:
1207:
1205:
1204:
1188:
1186:
1185:
1180:
1168:
1166:
1165:
1160:
1140:
1139:
1121:
1120:
1101:
1099:
1098:
1093:
1091:
1090:
1078:
1077:
1043:
1041:
1040:
1035:
1033:
1032:
1004:
1002:
1001:
996:
979:
978:
956:
954:
953:
948:
946:
945:
909:
907:
906:
901:
896:
869:
867:
866:
861:
787:
785:
784:
779:
777:
776:
773:
764:
763:
760:
745:
744:
741:
732:
731:
728:
713:
712:
709:
700:
699:
696:
687:
686:
683:
674:
673:
670:
654:
652:
651:
646:
644:
643:
623:
621:
620:
615:
613:
612:
596:
594:
593:
588:
586:
585:
582:
573:
572:
569:
557:
556:
544:
543:
524:
522:
521:
516:
514:
513:
510:
501:
500:
497:
485:
484:
472:
471:
449:
447:
446:
441:
436:
435:
432:
423:
422:
419:
403:
401:
400:
395:
390:
389:
386:
377:
376:
373:
357:
355:
354:
349:
337:
335:
334:
329:
314:
312:
311:
306:
282:
280:
279:
274:
262:
260:
259:
256:{\displaystyle }
254:
224:
222:
221:
216:
204:
202:
201:
196:
133:
131:
130:
125:
40:insecure channel
4480:
4479:
4475:
4474:
4473:
4471:
4470:
4469:
4450:
4449:
4448:
4439:
4421:
4350:
4091:
4086:
4045:
3989:
3953:Standardization
3948:
3903:
3886:
3835:
3783:Lattice/SVP/CVP
3777:
3658:
3604:Blum–Goldwasser
3578:
3573:
3535:
3525:
3523:
3508:
3504:
3494:
3492:
3486:
3482:
3463:
3459:
3444:
3440:
3431:Hamburg, Mike.
3429:
3425:
3417:
3411:
3407:
3396:
3392:
3381:
3372:
3364:
3358:
3354:
3343:
3336:
3325:
3321:
3313:
3307:
3300:
3288:
3282:
3278:
3272:Wayback Machine
3262:
3258:
3249:
3245:
3236:
3232:
3228:
3220:Forward secrecy
3206:
3181:Signal Protocol
3139:
3087:
3083:
3075:
3072:
3071:
3024:
3020:
3012:
3009:
3008:
2961:
2957:
2949:
2946:
2945:
2898:
2894:
2886:
2883:
2882:
2835:
2831:
2823:
2820:
2819:
2789:
2786:
2785:
2750:
2746:
2737:
2733:
2725:
2722:
2721:
2695:
2692:
2691:
2656:
2652:
2644:
2641:
2640:
2628:time using the
2605:
2601:
2597:
2589:
2586:
2585:
2584:requires about
2556:
2552:
2550:
2547:
2546:
2517:
2513:
2505:
2502:
2501:
2469:
2465:
2463:
2460:
2459:
2427:
2423:
2421:
2418:
2417:
2388:
2384:
2382:
2379:
2378:
2362:
2359:
2358:
2329:
2325:
2323:
2320:
2319:
2303:
2300:
2299:
2279:
2275:
2254:
2250:
2248:
2245:
2244:
2228:
2225:
2224:
2207:
2203:
2201:
2198:
2197:
2181:
2178:
2177:
2161:
2158:
2157:
2134:
2130:
2103:
2099:
2097:
2094:
2093:
2076:
2072:
2070:
2067:
2066:
2022:
2019:
2018:
1975:
1972:
1971:
1949:
1946:
1945:
1902:
1899:
1898:
1882:
1879:
1878:
1862:
1859:
1858:
1829:
1825:
1823:
1820:
1819:
1779:
1776:
1775:
1755:
1751:
1730:
1726:
1708:
1704:
1699:
1696:
1695:
1666:
1662:
1660:
1657:
1656:
1637:
1634:
1633:
1614:
1611:
1610:
1581:
1577:
1575:
1572:
1571:
1555:
1552:
1551:
1535:
1532:
1531:
1515:
1512:
1511:
1491:
1487:
1466:
1462:
1460:
1457:
1456:
1440:
1437:
1436:
1401:
1397:
1382:
1378:
1373:
1370:
1369:
1352:
1348:
1339:
1335:
1315:
1312:
1311:
1291:
1287:
1266:
1262:
1260:
1257:
1256:
1227:
1223:
1221:
1218:
1217:
1200:
1196:
1194:
1191:
1190:
1174:
1171:
1170:
1135:
1131:
1116:
1112:
1107:
1104:
1103:
1086:
1082:
1073:
1069:
1049:
1046:
1045:
1016:
1012:
1010:
1007:
1006:
974:
970:
962:
959:
958:
941:
937:
923:
920:
919:
916:
892:
875:
872:
871:
843:
840:
839:
817:forward secrecy
772:
768:
759:
755:
740:
736:
727:
723:
708:
704:
695:
691:
682:
678:
669:
665:
663:
660:
659:
639:
635:
633:
630:
629:
608:
604:
602:
599:
598:
581:
577:
568:
564:
552:
548:
539:
535:
530:
527:
526:
509:
505:
496:
492:
480:
476:
467:
463:
458:
455:
454:
431:
427:
418:
414:
409:
406:
405:
385:
381:
372:
368:
363:
360:
359:
343:
340:
339:
323:
320:
319:
288:
285:
284:
268:
265:
264:
230:
227:
226:
210:
207:
206:
139:
136:
135:
83:
80:
79:
64:
54:protocol using
17:
12:
11:
5:
4478:
4468:
4467:
4462:
4445:
4444:
4441:
4440:
4438:
4437:
4426:
4423:
4422:
4420:
4419:
4414:
4412:Random numbers
4409:
4404:
4399:
4394:
4389:
4384:
4379:
4374:
4369:
4364:
4358:
4356:
4352:
4351:
4349:
4348:
4343:
4338:
4336:Garlic routing
4333:
4328:
4323:
4318:
4313:
4308:
4303:
4298:
4293:
4288:
4283:
4278:
4273:
4268:
4263:
4258:
4256:Secure channel
4253:
4247:
4246:
4245:
4234:
4229:
4224:
4219:
4214:
4212:Key stretching
4209:
4204:
4199:
4194:
4189:
4184:
4179:
4178:
4177:
4172:
4167:
4157:
4155:Cryptovirology
4152:
4147:
4142:
4140:Cryptocurrency
4137:
4132:
4127:
4126:
4125:
4115:
4110:
4105:
4099:
4097:
4093:
4092:
4085:
4084:
4077:
4070:
4062:
4055:
4054:
4051:
4050:
4047:
4046:
4044:
4043:
4038:
4033:
4028:
4023:
4018:
4013:
4008:
4003:
3997:
3995:
3991:
3990:
3988:
3987:
3982:
3977:
3972:
3967:
3962:
3956:
3954:
3950:
3949:
3947:
3946:
3941:
3936:
3931:
3926:
3921:
3915:
3913:
3909:
3908:
3905:
3904:
3902:
3901:
3896:
3891:
3884:
3882:Merkle–Hellman
3879:
3874:
3869:
3864:
3859:
3854:
3849:
3843:
3841:
3837:
3836:
3834:
3833:
3828:
3823:
3818:
3813:
3808:
3803:
3797:
3795:
3779:
3778:
3776:
3775:
3770:
3765:
3760:
3755:
3750:
3749:
3748:
3738:
3733:
3728:
3727:
3726:
3721:
3711:
3706:
3705:
3704:
3699:
3689:
3684:
3679:
3674:
3668:
3666:
3660:
3659:
3657:
3656:
3651:
3646:
3641:
3636:
3631:
3629:Naccache–Stern
3626:
3621:
3616:
3611:
3606:
3601:
3595:
3593:
3584:
3580:
3579:
3572:
3571:
3564:
3557:
3549:
3534:
3533:
3502:
3480:
3457:
3438:
3423:
3405:
3390:
3370:
3352:
3334:
3319:
3298:
3276:
3256:
3243:
3241:, March, 2006.
3229:
3227:
3224:
3223:
3222:
3217:
3212:
3205:
3202:
3201:
3200:
3178:
3168:
3158:
3138:
3135:
3122:
3119:
3116:
3113:
3110:
3107:
3104:
3101:
3098:
3095:
3090:
3086:
3082:
3079:
3059:
3056:
3053:
3050:
3047:
3044:
3041:
3038:
3035:
3032:
3027:
3023:
3019:
3016:
2996:
2993:
2990:
2987:
2984:
2981:
2978:
2975:
2972:
2969:
2964:
2960:
2956:
2953:
2933:
2930:
2927:
2924:
2921:
2918:
2915:
2912:
2909:
2906:
2901:
2897:
2893:
2890:
2870:
2867:
2864:
2861:
2858:
2855:
2852:
2849:
2846:
2843:
2838:
2834:
2830:
2827:
2799:
2796:
2793:
2773:
2770:
2767:
2764:
2761:
2758:
2753:
2749:
2745:
2740:
2736:
2732:
2729:
2705:
2702:
2699:
2679:
2676:
2673:
2670:
2667:
2664:
2659:
2655:
2651:
2648:
2617:
2612:
2608:
2604:
2600:
2596:
2593:
2573:
2570:
2567:
2564:
2559:
2555:
2534:
2531:
2528:
2525:
2520:
2516:
2512:
2509:
2489:
2486:
2483:
2480:
2477:
2472:
2468:
2447:
2444:
2441:
2438:
2435:
2430:
2426:
2405:
2402:
2399:
2396:
2391:
2387:
2366:
2346:
2343:
2340:
2337:
2332:
2328:
2307:
2287:
2282:
2278:
2274:
2269:
2266:
2263:
2260:
2257:
2253:
2232:
2210:
2206:
2185:
2165:
2143:
2140:
2137:
2133:
2129:
2126:
2123:
2120:
2117:
2114:
2111:
2106:
2102:
2079:
2075:
2050:
2047:
2044:
2041:
2038:
2035:
2032:
2029:
2026:
2006:
2003:
2000:
1997:
1994:
1991:
1988:
1985:
1982:
1979:
1959:
1956:
1953:
1933:
1930:
1927:
1924:
1921:
1918:
1915:
1912:
1909:
1906:
1886:
1866:
1844:
1841:
1838:
1835:
1832:
1828:
1807:
1804:
1801:
1798:
1795:
1792:
1789:
1786:
1783:
1774:. For a point
1763:
1758:
1754:
1750:
1747:
1744:
1741:
1738:
1733:
1729:
1725:
1722:
1719:
1716:
1711:
1707:
1703:
1681:
1678:
1675:
1672:
1669:
1665:
1641:
1621:
1618:
1596:
1593:
1590:
1587:
1584:
1580:
1559:
1539:
1519:
1499:
1494:
1490:
1486:
1481:
1478:
1475:
1472:
1469:
1465:
1444:
1424:
1421:
1418:
1415:
1412:
1409:
1404:
1400:
1396:
1393:
1390:
1385:
1381:
1377:
1355:
1351:
1347:
1342:
1338:
1334:
1331:
1328:
1325:
1322:
1319:
1299:
1294:
1290:
1286:
1281:
1278:
1275:
1272:
1269:
1265:
1242:
1239:
1236:
1233:
1230:
1226:
1203:
1199:
1178:
1158:
1155:
1152:
1149:
1146:
1143:
1138:
1134:
1130:
1127:
1124:
1119:
1115:
1111:
1089:
1085:
1081:
1076:
1072:
1068:
1065:
1062:
1059:
1056:
1053:
1031:
1028:
1025:
1022:
1019:
1015:
994:
991:
988:
985:
982:
977:
973:
969:
966:
944:
940:
936:
933:
930:
927:
915:
912:
899:
895:
891:
888:
885:
882:
879:
859:
856:
853:
850:
847:
809:Ephemeral keys
771:
767:
758:
754:
751:
748:
739:
735:
726:
722:
719:
716:
707:
703:
694:
690:
681:
677:
668:
642:
638:
611:
607:
580:
576:
567:
563:
560:
555:
551:
547:
542:
538:
534:
508:
504:
495:
491:
488:
483:
479:
475:
470:
466:
462:
439:
430:
426:
417:
413:
393:
384:
380:
371:
367:
347:
327:
304:
301:
298:
295:
292:
272:
252:
249:
246:
243:
240:
237:
234:
214:
194:
191:
188:
185:
182:
179:
176:
173:
170:
167:
164:
161:
158:
155:
152:
149:
146:
143:
123:
120:
117:
114:
111:
108:
105:
102:
99:
96:
93:
90:
87:
63:
60:
52:Diffie–Hellman
32:elliptic-curve
15:
9:
6:
4:
3:
2:
4477:
4466:
4463:
4461:
4458:
4457:
4455:
4436:
4428:
4427:
4424:
4418:
4417:Steganography
4415:
4413:
4410:
4408:
4405:
4403:
4400:
4398:
4395:
4393:
4390:
4388:
4385:
4383:
4380:
4378:
4375:
4373:
4372:Stream cipher
4370:
4368:
4365:
4363:
4360:
4359:
4357:
4353:
4347:
4344:
4342:
4339:
4337:
4334:
4332:
4331:Onion routing
4329:
4327:
4324:
4322:
4319:
4317:
4314:
4312:
4311:Shared secret
4309:
4307:
4304:
4302:
4299:
4297:
4294:
4292:
4289:
4287:
4284:
4282:
4279:
4277:
4274:
4272:
4269:
4267:
4264:
4262:
4259:
4257:
4254:
4251:
4248:
4243:
4240:
4239:
4238:
4235:
4233:
4230:
4228:
4225:
4223:
4220:
4218:
4215:
4213:
4210:
4208:
4205:
4203:
4202:Key generator
4200:
4198:
4195:
4193:
4190:
4188:
4185:
4183:
4180:
4176:
4173:
4171:
4168:
4166:
4163:
4162:
4161:
4160:Hash function
4158:
4156:
4153:
4151:
4148:
4146:
4143:
4141:
4138:
4136:
4135:Cryptanalysis
4133:
4131:
4128:
4124:
4121:
4120:
4119:
4116:
4114:
4111:
4109:
4106:
4104:
4101:
4100:
4098:
4094:
4090:
4083:
4078:
4076:
4071:
4069:
4064:
4063:
4060:
4056:
4042:
4039:
4037:
4034:
4032:
4029:
4027:
4024:
4022:
4019:
4017:
4014:
4012:
4009:
4007:
4004:
4002:
3999:
3998:
3996:
3992:
3986:
3983:
3981:
3978:
3976:
3973:
3971:
3968:
3966:
3963:
3961:
3958:
3957:
3955:
3951:
3945:
3942:
3940:
3937:
3935:
3932:
3930:
3927:
3925:
3922:
3920:
3917:
3916:
3914:
3910:
3900:
3897:
3895:
3892:
3889:
3885:
3883:
3880:
3878:
3875:
3873:
3870:
3868:
3865:
3863:
3860:
3858:
3855:
3853:
3850:
3848:
3845:
3844:
3842:
3838:
3832:
3829:
3827:
3824:
3822:
3819:
3817:
3814:
3812:
3809:
3807:
3804:
3802:
3799:
3798:
3796:
3794:
3789:
3784:
3780:
3774:
3771:
3769:
3766:
3764:
3761:
3759:
3756:
3754:
3751:
3747:
3744:
3743:
3742:
3739:
3737:
3734:
3732:
3729:
3725:
3722:
3720:
3717:
3716:
3715:
3712:
3710:
3707:
3703:
3700:
3698:
3695:
3694:
3693:
3690:
3688:
3685:
3683:
3680:
3678:
3675:
3673:
3670:
3669:
3667:
3665:
3661:
3655:
3654:Schmidt–Samoa
3652:
3650:
3647:
3645:
3642:
3640:
3637:
3635:
3632:
3630:
3627:
3625:
3622:
3620:
3617:
3615:
3614:Damgård–Jurik
3612:
3610:
3609:Cayley–Purser
3607:
3605:
3602:
3600:
3597:
3596:
3594:
3592:
3588:
3585:
3581:
3577:
3570:
3565:
3563:
3558:
3556:
3551:
3550:
3547:
3543:
3539:
3521:
3517:
3513:
3506:
3491:
3484:
3478:
3474:
3468:
3461:
3455:
3449:
3442:
3434:
3427:
3416:
3409:
3401:
3394:
3386:
3379:
3377:
3375:
3363:
3356:
3348:
3341:
3339:
3330:
3323:
3312:
3305:
3303:
3294:
3287:
3280:
3273:
3269:
3266:
3260:
3253:
3247:
3240:
3234:
3230:
3221:
3218:
3216:
3213:
3211:
3208:
3207:
3198:
3194:
3190:
3186:
3182:
3179:
3176:
3172:
3169:
3166:
3162:
3159:
3156:
3152:
3148:
3144:
3141:
3140:
3134:
3120:
3117:
3114:
3111:
3108:
3105:
3102:
3099:
3096:
3093:
3088:
3084:
3080:
3077:
3057:
3054:
3051:
3048:
3045:
3042:
3039:
3036:
3033:
3030:
3025:
3021:
3017:
3014:
2994:
2991:
2988:
2985:
2982:
2979:
2976:
2973:
2970:
2967:
2962:
2958:
2954:
2951:
2931:
2928:
2925:
2922:
2919:
2916:
2913:
2910:
2907:
2904:
2899:
2895:
2891:
2888:
2868:
2865:
2862:
2859:
2856:
2853:
2850:
2847:
2844:
2841:
2836:
2832:
2828:
2825:
2817:
2813:
2797:
2794:
2791:
2771:
2768:
2765:
2762:
2759:
2756:
2751:
2747:
2743:
2738:
2734:
2730:
2727:
2719:
2703:
2700:
2697:
2677:
2674:
2671:
2668:
2665:
2662:
2657:
2653:
2649:
2646:
2638:
2633:
2631:
2610:
2606:
2602:
2598:
2591:
2568:
2565:
2557:
2553:
2529:
2526:
2518:
2514:
2510:
2507:
2484:
2481:
2478:
2470:
2466:
2442:
2439:
2436:
2428:
2424:
2400:
2397:
2389:
2385:
2364:
2341:
2338:
2330:
2326:
2305:
2280:
2276:
2267:
2264:
2261:
2258:
2255:
2251:
2230:
2208:
2204:
2183:
2163:
2141:
2138:
2135:
2131:
2127:
2124:
2118:
2115:
2112:
2104:
2100:
2077:
2073:
2064:
2045:
2042:
2039:
2036:
2033:
2027:
2024:
2001:
1998:
1995:
1989:
1983:
1977:
1957:
1954:
1951:
1928:
1925:
1922:
1916:
1910:
1904:
1884:
1864:
1842:
1839:
1836:
1833:
1830:
1826:
1802:
1799:
1796:
1793:
1790:
1784:
1781:
1756:
1752:
1748:
1745:
1742:
1739:
1736:
1731:
1727:
1720:
1717:
1714:
1709:
1705:
1701:
1679:
1676:
1673:
1670:
1667:
1663:
1653:
1639:
1619:
1616:
1594:
1591:
1588:
1585:
1582:
1578:
1557:
1537:
1492:
1488:
1479:
1476:
1473:
1470:
1467:
1463:
1419:
1416:
1413:
1410:
1407:
1402:
1398:
1391:
1388:
1383:
1379:
1375:
1353:
1349:
1345:
1340:
1336:
1332:
1326:
1323:
1320:
1292:
1288:
1279:
1276:
1273:
1270:
1267:
1263:
1255:, denoted as
1240:
1237:
1234:
1231:
1228:
1224:
1201:
1197:
1153:
1150:
1147:
1144:
1141:
1136:
1132:
1125:
1122:
1117:
1113:
1109:
1087:
1083:
1079:
1074:
1070:
1066:
1060:
1057:
1054:
1029:
1026:
1023:
1020:
1017:
1013:
992:
989:
983:
980:
975:
971:
964:
942:
938:
934:
931:
928:
925:
911:
897:
893:
886:
883:
880:
854:
851:
848:
836:
834:
828:
826:
822:
818:
814:
810:
806:
801:
799:
795:
789:
769:
765:
756:
752:
749:
746:
737:
733:
724:
720:
717:
714:
705:
701:
692:
688:
679:
675:
666:
656:
640:
636:
627:
609:
605:
578:
574:
565:
561:
553:
549:
545:
540:
536:
506:
502:
493:
489:
481:
477:
473:
468:
464:
451:
428:
424:
415:
382:
378:
369:
345:
325:
318:
302:
299:
296:
293:
290:
270:
247:
244:
241:
238:
235:
212:
189:
186:
183:
180:
177:
174:
171:
168:
165:
162:
156:
150:
147:
144:
118:
115:
112:
109:
106:
103:
100:
97:
94:
91:
88:
77:
73:
69:
59:
57:
53:
49:
45:
41:
37:
36:shared secret
33:
29:
28:key agreement
25:
21:
4367:Block cipher
4207:Key schedule
4197:Key exchange
4187:Kleptography
4145:Cryptosystem
4089:Cryptography
4041:OpenPGP card
4021:Web of trust
3691:
3677:Cramer–Shoup
3524:. Retrieved
3520:the original
3515:
3505:
3493:. Retrieved
3483:
3460:
3441:
3426:
3408:
3393:
3355:
3322:
3292:
3279:
3259:
3246:
3233:
2634:
2092:as follows:
1654:
1632:for a prime
917:
837:
829:
804:
802:
790:
657:
625:
452:
65:
23:
19:
18:
4355:Mathematics
4346:Mix network
4011:Fingerprint
3975:NSA Suite B
3939:RSA problem
3816:NTRUEncrypt
3070:and for M,
2881:and for M,
1435:along with
1368:satisfying
4454:Categories
4306:Ciphertext
4276:Decryption
4271:Encryption
4232:Ransomware
3965:IEEE P1363
3583:Algorithms
3526:5 February
3226:References
3143:Curve25519
2812:Curve25519
2637:Curve25519
957:such that
338:to itself
78:(that is,
4296:Plaintext
3495:April 15,
3094:−
3031:−
3007:, for M,
2968:−
2905:−
2842:−
2757:−
2744:−
2663:−
2139:−
2063:Bernstein
1955:≠
1518:∞
1443:∞
1346:×
1333:∈
1177:∞
1080:×
1067:∈
990:≠
981:−
935:∈
766:⋅
747:⋅
734:⋅
715:⋅
702:⋅
676:⋅
575:⋅
503:⋅
300:⋅
245:−
4435:Category
4341:Kademlia
4301:Codetext
4244:(CSPRNG)
4222:Machines
4026:Key size
3960:CRYPTREC
3877:McEliece
3831:RLWE-SIG
3826:RLWE-KEX
3821:NTRUSign
3634:Paillier
3268:Archived
3204:See also
3189:WhatsApp
3161:Curve448
3155:Bindings
3137:Software
2816:Curve448
2718:Curve448
870:of size
38:over an
4096:General
3872:Lamport
3852:CEILIDH
3811:NewHope
3758:Schnorr
3741:ElGamal
3719:Ed25519
3599:Benaloh
3109:1504058
283:(where
26:) is a
4217:Keygen
3994:Topics
3970:NESSIE
3912:Theory
3840:Others
3697:X25519
3237:NIST,
3185:Signal
3165:Rambus
3046:952902
2983:996558
2772:156326
2678:486662
1857:, the
317:adding
4252:(PRN)
3806:Kyber
3801:BLISS
3763:SPEKE
3731:ECMQV
3724:Ed448
3714:EdDSA
3709:ECDSA
3639:Rabin
3418:(PDF)
3365:(PDF)
3314:(PDF)
3289:(PDF)
3197:Skype
2500:from
805:ECDHE
624:(the
68:Alice
4006:OAEP
3980:CNSA
3857:EPOC
3702:X448
3692:ECDH
3528:2018
3497:2024
3475:and
3195:and
2920:4058
2857:4698
2814:and
2784:and
2690:and
2545:and
2176:and
1970:and
1550:and
918:Let
24:ECDH
4016:PKI
3899:XTR
3867:IES
3862:HFE
3793:SIS
3788:LWE
3773:STS
3768:SRP
3753:MQV
3736:EKE
3687:DSA
3672:BLS
3644:RSA
3619:GMR
3149:in
3089:521
3026:510
2963:506
2900:444
2837:251
2752:224
2739:448
2658:255
2196:in
2017:if
1944:if
1818:on
1694:is
1609:is
833:TLS
825:MQV
72:Bob
4456::
3847:AE
3682:DH
3514:.
3373:^
3337:^
3301:^
3291:.
3191:,
3187:,
3153:.
3034:75
2971:45
2908:17
2666:19
2632:.
2061:.
827:.
800:.
788:.
58:.
4081:e
4074:t
4067:v
3790:/
3785:/
3568:e
3561:t
3554:v
3530:.
3499:.
3367:.
3295:.
3199:.
3151:C
3121:1
3118:=
3115:B
3112:,
3106:=
3103:A
3100:,
3097:1
3085:2
3081:=
3078:p
3058:1
3055:=
3052:B
3049:,
3043:=
3040:A
3037:,
3022:2
3018:=
3015:p
2995:1
2992:=
2989:B
2986:,
2980:=
2977:A
2974:,
2959:2
2955:=
2952:p
2932:1
2929:=
2926:B
2923:,
2917:=
2914:A
2911:,
2896:2
2892:=
2889:p
2869:1
2866:=
2863:B
2860:,
2854:=
2851:A
2848:,
2845:9
2833:2
2829:=
2826:p
2798:1
2795:=
2792:B
2769:=
2766:A
2763:,
2760:1
2748:2
2735:2
2731:=
2728:p
2704:1
2701:=
2698:B
2675:=
2672:A
2669:,
2654:2
2650:=
2647:p
2616:)
2611:2
2607:/
2603:1
2599:p
2595:(
2592:O
2572:)
2569:Q
2566:t
2563:(
2558:0
2554:x
2533:)
2530:Q
2527:s
2524:(
2519:0
2515:x
2511:,
2508:Q
2488:)
2485:Q
2482:t
2479:s
2476:(
2471:0
2467:x
2446:)
2443:Q
2440:t
2437:s
2434:(
2429:0
2425:x
2404:)
2401:Q
2398:t
2395:(
2390:0
2386:x
2365:t
2345:)
2342:Q
2339:s
2336:(
2331:0
2327:x
2306:s
2286:)
2281:p
2277:F
2273:(
2268:B
2265:,
2262:A
2259:,
2256:M
2252:E
2231:Q
2209:p
2205:F
2184:Z
2164:X
2142:2
2136:p
2132:Z
2128:X
2125:=
2122:)
2119:Z
2116::
2113:X
2110:(
2105:0
2101:x
2078:0
2074:x
2049:]
2046:0
2043::
2040:1
2037::
2034:0
2031:[
2028:=
2025:P
2005:]
2002:0
1999::
1996:1
1993:[
1990:=
1987:)
1984:P
1981:(
1978:x
1958:0
1952:Z
1932:]
1929:Z
1926::
1923:X
1920:[
1917:=
1914:)
1911:P
1908:(
1905:x
1885:x
1865:x
1843:B
1840:,
1837:A
1834:,
1831:M
1827:E
1806:]
1803:Z
1800::
1797:Y
1794::
1791:X
1788:[
1785:=
1782:P
1762:)
1757:2
1753:Z
1749:+
1746:Z
1743:X
1740:A
1737:+
1732:2
1728:X
1724:(
1721:X
1718:=
1715:Z
1710:2
1706:Y
1702:B
1680:B
1677:,
1674:A
1671:,
1668:M
1664:E
1640:q
1620:q
1617:4
1595:B
1592:,
1589:A
1586:,
1583:M
1579:E
1558:B
1538:A
1498:)
1493:p
1489:F
1485:(
1480:B
1477:,
1474:A
1471:,
1468:M
1464:E
1423:)
1420:1
1417:+
1414:x
1411:A
1408:+
1403:2
1399:x
1395:(
1392:x
1389:=
1384:2
1380:y
1376:B
1354:p
1350:F
1341:p
1337:F
1330:)
1327:y
1324:,
1321:x
1318:(
1298:)
1293:p
1289:F
1285:(
1280:B
1277:,
1274:A
1271:,
1268:M
1264:E
1241:B
1238:,
1235:A
1232:,
1229:M
1225:E
1202:p
1198:F
1157:)
1154:1
1151:+
1148:x
1145:A
1142:+
1137:2
1133:x
1129:(
1126:x
1123:=
1118:2
1114:y
1110:B
1088:p
1084:F
1075:p
1071:F
1064:)
1061:y
1058:,
1055:x
1052:(
1030:B
1027:,
1024:A
1021:,
1018:M
1014:E
993:0
987:)
984:4
976:2
972:A
968:(
965:B
943:p
939:F
932:B
929:,
926:A
898:2
894:/
890:)
887:1
884:+
881:n
878:(
858:)
855:p
852:,
849:0
846:[
774:A
770:Q
761:B
757:d
753:=
750:G
742:A
738:d
729:B
725:d
721:=
718:G
710:B
706:d
697:A
693:d
689:=
684:B
680:Q
671:A
667:d
641:k
637:x
626:x
610:k
606:x
583:A
579:Q
570:B
566:d
562:=
559:)
554:k
550:y
546:,
541:k
537:x
533:(
511:B
507:Q
498:A
494:d
490:=
487:)
482:k
478:y
474:,
469:k
465:x
461:(
438:)
433:B
429:Q
425:,
420:B
416:d
412:(
392:)
387:A
383:Q
379:,
374:A
370:d
366:(
346:d
326:G
303:G
297:d
294:=
291:Q
271:Q
251:]
248:1
242:n
239:,
236:1
233:[
213:d
193:)
190:h
187:,
184:n
181:,
178:G
175:,
172:b
169:,
166:a
163:,
160:)
157:x
154:(
151:f
148:,
145:m
142:(
122:)
119:h
116:,
113:n
110:,
107:G
104:,
101:b
98:,
95:a
92:,
89:p
86:(
22:(
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.