4442:
797:
802:
The only information about her key that Alice initially exposes is her public key. So, no party except Alice can determine Alice's private key (Alice of course knows it by having selected it), unless that party can solve the elliptic curve
672:
841:
If Alice maliciously chooses invalid curve points for her key and Bob does not validate that Alice's points are part of the selected group, she can collect enough residues of Bob's key to derive his private key. Several
606:
534:
2793:
459:
413:
1783:
1377:
1111:
3142:
3079:
3016:
830:
nor key-compromise impersonation resilience, among other advanced security properties. Holders of static private keys should validate the other public key, and should apply a secure
2953:
2890:
2699:
1444:
1178:
2165:
822:
are temporary and not necessarily authenticated, so if authentication is desired, authenticity assurances must be obtained by other means. Authentication is necessary to avoid
214:
2307:
1519:
1319:
1014:
143:
966:
2554:
2637:
2509:
2467:
324:
2593:
2425:
2366:
1866:
1703:
1618:
1264:
1053:
3398:. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds) Public Key Cryptography - PKC 2006. Lecture Notes in Computer Science, vol 3958. Springer, Berlin, Heidelberg.
3342:. In Joppe W. Bos and Arjen K. Lenstra, editors, Topics in Computational Number Theory inspired by Peter L. Montgomery, pages 82–115. Cambridge University Press, 2017.
1979:
1539:
1464:
1198:
919:
2232:
2101:
2026:
1953:
1225:
879:
664:
633:
2819:
2725:
2070:
1827:
1641:
807:
problem. Bob's private key is similarly secure. No party other than Alice or Bob can compute the shared secret, unless that party can solve the elliptic curve
2386:
2327:
2252:
2205:
2185:
1906:
1886:
1661:
1579:
1559:
367:
347:
292:
234:
4422:
4252:
272:
3867:
3413:. In Advances in Cryptology - CRYPTO’85, Santa Barbara, California, USA, August 18-22, 1985, Proceedings, pages 417–426. Springer Berlin Heidelberg, 1985.
792:{\displaystyle d_{\text{A}}\cdot Q_{\text{B}}=d_{\text{A}}\cdot d_{\text{B}}\cdot G=d_{\text{B}}\cdot d_{\text{A}}\cdot G=d_{\text{B}}\cdot Q_{\text{A}}}
3577:
216:
in the binary case) must be agreed upon. Also, each party must have a key pair suitable for elliptic curve cryptography, consisting of a private key
834:
to the raw Diffie–Hellman shared secret to avoid leaking information about the static private key. For schemes with other security properties, see
3995:
4090:
826:. If one of either Alice's or Bob's public keys is static, then man-in-the-middle attacks are thwarted. Static public keys provide neither
17:
3990:
921:. For this reason, the secret should not be used directly as a symmetric key, but it can be used as entropy for a key derivation function.
3278:
3425:
3321:
2234:. Following Miller, Montgomery and Bernstein, the Diffie-Hellman key agreement can be carried out on a Montgomery curve as follows. Let
3719:
3898:
3892:
539:
467:
3522:
1666:
For computational efficiency, it is preferable to work with projective coordinates. The projective form of the
Montgomery curve
1541:
as the identity element. It is known that the order of this group is a multiple of 4. In fact, it is usually possible to obtain
4016:
3570:
3296:
4475:
86:
3250:
Special
Publication 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
327:
3249:
3634:
4083:
3659:
3624:
4470:
3614:
3563:
2734:
3778:
3692:
3639:
3225:
418:
372:
62:
1708:
1324:
1058:
4301:
4232:
3803:
3084:
3021:
2958:
3459:"Security and Efficiency Trade-offs for Elliptic Curve Diffie-Hellman at the 128- and 224-bit Security Levels"
3687:
2895:
2832:
4076:
3944:
3877:
2653:
1382:
1116:
4417:
4372:
4175:
4041:
3934:
3783:
3697:
3619:
3220:
2106:
66:
148:
4296:
3793:
3682:
3664:
2640:
808:
2257:
1469:
1269:
971:
4412:
4046:
4026:
3929:
2955:. At 256-bit security level, three Montgomery curves named M, M and M have been proposed in. For M,
4402:
4392:
4247:
3985:
3756:
843:
823:
814:
The public keys are either static (and trusted, say via a certificate) or ephemeral (also known as
92:
932:
4397:
4387:
4180:
4140:
4133:
4118:
4113:
3939:
3586:
2514:
831:
639:
coordinate of the point). Most standardized protocols based on ECDH derive a symmetric key from
58:
54:
2598:
2472:
2430:
297:
4185:
4128:
4021:
3872:
3811:
3746:
3458:
3275:
3195:
2559:
2391:
2332:
1832:
1669:
1584:
1230:
1019:
85:, but the only channel available for them may be eavesdropped by a third party. Initially, the
3357:
57:. The key, or the derived key, can then be used to encrypt subsequent communications using a
4445:
4291:
4237:
3887:
3644:
3601:
3410:
3185:
1958:
1524:
1449:
1183:
884:
3194:
uses ECDH to obtain post-compromise security. Implementations of this protocol are found in
3174:, an elliptic curve potentially offering 224 bits of security, developed by Mike Hamburg of
4407:
4331:
3798:
3609:
2210:
2079:
1984:
1911:
1663:. For more extensive discussions of Montgomery curves and their arithmetic one may follow.
1203:
852:
642:
611:
3144:
respectively. Apart from these two, other proposals of
Montgomery curves can be found at.
8:
4160:
3904:
3157:
2798:
2704:
2073:
2031:
1788:
1623:
461:. Each party must know the other party's public key prior to execution of the protocol.
4276:
4260:
4202:
3751:
3674:
3654:
3649:
3629:
3203:
2371:
2312:
2237:
2190:
2170:
1891:
1871:
1646:
1564:
1544:
804:
352:
332:
277:
219:
3530:
239:
4336:
4326:
4192:
4011:
3954:
3882:
3768:
4271:
4123:
3857:
3478:"Efficient Elliptic Curve Diffie-Hellman Computation at the 256-bit Security Level"
3165:
50:
3358:"Montgomery curves and their arithmetic - the case of large characteristic fields"
3282:
3230:
3191:
3181:
827:
4346:
4266:
4222:
4165:
4150:
3372:
42:
3156:
is a popular set of elliptic curve parameters and reference implementation by
4464:
4427:
4382:
4341:
4321:
4212:
4170:
4145:
819:
82:
78:
46:
38:
3500:
3477:
4377:
4217:
4207:
4197:
4155:
4099:
4051:
4031:
77:
The following example illustrates how a shared key is established. Suppose
4356:
3949:
3826:
3263:
Standards for efficient cryptography, SEC 1: Elliptic Curve
Cryptography
4316:
4286:
4281:
4242:
3975:
3707:
3487:
3294:
3161:
3153:
2822:
2647:
3483:
3395:
4306:
3729:
924:
4351:
4311:
4036:
3970:
3841:
3836:
3831:
3734:
3712:
3501:"Safecurves: choosing safe curves for elliptic- curve cryptography"
3443:
3339:
3199:
3171:
2826:
2728:
3464:
3322:"Speeding the Pollard and elliptic curve methods of factorization"
3262:
3862:
3821:
3373:"Can we avoid tests for zero in fast elliptic-curve arithmetic?"
3304:
European
Symposium on Research in Computer Security (ESORICS'15)
2469:. Using classical computers, the best known method of obtaining
4227:
3980:
3175:
669:
The shared secret calculated by both parties is equal, because
1200:. This is called the affine form of the curve. The set of all
3816:
3773:
3741:
3724:
3207:
601:{\displaystyle (x_{k},y_{k})=d_{\text{B}}\cdot Q_{\text{A}}}
529:{\displaystyle (x_{k},y_{k})=d_{\text{A}}\cdot Q_{\text{B}}}
2821:. Couple of Montgomery curves named M and M competitive to
3295:
Tibor Jager; Jorg
Schwenk; Juraj Somorovsky (2015-09-04).
849:
The shared secret is uniformly distributed on a subset of
53:. This shared secret may be directly used as a key, or to
3909:
3763:
3188:
of all messages sent through said app since
October 2015.
2727:. The other Montgomery curve which is part of TLS 1.3 is
835:
3514:
4253:
Cryptographically secure pseudorandom number generator
846:
libraries were found to be vulnerable to this attack.
3087:
3024:
2961:
2898:
2835:
2801:
2737:
2707:
2656:
2601:
2562:
2517:
2475:
2433:
2394:
2374:
2335:
2315:
2260:
2240:
2213:
2193:
2173:
2109:
2082:
2034:
1987:
1961:
1914:
1894:
1874:
1835:
1791:
1711:
1672:
1649:
1626:
1587:
1567:
1547:
1527:
1472:
1452:
1385:
1327:
1272:
1233:
1206:
1186:
1119:
1061:
1022:
974:
935:
887:
855:
675:
645:
614:
542:
470:
421:
375:
355:
335:
300:
280:
242:
222:
151:
95:
3547:
3523:"New generation of safe messaging: "Letter Sealing""
3327:. Mathematics of Computation, 48(177):243–264, 1987.
3184:
has used the ECDH protocol for its "Letter
Sealing"
3360:. J. Cryptographic Engineering, 8(3):227–240, 2018.
3168:
and alternative implementations are also available.
2650:which was introduced by Bernstein. For Curve25519,
3136:
3073:
3010:
2947:
2884:
2813:
2787:
2719:
2693:
2631:
2587:
2548:
2503:
2461:
2419:
2380:
2360:
2321:
2301:
2246:
2226:
2199:
2179:
2159:
2095:
2064:
2020:
1973:
1947:
1900:
1880:
1860:
1821:
1777:
1697:
1655:
1635:
1612:
1573:
1553:
1533:
1513:
1458:
1438:
1371:
1313:
1258:
1219:
1192:
1172:
1105:
1047:
1008:
960:
913:
873:
791:
658:
627:
600:
528:
453:
407:
361:
341:
318:
286:
266:
228:
208:
137:
3426:"Monte Carlo methods for index computation mod p"
925:Diffie-Hellman Key Agreement on Montgomery Curves
41:protocol that allows two parties, each having an
4462:
3446:. ACR Cryptology ePrint Archive, 2015:625, 2015.
3480:. IET Information Security, 14(6):633640, 2020.
3431:. Mathematics of Computation, 32:918–924, 1978.
2731:which was introduced by Hamburg. For Curve448,
2646:The most famous example of Montgomery curve is
1466:. Under a suitably defined addition operation,
666:using some hash-based key derivation function.
3396:"Curve25519: New Diffie-Hellman Speed Records"
3351:
3349:
3276:Suite B Implementers' Guide to NIST SP 800-56A
4084:
3571:
3340:"Montgomery curves and the Montgomery ladder"
3297:"Practical Invalid Curve Attacks on TLS-ECDH"
2254:be a generator of a prime order subgroup of
236:(a randomly selected integer in the interval
72:
3389:
3387:
3385:
2788:{\displaystyle p=2^{448}-2^{224}-1,A=156326}
2427:. The shared secret key of Alice and Bob is
1180:along with the point at infinity denoted as
818:, where final 'E' stands for "ephemeral").
3585:
3450:
3346:
2829:respectively have been proposed in. For M,
454:{\displaystyle (d_{\text{B}},Q_{\text{B}})}
408:{\displaystyle (d_{\text{A}},Q_{\text{A}})}
4091:
4077:
3578:
3564:
3498:
3337:
1778:{\displaystyle BY^{2}Z=X(X^{2}+AXZ+Z^{2})}
1372:{\displaystyle (x,y)\in F_{p}\times F_{p}}
1106:{\displaystyle (x,y)\in F_{p}\times F_{p}}
274:) and a public key represented by a point
3382:
3355:
3137:{\displaystyle p=2^{521}-1,A=1504058,B=1}
3074:{\displaystyle p=2^{510}-75,A=952902,B=1}
3011:{\displaystyle p=2^{506}-45,A=996558,B=1}
3444:"Ed448-goldilocks, a new elliptic curve"
3411:"Use of elliptic curves in cryptography"
3315:
3313:
45:public–private key pair, to establish a
2948:{\displaystyle p=2^{444}-17,A=4058,B=1}
14:
4463:
3475:
3456:
3331:
3319:
2885:{\displaystyle p=2^{251}-9,A=4698,B=1}
4072:
3559:
3393:
3370:
3310:
2694:{\displaystyle p=2^{255}-19,A=486662}
1016:. The Montgomery form elliptic curve
81:wants to establish a shared key with
3899:Naccache–Stern knapsack cryptosystem
3499:Bernstein, Daniel J.; Lange, Tanja.
3488:https://github.com/kn-cs/mont256-vec
3461:. J Cryptogr Eng 12, 107–121 (2022).
3338:Bernstein, Daniel J.; Lange, Tanja.
1439:{\displaystyle By^{2}=x(x^{2}+Ax+1)}
1173:{\displaystyle By^{2}=x(x^{2}+Ax+1)}
3484:https://github.com/kn-cs/mont256-dh
3441:
3423:
2167:which is defined for all values of
2160:{\displaystyle x_{0}(X:Z)=XZ^{p-2}}
24:
3529:. LINE Corporation. Archived from
3520:
3408:
3356:Costello, Craig; Smith, Benjamin.
1528:
1453:
1187:
209:{\displaystyle (m,f(x),a,b,G,n,h)}
25:
4487:
4441:
4440:
4098:
2302:{\displaystyle E_{M,A,B}(F_{p})}
1514:{\displaystyle E_{M,A,B}(F_{p})}
1314:{\displaystyle E_{M,A,B}(F_{p})}
1009:{\displaystyle B(A^{2}-4)\neq 0}
369:times). Let Alice's key pair be
3930:Discrete logarithm cryptography
3492:
3476:Nath, Kaushik; Sarkar, Palash.
3469:
3465:https://github.com/kn-cs/x25519
3457:Nath, Kaushik; Sarkar, Palash.
3435:
3417:
3402:
4302:Information-theoretic security
3364:
3288:
3268:
3255:
3242:
2626:
2605:
2582:
2573:
2543:
2534:
2498:
2486:
2456:
2444:
2414:
2405:
2355:
2346:
2296:
2283:
2132:
2120:
2059:
2041:
2015:
2003:
1997:
1991:
1942:
1930:
1924:
1918:
1816:
1798:
1772:
1734:
1508:
1495:
1433:
1405:
1340:
1328:
1308:
1295:
1167:
1139:
1074:
1062:
997:
978:
900:
888:
868:
856:
569:
543:
497:
471:
448:
422:
402:
376:
261:
243:
203:
170:
164:
152:
132:
96:
13:
1:
3236:
2309:. Alice chooses a secret key
138:{\displaystyle (p,a,b,G,n,h)}
31:Elliptic-curve Diffie–Hellman
18:Elliptic-curve Diffie-Hellman
3945:Non-commutative cryptography
3265:, Version 2.0, May 21, 2009.
2368:; Bob chooses a secret key
961:{\displaystyle A,B\in F_{p}}
7:
4476:Elliptic curve cryptography
4418:Message authentication code
4373:Cryptographic hash function
4176:Cryptographic hash function
4042:Identity-based cryptography
3935:Elliptic-curve cryptography
3226:Diffie–Hellman key exchange
3221:Elliptic-curve cryptography
3214:
3147:
2549:{\displaystyle Q,x_{0}(sQ)}
67:elliptic-curve cryptography
10:
4492:
4297:Harvest now, decrypt later
3274:NSA Suite B Cryptography,
2632:{\displaystyle O(p^{1/2})}
2504:{\displaystyle x_{0}(stQ)}
2462:{\displaystyle x_{0}(stQ)}
319:{\displaystyle Q=d\cdot G}
73:Key establishment protocol
4436:
4413:Post-quantum cryptography
4365:
4106:
4068:
4047:Post-quantum cryptography
4004:
3996:Post-Quantum Cryptography
3963:
3922:
3850:
3792:
3673:
3600:
3593:
3555:
3551:
2588:{\displaystyle x_{0}(tQ)}
2420:{\displaystyle x_{0}(tQ)}
2361:{\displaystyle x_{0}(sQ)}
1861:{\displaystyle E_{M,A,B}}
1698:{\displaystyle E_{M,A,B}}
1613:{\displaystyle E_{M,A,B}}
1259:{\displaystyle E_{M,A,B}}
1048:{\displaystyle E_{M,A,B}}
824:man-in-the-middle attacks
326:, that is, the result of
61:. It is a variant of the
4403:Quantum key distribution
4393:Authenticated encryption
4248:Random number generation
1113:satisfying the equation
608:. The shared secret is
4471:Key-agreement protocols
4398:Public-key cryptography
4388:Symmetric-key algorithm
4181:Key derivation function
4141:Cryptographic primitive
4134:Authentication protocol
4119:Outline of cryptography
4114:History of cryptography
3940:Hash-based cryptography
3587:Public-key cryptography
1974:{\displaystyle Z\neq 0}
1581:such that the order of
1534:{\displaystyle \infty }
1459:{\displaystyle \infty }
1193:{\displaystyle \infty }
914:{\displaystyle (n+1)/2}
832:key derivation function
4186:Secure Hash Algorithms
4129:Cryptographic protocol
3521:JI (13 October 2015).
3178:Cryptography Research.
3138:
3075:
3012:
2949:
2886:
2815:
2789:
2721:
2695:
2641:Pollards rho algorithm
2633:
2589:
2550:
2505:
2463:
2421:
2382:
2362:
2323:
2303:
2248:
2228:
2201:
2181:
2161:
2097:
2066:
2022:
1975:
1949:
1902:
1882:
1862:
1823:
1779:
1699:
1657:
1637:
1614:
1575:
1555:
1535:
1515:
1460:
1440:
1373:
1315:
1260:
1221:
1194:
1174:
1107:
1049:
1010:
962:
915:
875:
809:Diffie–Hellman problem
793:
660:
629:
602:
530:
455:
415:and Bob's key pair be
409:
363:
343:
320:
288:
268:
230:
210:
139:
27:Key agreement protocol
4292:End-to-end encryption
4238:Cryptojacking malware
3602:Integer factorization
3394:Bernstein, Daniel J.
3371:Bernstein, Daniel J.
3320:Montgomery, Peter L.
3186:end-to-end encryption
3139:
3076:
3013:
2950:
2887:
2816:
2790:
2722:
2696:
2634:
2590:
2551:
2506:
2464:
2422:
2383:
2363:
2324:
2304:
2249:
2229:
2227:{\displaystyle F_{p}}
2202:
2182:
2162:
2098:
2096:{\displaystyle x_{0}}
2067:
2023:
2021:{\displaystyle x(P)=}
1976:
1950:
1948:{\displaystyle x(P)=}
1903:
1883:
1863:
1824:
1780:
1700:
1658:
1638:
1615:
1576:
1556:
1536:
1516:
1461:
1441:
1374:
1316:
1261:
1222:
1220:{\displaystyle F_{p}}
1195:
1175:
1108:
1050:
1011:
963:
916:
876:
874:{\displaystyle [0,p)}
794:
661:
659:{\displaystyle x_{k}}
630:
628:{\displaystyle x_{k}}
603:
536:. Bob computes point
531:
464:Alice computes point
456:
410:
364:
344:
321:
289:
269:
231:
211:
145:in the prime case or
140:
4408:Quantum cryptography
4332:Trusted timestamping
3527:LINE Engineers' Blog
3482:, Code available at
3463:, Code available at
3085:
3022:
2959:
2896:
2833:
2799:
2735:
2705:
2654:
2599:
2560:
2515:
2473:
2431:
2392:
2372:
2333:
2313:
2258:
2238:
2211:
2191:
2171:
2107:
2080:
2032:
1985:
1959:
1912:
1892:
1872:
1833:
1789:
1709:
1670:
1647:
1624:
1585:
1565:
1545:
1525:
1470:
1450:
1383:
1325:
1270:
1231:
1227:-rational points of
1204:
1184:
1117:
1059:
1020:
972:
933:
885:
853:
673:
643:
612:
540:
468:
419:
373:
353:
333:
298:
278:
240:
220:
149:
93:
59:symmetric-key cipher
4161:Cryptographic nonce
3905:Three-pass protocol
3261:Certicom Research,
3158:Daniel J. Bernstein
2814:{\displaystyle B=1}
2720:{\displaystyle B=1}
2388:and has public key
2329:and has public key
2076:introduced the map
4277:Subliminal channel
4261:Pseudorandom noise
4203:Key (cryptography)
3675:Discrete logarithm
3533:on 1 February 2019
3409:Miller, Victor S.
3281:2016-03-06 at the
3204:Facebook Messenger
3182:LINE messenger app
3134:
3071:
3008:
2945:
2882:
2811:
2785:
2717:
2691:
2629:
2585:
2546:
2501:
2459:
2417:
2378:
2358:
2319:
2299:
2244:
2224:
2197:
2177:
2157:
2093:
2065:{\displaystyle P=}
2062:
2018:
1971:
1945:
1908:is the following:
1898:
1878:
1858:
1822:{\displaystyle P=}
1819:
1775:
1695:
1653:
1636:{\displaystyle 4q}
1633:
1610:
1571:
1551:
1531:
1511:
1456:
1436:
1369:
1321:is the set of all
1311:
1256:
1217:
1190:
1170:
1103:
1055:is the set of all
1045:
1006:
958:
911:
871:
805:discrete logarithm
789:
656:
625:
598:
526:
451:
405:
359:
339:
316:
284:
264:
226:
206:
135:
55:derive another key
4458:
4457:
4454:
4453:
4337:Key-based routing
4327:Trapdoor function
4193:Digital signature
4064:
4063:
4060:
4059:
4012:Digital signature
3955:Trapdoor function
3918:
3917:
3635:Goldwasser–Micali
3424:Pollard, John M.
2381:{\displaystyle t}
2322:{\displaystyle s}
2247:{\displaystyle Q}
2200:{\displaystyle Z}
2180:{\displaystyle X}
1901:{\displaystyle x}
1881:{\displaystyle x}
1656:{\displaystyle q}
1574:{\displaystyle B}
1554:{\displaystyle A}
786:
773:
754:
741:
722:
709:
696:
683:
595:
582:
523:
510:
445:
432:
399:
386:
362:{\displaystyle d}
342:{\displaystyle G}
287:{\displaystyle Q}
229:{\displaystyle d}
87:domain parameters
16:(Redirected from
4483:
4444:
4443:
4272:Insecure channel
4124:Classical cipher
4093:
4086:
4079:
4070:
4069:
3901:
3802:
3797:
3757:signature scheme
3660:Okamoto–Uchiyama
3598:
3597:
3580:
3573:
3566:
3557:
3556:
3553:
3552:
3549:
3548:
3543:
3542:
3540:
3538:
3518:
3512:
3511:
3509:
3507:
3496:
3490:
3481:
3473:
3467:
3462:
3454:
3448:
3447:
3439:
3433:
3432:
3430:
3421:
3415:
3414:
3406:
3400:
3399:
3391:
3380:
3379:
3377:
3368:
3362:
3361:
3353:
3344:
3343:
3335:
3329:
3328:
3326:
3317:
3308:
3307:
3301:
3292:
3286:
3285:, July 28, 2009.
3272:
3266:
3259:
3253:
3246:
3143:
3141:
3140:
3135:
3103:
3102:
3080:
3078:
3077:
3072:
3040:
3039:
3017:
3015:
3014:
3009:
2977:
2976:
2954:
2952:
2951:
2946:
2914:
2913:
2891:
2889:
2888:
2883:
2851:
2850:
2820:
2818:
2817:
2812:
2794:
2792:
2791:
2786:
2766:
2765:
2753:
2752:
2726:
2724:
2723:
2718:
2700:
2698:
2697:
2692:
2672:
2671:
2638:
2636:
2635:
2630:
2625:
2624:
2620:
2594:
2592:
2591:
2586:
2572:
2571:
2555:
2553:
2552:
2547:
2533:
2532:
2510:
2508:
2507:
2502:
2485:
2484:
2468:
2466:
2465:
2460:
2443:
2442:
2426:
2424:
2423:
2418:
2404:
2403:
2387:
2385:
2384:
2379:
2367:
2365:
2364:
2359:
2345:
2344:
2328:
2326:
2325:
2320:
2308:
2306:
2305:
2300:
2295:
2294:
2282:
2281:
2253:
2251:
2250:
2245:
2233:
2231:
2230:
2225:
2223:
2222:
2206:
2204:
2203:
2198:
2186:
2184:
2183:
2178:
2166:
2164:
2163:
2158:
2156:
2155:
2119:
2118:
2102:
2100:
2099:
2094:
2092:
2091:
2071:
2069:
2068:
2063:
2027:
2025:
2024:
2019:
1980:
1978:
1977:
1972:
1954:
1952:
1951:
1946:
1907:
1905:
1904:
1899:
1888:-coordinate map
1887:
1885:
1884:
1879:
1867:
1865:
1864:
1859:
1857:
1856:
1828:
1826:
1825:
1820:
1784:
1782:
1781:
1776:
1771:
1770:
1746:
1745:
1724:
1723:
1704:
1702:
1701:
1696:
1694:
1693:
1662:
1660:
1659:
1654:
1642:
1640:
1639:
1634:
1619:
1617:
1616:
1611:
1609:
1608:
1580:
1578:
1577:
1572:
1560:
1558:
1557:
1552:
1540:
1538:
1537:
1532:
1521:is a group with
1520:
1518:
1517:
1512:
1507:
1506:
1494:
1493:
1465:
1463:
1462:
1457:
1445:
1443:
1442:
1437:
1417:
1416:
1398:
1397:
1378:
1376:
1375:
1370:
1368:
1367:
1355:
1354:
1320:
1318:
1317:
1312:
1307:
1306:
1294:
1293:
1265:
1263:
1262:
1257:
1255:
1254:
1226:
1224:
1223:
1218:
1216:
1215:
1199:
1197:
1196:
1191:
1179:
1177:
1176:
1171:
1151:
1150:
1132:
1131:
1112:
1110:
1109:
1104:
1102:
1101:
1089:
1088:
1054:
1052:
1051:
1046:
1044:
1043:
1015:
1013:
1012:
1007:
990:
989:
967:
965:
964:
959:
957:
956:
920:
918:
917:
912:
907:
880:
878:
877:
872:
798:
796:
795:
790:
788:
787:
784:
775:
774:
771:
756:
755:
752:
743:
742:
739:
724:
723:
720:
711:
710:
707:
698:
697:
694:
685:
684:
681:
665:
663:
662:
657:
655:
654:
634:
632:
631:
626:
624:
623:
607:
605:
604:
599:
597:
596:
593:
584:
583:
580:
568:
567:
555:
554:
535:
533:
532:
527:
525:
524:
521:
512:
511:
508:
496:
495:
483:
482:
460:
458:
457:
452:
447:
446:
443:
434:
433:
430:
414:
412:
411:
406:
401:
400:
397:
388:
387:
384:
368:
366:
365:
360:
348:
346:
345:
340:
325:
323:
322:
317:
293:
291:
290:
285:
273:
271:
270:
267:{\displaystyle }
265:
235:
233:
232:
227:
215:
213:
212:
207:
144:
142:
141:
136:
51:insecure channel
21:
4491:
4490:
4486:
4485:
4484:
4482:
4481:
4480:
4461:
4460:
4459:
4450:
4432:
4361:
4102:
4097:
4056:
4000:
3964:Standardization
3959:
3914:
3897:
3846:
3794:Lattice/SVP/CVP
3788:
3669:
3615:Blum–Goldwasser
3589:
3584:
3546:
3536:
3534:
3519:
3515:
3505:
3503:
3497:
3493:
3474:
3470:
3455:
3451:
3442:Hamburg, Mike.
3440:
3436:
3428:
3422:
3418:
3407:
3403:
3392:
3383:
3375:
3369:
3365:
3354:
3347:
3336:
3332:
3324:
3318:
3311:
3299:
3293:
3289:
3283:Wayback Machine
3273:
3269:
3260:
3256:
3247:
3243:
3239:
3231:Forward secrecy
3217:
3192:Signal Protocol
3150:
3098:
3094:
3086:
3083:
3082:
3035:
3031:
3023:
3020:
3019:
2972:
2968:
2960:
2957:
2956:
2909:
2905:
2897:
2894:
2893:
2846:
2842:
2834:
2831:
2830:
2800:
2797:
2796:
2761:
2757:
2748:
2744:
2736:
2733:
2732:
2706:
2703:
2702:
2667:
2663:
2655:
2652:
2651:
2639:time using the
2616:
2612:
2608:
2600:
2597:
2596:
2595:requires about
2567:
2563:
2561:
2558:
2557:
2528:
2524:
2516:
2513:
2512:
2480:
2476:
2474:
2471:
2470:
2438:
2434:
2432:
2429:
2428:
2399:
2395:
2393:
2390:
2389:
2373:
2370:
2369:
2340:
2336:
2334:
2331:
2330:
2314:
2311:
2310:
2290:
2286:
2265:
2261:
2259:
2256:
2255:
2239:
2236:
2235:
2218:
2214:
2212:
2209:
2208:
2192:
2189:
2188:
2172:
2169:
2168:
2145:
2141:
2114:
2110:
2108:
2105:
2104:
2087:
2083:
2081:
2078:
2077:
2033:
2030:
2029:
1986:
1983:
1982:
1960:
1957:
1956:
1913:
1910:
1909:
1893:
1890:
1889:
1873:
1870:
1869:
1840:
1836:
1834:
1831:
1830:
1790:
1787:
1786:
1766:
1762:
1741:
1737:
1719:
1715:
1710:
1707:
1706:
1677:
1673:
1671:
1668:
1667:
1648:
1645:
1644:
1625:
1622:
1621:
1592:
1588:
1586:
1583:
1582:
1566:
1563:
1562:
1546:
1543:
1542:
1526:
1523:
1522:
1502:
1498:
1477:
1473:
1471:
1468:
1467:
1451:
1448:
1447:
1412:
1408:
1393:
1389:
1384:
1381:
1380:
1363:
1359:
1350:
1346:
1326:
1323:
1322:
1302:
1298:
1277:
1273:
1271:
1268:
1267:
1238:
1234:
1232:
1229:
1228:
1211:
1207:
1205:
1202:
1201:
1185:
1182:
1181:
1146:
1142:
1127:
1123:
1118:
1115:
1114:
1097:
1093:
1084:
1080:
1060:
1057:
1056:
1027:
1023:
1021:
1018:
1017:
985:
981:
973:
970:
969:
952:
948:
934:
931:
930:
927:
903:
886:
883:
882:
854:
851:
850:
828:forward secrecy
783:
779:
770:
766:
751:
747:
738:
734:
719:
715:
706:
702:
693:
689:
680:
676:
674:
671:
670:
650:
646:
644:
641:
640:
619:
615:
613:
610:
609:
592:
588:
579:
575:
563:
559:
550:
546:
541:
538:
537:
520:
516:
507:
503:
491:
487:
478:
474:
469:
466:
465:
442:
438:
429:
425:
420:
417:
416:
396:
392:
383:
379:
374:
371:
370:
354:
351:
350:
334:
331:
330:
299:
296:
295:
279:
276:
275:
241:
238:
237:
221:
218:
217:
150:
147:
146:
94:
91:
90:
75:
65:protocol using
28:
23:
22:
15:
12:
11:
5:
4489:
4479:
4478:
4473:
4456:
4455:
4452:
4451:
4449:
4448:
4437:
4434:
4433:
4431:
4430:
4425:
4423:Random numbers
4420:
4415:
4410:
4405:
4400:
4395:
4390:
4385:
4380:
4375:
4369:
4367:
4363:
4362:
4360:
4359:
4354:
4349:
4347:Garlic routing
4344:
4339:
4334:
4329:
4324:
4319:
4314:
4309:
4304:
4299:
4294:
4289:
4284:
4279:
4274:
4269:
4267:Secure channel
4264:
4258:
4257:
4256:
4245:
4240:
4235:
4230:
4225:
4223:Key stretching
4220:
4215:
4210:
4205:
4200:
4195:
4190:
4189:
4188:
4183:
4178:
4168:
4166:Cryptovirology
4163:
4158:
4153:
4151:Cryptocurrency
4148:
4143:
4138:
4137:
4136:
4126:
4121:
4116:
4110:
4108:
4104:
4103:
4096:
4095:
4088:
4081:
4073:
4066:
4065:
4062:
4061:
4058:
4057:
4055:
4054:
4049:
4044:
4039:
4034:
4029:
4024:
4019:
4014:
4008:
4006:
4002:
4001:
3999:
3998:
3993:
3988:
3983:
3978:
3973:
3967:
3965:
3961:
3960:
3958:
3957:
3952:
3947:
3942:
3937:
3932:
3926:
3924:
3920:
3919:
3916:
3915:
3913:
3912:
3907:
3902:
3895:
3893:Merkle–Hellman
3890:
3885:
3880:
3875:
3870:
3865:
3860:
3854:
3852:
3848:
3847:
3845:
3844:
3839:
3834:
3829:
3824:
3819:
3814:
3808:
3806:
3790:
3789:
3787:
3786:
3781:
3776:
3771:
3766:
3761:
3760:
3759:
3749:
3744:
3739:
3738:
3737:
3732:
3722:
3717:
3716:
3715:
3710:
3700:
3695:
3690:
3685:
3679:
3677:
3671:
3670:
3668:
3667:
3662:
3657:
3652:
3647:
3642:
3640:Naccache–Stern
3637:
3632:
3627:
3622:
3617:
3612:
3606:
3604:
3595:
3591:
3590:
3583:
3582:
3575:
3568:
3560:
3545:
3544:
3513:
3491:
3468:
3449:
3434:
3416:
3401:
3381:
3363:
3345:
3330:
3309:
3287:
3267:
3254:
3252:, March, 2006.
3240:
3238:
3235:
3234:
3233:
3228:
3223:
3216:
3213:
3212:
3211:
3189:
3179:
3169:
3149:
3146:
3133:
3130:
3127:
3124:
3121:
3118:
3115:
3112:
3109:
3106:
3101:
3097:
3093:
3090:
3070:
3067:
3064:
3061:
3058:
3055:
3052:
3049:
3046:
3043:
3038:
3034:
3030:
3027:
3007:
3004:
3001:
2998:
2995:
2992:
2989:
2986:
2983:
2980:
2975:
2971:
2967:
2964:
2944:
2941:
2938:
2935:
2932:
2929:
2926:
2923:
2920:
2917:
2912:
2908:
2904:
2901:
2881:
2878:
2875:
2872:
2869:
2866:
2863:
2860:
2857:
2854:
2849:
2845:
2841:
2838:
2810:
2807:
2804:
2784:
2781:
2778:
2775:
2772:
2769:
2764:
2760:
2756:
2751:
2747:
2743:
2740:
2716:
2713:
2710:
2690:
2687:
2684:
2681:
2678:
2675:
2670:
2666:
2662:
2659:
2628:
2623:
2619:
2615:
2611:
2607:
2604:
2584:
2581:
2578:
2575:
2570:
2566:
2545:
2542:
2539:
2536:
2531:
2527:
2523:
2520:
2500:
2497:
2494:
2491:
2488:
2483:
2479:
2458:
2455:
2452:
2449:
2446:
2441:
2437:
2416:
2413:
2410:
2407:
2402:
2398:
2377:
2357:
2354:
2351:
2348:
2343:
2339:
2318:
2298:
2293:
2289:
2285:
2280:
2277:
2274:
2271:
2268:
2264:
2243:
2221:
2217:
2196:
2176:
2154:
2151:
2148:
2144:
2140:
2137:
2134:
2131:
2128:
2125:
2122:
2117:
2113:
2090:
2086:
2061:
2058:
2055:
2052:
2049:
2046:
2043:
2040:
2037:
2017:
2014:
2011:
2008:
2005:
2002:
1999:
1996:
1993:
1990:
1970:
1967:
1964:
1944:
1941:
1938:
1935:
1932:
1929:
1926:
1923:
1920:
1917:
1897:
1877:
1855:
1852:
1849:
1846:
1843:
1839:
1818:
1815:
1812:
1809:
1806:
1803:
1800:
1797:
1794:
1785:. For a point
1774:
1769:
1765:
1761:
1758:
1755:
1752:
1749:
1744:
1740:
1736:
1733:
1730:
1727:
1722:
1718:
1714:
1692:
1689:
1686:
1683:
1680:
1676:
1652:
1632:
1629:
1607:
1604:
1601:
1598:
1595:
1591:
1570:
1550:
1530:
1510:
1505:
1501:
1497:
1492:
1489:
1486:
1483:
1480:
1476:
1455:
1435:
1432:
1429:
1426:
1423:
1420:
1415:
1411:
1407:
1404:
1401:
1396:
1392:
1388:
1366:
1362:
1358:
1353:
1349:
1345:
1342:
1339:
1336:
1333:
1330:
1310:
1305:
1301:
1297:
1292:
1289:
1286:
1283:
1280:
1276:
1253:
1250:
1247:
1244:
1241:
1237:
1214:
1210:
1189:
1169:
1166:
1163:
1160:
1157:
1154:
1149:
1145:
1141:
1138:
1135:
1130:
1126:
1122:
1100:
1096:
1092:
1087:
1083:
1079:
1076:
1073:
1070:
1067:
1064:
1042:
1039:
1036:
1033:
1030:
1026:
1005:
1002:
999:
996:
993:
988:
984:
980:
977:
955:
951:
947:
944:
941:
938:
926:
923:
910:
906:
902:
899:
896:
893:
890:
870:
867:
864:
861:
858:
820:Ephemeral keys
782:
778:
769:
765:
762:
759:
750:
746:
737:
733:
730:
727:
718:
714:
705:
701:
692:
688:
679:
653:
649:
622:
618:
591:
587:
578:
574:
571:
566:
562:
558:
553:
549:
545:
519:
515:
506:
502:
499:
494:
490:
486:
481:
477:
473:
450:
441:
437:
428:
424:
404:
395:
391:
382:
378:
358:
338:
315:
312:
309:
306:
303:
283:
263:
260:
257:
254:
251:
248:
245:
225:
205:
202:
199:
196:
193:
190:
187:
184:
181:
178:
175:
172:
169:
166:
163:
160:
157:
154:
134:
131:
128:
125:
122:
119:
116:
113:
110:
107:
104:
101:
98:
74:
71:
63:Diffie–Hellman
43:elliptic-curve
26:
9:
6:
4:
3:
2:
4488:
4477:
4474:
4472:
4469:
4468:
4466:
4447:
4439:
4438:
4435:
4429:
4428:Steganography
4426:
4424:
4421:
4419:
4416:
4414:
4411:
4409:
4406:
4404:
4401:
4399:
4396:
4394:
4391:
4389:
4386:
4384:
4383:Stream cipher
4381:
4379:
4376:
4374:
4371:
4370:
4368:
4364:
4358:
4355:
4353:
4350:
4348:
4345:
4343:
4342:Onion routing
4340:
4338:
4335:
4333:
4330:
4328:
4325:
4323:
4322:Shared secret
4320:
4318:
4315:
4313:
4310:
4308:
4305:
4303:
4300:
4298:
4295:
4293:
4290:
4288:
4285:
4283:
4280:
4278:
4275:
4273:
4270:
4268:
4265:
4262:
4259:
4254:
4251:
4250:
4249:
4246:
4244:
4241:
4239:
4236:
4234:
4231:
4229:
4226:
4224:
4221:
4219:
4216:
4214:
4213:Key generator
4211:
4209:
4206:
4204:
4201:
4199:
4196:
4194:
4191:
4187:
4184:
4182:
4179:
4177:
4174:
4173:
4172:
4171:Hash function
4169:
4167:
4164:
4162:
4159:
4157:
4154:
4152:
4149:
4147:
4146:Cryptanalysis
4144:
4142:
4139:
4135:
4132:
4131:
4130:
4127:
4125:
4122:
4120:
4117:
4115:
4112:
4111:
4109:
4105:
4101:
4094:
4089:
4087:
4082:
4080:
4075:
4074:
4071:
4067:
4053:
4050:
4048:
4045:
4043:
4040:
4038:
4035:
4033:
4030:
4028:
4025:
4023:
4020:
4018:
4015:
4013:
4010:
4009:
4007:
4003:
3997:
3994:
3992:
3989:
3987:
3984:
3982:
3979:
3977:
3974:
3972:
3969:
3968:
3966:
3962:
3956:
3953:
3951:
3948:
3946:
3943:
3941:
3938:
3936:
3933:
3931:
3928:
3927:
3925:
3921:
3911:
3908:
3906:
3903:
3900:
3896:
3894:
3891:
3889:
3886:
3884:
3881:
3879:
3876:
3874:
3871:
3869:
3866:
3864:
3861:
3859:
3856:
3855:
3853:
3849:
3843:
3840:
3838:
3835:
3833:
3830:
3828:
3825:
3823:
3820:
3818:
3815:
3813:
3810:
3809:
3807:
3805:
3800:
3795:
3791:
3785:
3782:
3780:
3777:
3775:
3772:
3770:
3767:
3765:
3762:
3758:
3755:
3754:
3753:
3750:
3748:
3745:
3743:
3740:
3736:
3733:
3731:
3728:
3727:
3726:
3723:
3721:
3718:
3714:
3711:
3709:
3706:
3705:
3704:
3701:
3699:
3696:
3694:
3691:
3689:
3686:
3684:
3681:
3680:
3678:
3676:
3672:
3666:
3665:Schmidt–Samoa
3663:
3661:
3658:
3656:
3653:
3651:
3648:
3646:
3643:
3641:
3638:
3636:
3633:
3631:
3628:
3626:
3625:Damgård–Jurik
3623:
3621:
3620:Cayley–Purser
3618:
3616:
3613:
3611:
3608:
3607:
3605:
3603:
3599:
3596:
3592:
3588:
3581:
3576:
3574:
3569:
3567:
3562:
3561:
3558:
3554:
3550:
3532:
3528:
3524:
3517:
3502:
3495:
3489:
3485:
3479:
3472:
3466:
3460:
3453:
3445:
3438:
3427:
3420:
3412:
3405:
3397:
3390:
3388:
3386:
3374:
3367:
3359:
3352:
3350:
3341:
3334:
3323:
3316:
3314:
3305:
3298:
3291:
3284:
3280:
3277:
3271:
3264:
3258:
3251:
3245:
3241:
3232:
3229:
3227:
3224:
3222:
3219:
3218:
3209:
3205:
3201:
3197:
3193:
3190:
3187:
3183:
3180:
3177:
3173:
3170:
3167:
3163:
3159:
3155:
3152:
3151:
3145:
3131:
3128:
3125:
3122:
3119:
3116:
3113:
3110:
3107:
3104:
3099:
3095:
3091:
3088:
3068:
3065:
3062:
3059:
3056:
3053:
3050:
3047:
3044:
3041:
3036:
3032:
3028:
3025:
3005:
3002:
2999:
2996:
2993:
2990:
2987:
2984:
2981:
2978:
2973:
2969:
2965:
2962:
2942:
2939:
2936:
2933:
2930:
2927:
2924:
2921:
2918:
2915:
2910:
2906:
2902:
2899:
2879:
2876:
2873:
2870:
2867:
2864:
2861:
2858:
2855:
2852:
2847:
2843:
2839:
2836:
2828:
2824:
2808:
2805:
2802:
2782:
2779:
2776:
2773:
2770:
2767:
2762:
2758:
2754:
2749:
2745:
2741:
2738:
2730:
2714:
2711:
2708:
2688:
2685:
2682:
2679:
2676:
2673:
2668:
2664:
2660:
2657:
2649:
2644:
2642:
2621:
2617:
2613:
2609:
2602:
2579:
2576:
2568:
2564:
2540:
2537:
2529:
2525:
2521:
2518:
2495:
2492:
2489:
2481:
2477:
2453:
2450:
2447:
2439:
2435:
2411:
2408:
2400:
2396:
2375:
2352:
2349:
2341:
2337:
2316:
2291:
2287:
2278:
2275:
2272:
2269:
2266:
2262:
2241:
2219:
2215:
2194:
2174:
2152:
2149:
2146:
2142:
2138:
2135:
2129:
2126:
2123:
2115:
2111:
2088:
2084:
2075:
2056:
2053:
2050:
2047:
2044:
2038:
2035:
2012:
2009:
2006:
2000:
1994:
1988:
1968:
1965:
1962:
1939:
1936:
1933:
1927:
1921:
1915:
1895:
1875:
1853:
1850:
1847:
1844:
1841:
1837:
1813:
1810:
1807:
1804:
1801:
1795:
1792:
1767:
1763:
1759:
1756:
1753:
1750:
1747:
1742:
1738:
1731:
1728:
1725:
1720:
1716:
1712:
1690:
1687:
1684:
1681:
1678:
1674:
1664:
1650:
1630:
1627:
1605:
1602:
1599:
1596:
1593:
1589:
1568:
1548:
1503:
1499:
1490:
1487:
1484:
1481:
1478:
1474:
1430:
1427:
1424:
1421:
1418:
1413:
1409:
1402:
1399:
1394:
1390:
1386:
1364:
1360:
1356:
1351:
1347:
1343:
1337:
1334:
1331:
1303:
1299:
1290:
1287:
1284:
1281:
1278:
1274:
1266:, denoted as
1251:
1248:
1245:
1242:
1239:
1235:
1212:
1208:
1164:
1161:
1158:
1155:
1152:
1147:
1143:
1136:
1133:
1128:
1124:
1120:
1098:
1094:
1090:
1085:
1081:
1077:
1071:
1068:
1065:
1040:
1037:
1034:
1031:
1028:
1024:
1003:
1000:
994:
991:
986:
982:
975:
953:
949:
945:
942:
939:
936:
922:
908:
904:
897:
894:
891:
865:
862:
859:
847:
845:
839:
837:
833:
829:
825:
821:
817:
812:
810:
806:
800:
780:
776:
767:
763:
760:
757:
748:
744:
735:
731:
728:
725:
716:
712:
703:
699:
690:
686:
677:
667:
651:
647:
638:
620:
616:
589:
585:
576:
572:
564:
560:
556:
551:
547:
517:
513:
504:
500:
492:
488:
484:
479:
475:
462:
439:
435:
426:
393:
389:
380:
356:
336:
329:
313:
310:
307:
304:
301:
281:
258:
255:
252:
249:
246:
223:
200:
197:
194:
191:
188:
185:
182:
179:
176:
173:
167:
161:
158:
155:
129:
126:
123:
120:
117:
114:
111:
108:
105:
102:
99:
88:
84:
80:
70:
68:
64:
60:
56:
52:
48:
47:shared secret
44:
40:
39:key agreement
36:
32:
19:
4378:Block cipher
4218:Key schedule
4208:Key exchange
4198:Kleptography
4156:Cryptosystem
4100:Cryptography
4052:OpenPGP card
4032:Web of trust
3702:
3688:Cramer–Shoup
3535:. Retrieved
3531:the original
3526:
3516:
3504:. Retrieved
3494:
3471:
3452:
3437:
3419:
3404:
3366:
3333:
3303:
3290:
3270:
3257:
3244:
2645:
2103:as follows:
1665:
1643:for a prime
928:
848:
840:
815:
813:
801:
668:
636:
463:
76:
34:
30:
29:
4366:Mathematics
4357:Mix network
4022:Fingerprint
3986:NSA Suite B
3950:RSA problem
3827:NTRUEncrypt
3081:and for M,
2892:and for M,
1446:along with
1379:satisfying
4465:Categories
4317:Ciphertext
4287:Decryption
4282:Encryption
4243:Ransomware
3976:IEEE P1363
3594:Algorithms
3537:5 February
3237:References
3154:Curve25519
2823:Curve25519
2648:Curve25519
968:such that
349:to itself
89:(that is,
4307:Plaintext
3506:April 15,
3105:−
3042:−
3018:, for M,
2979:−
2916:−
2853:−
2768:−
2755:−
2674:−
2150:−
2074:Bernstein
1966:≠
1529:∞
1454:∞
1357:×
1344:∈
1188:∞
1091:×
1078:∈
1001:≠
992:−
946:∈
777:⋅
758:⋅
745:⋅
726:⋅
713:⋅
687:⋅
586:⋅
514:⋅
311:⋅
256:−
4446:Category
4352:Kademlia
4312:Codetext
4255:(CSPRNG)
4233:Machines
4037:Key size
3971:CRYPTREC
3888:McEliece
3842:RLWE-SIG
3837:RLWE-KEX
3832:NTRUSign
3645:Paillier
3279:Archived
3215:See also
3200:WhatsApp
3172:Curve448
3166:Bindings
3148:Software
2827:Curve448
2729:Curve448
881:of size
49:over an
4107:General
3883:Lamport
3863:CEILIDH
3822:NewHope
3769:Schnorr
3752:ElGamal
3730:Ed25519
3610:Benaloh
3120:1504058
294:(where
37:) is a
4228:Keygen
4005:Topics
3981:NESSIE
3923:Theory
3851:Others
3708:X25519
3248:NIST,
3196:Signal
3176:Rambus
3057:952902
2994:996558
2783:156326
2689:486662
1868:, the
328:adding
4263:(PRN)
3817:Kyber
3812:BLISS
3774:SPEKE
3742:ECMQV
3735:Ed448
3725:EdDSA
3720:ECDSA
3650:Rabin
3429:(PDF)
3376:(PDF)
3325:(PDF)
3300:(PDF)
3208:Skype
2511:from
816:ECDHE
635:(the
79:Alice
4017:OAEP
3991:CNSA
3868:EPOC
3713:X448
3703:ECDH
3539:2018
3508:2024
3486:and
3206:and
2931:4058
2868:4698
2825:and
2795:and
2701:and
2556:and
2187:and
1981:and
1561:and
929:Let
35:ECDH
4027:PKI
3910:XTR
3878:IES
3873:HFE
3804:SIS
3799:LWE
3784:STS
3779:SRP
3764:MQV
3747:EKE
3698:DSA
3683:BLS
3655:RSA
3630:GMR
3160:in
3100:521
3037:510
2974:506
2911:444
2848:251
2763:224
2750:448
2669:255
2207:in
2028:if
1955:if
1829:on
1705:is
1620:is
844:TLS
836:MQV
83:Bob
4467::
3858:AE
3693:DH
3525:.
3384:^
3348:^
3312:^
3302:.
3202:,
3198:,
3164:.
3045:75
2982:45
2919:17
2677:19
2643:.
2072:.
838:.
811:.
799:.
69:.
4092:e
4085:t
4078:v
3801:/
3796:/
3579:e
3572:t
3565:v
3541:.
3510:.
3378:.
3306:.
3210:.
3162:C
3132:1
3129:=
3126:B
3123:,
3117:=
3114:A
3111:,
3108:1
3096:2
3092:=
3089:p
3069:1
3066:=
3063:B
3060:,
3054:=
3051:A
3048:,
3033:2
3029:=
3026:p
3006:1
3003:=
3000:B
2997:,
2991:=
2988:A
2985:,
2970:2
2966:=
2963:p
2943:1
2940:=
2937:B
2934:,
2928:=
2925:A
2922:,
2907:2
2903:=
2900:p
2880:1
2877:=
2874:B
2871:,
2865:=
2862:A
2859:,
2856:9
2844:2
2840:=
2837:p
2809:1
2806:=
2803:B
2780:=
2777:A
2774:,
2771:1
2759:2
2746:2
2742:=
2739:p
2715:1
2712:=
2709:B
2686:=
2683:A
2680:,
2665:2
2661:=
2658:p
2627:)
2622:2
2618:/
2614:1
2610:p
2606:(
2603:O
2583:)
2580:Q
2577:t
2574:(
2569:0
2565:x
2544:)
2541:Q
2538:s
2535:(
2530:0
2526:x
2522:,
2519:Q
2499:)
2496:Q
2493:t
2490:s
2487:(
2482:0
2478:x
2457:)
2454:Q
2451:t
2448:s
2445:(
2440:0
2436:x
2415:)
2412:Q
2409:t
2406:(
2401:0
2397:x
2376:t
2356:)
2353:Q
2350:s
2347:(
2342:0
2338:x
2317:s
2297:)
2292:p
2288:F
2284:(
2279:B
2276:,
2273:A
2270:,
2267:M
2263:E
2242:Q
2220:p
2216:F
2195:Z
2175:X
2153:2
2147:p
2143:Z
2139:X
2136:=
2133:)
2130:Z
2127::
2124:X
2121:(
2116:0
2112:x
2089:0
2085:x
2060:]
2057:0
2054::
2051:1
2048::
2045:0
2042:[
2039:=
2036:P
2016:]
2013:0
2010::
2007:1
2004:[
2001:=
1998:)
1995:P
1992:(
1989:x
1969:0
1963:Z
1943:]
1940:Z
1937::
1934:X
1931:[
1928:=
1925:)
1922:P
1919:(
1916:x
1896:x
1876:x
1854:B
1851:,
1848:A
1845:,
1842:M
1838:E
1817:]
1814:Z
1811::
1808:Y
1805::
1802:X
1799:[
1796:=
1793:P
1773:)
1768:2
1764:Z
1760:+
1757:Z
1754:X
1751:A
1748:+
1743:2
1739:X
1735:(
1732:X
1729:=
1726:Z
1721:2
1717:Y
1713:B
1691:B
1688:,
1685:A
1682:,
1679:M
1675:E
1651:q
1631:q
1628:4
1606:B
1603:,
1600:A
1597:,
1594:M
1590:E
1569:B
1549:A
1509:)
1504:p
1500:F
1496:(
1491:B
1488:,
1485:A
1482:,
1479:M
1475:E
1434:)
1431:1
1428:+
1425:x
1422:A
1419:+
1414:2
1410:x
1406:(
1403:x
1400:=
1395:2
1391:y
1387:B
1365:p
1361:F
1352:p
1348:F
1341:)
1338:y
1335:,
1332:x
1329:(
1309:)
1304:p
1300:F
1296:(
1291:B
1288:,
1285:A
1282:,
1279:M
1275:E
1252:B
1249:,
1246:A
1243:,
1240:M
1236:E
1213:p
1209:F
1168:)
1165:1
1162:+
1159:x
1156:A
1153:+
1148:2
1144:x
1140:(
1137:x
1134:=
1129:2
1125:y
1121:B
1099:p
1095:F
1086:p
1082:F
1075:)
1072:y
1069:,
1066:x
1063:(
1041:B
1038:,
1035:A
1032:,
1029:M
1025:E
1004:0
998:)
995:4
987:2
983:A
979:(
976:B
954:p
950:F
943:B
940:,
937:A
909:2
905:/
901:)
898:1
895:+
892:n
889:(
869:)
866:p
863:,
860:0
857:[
785:A
781:Q
772:B
768:d
764:=
761:G
753:A
749:d
740:B
736:d
732:=
729:G
721:B
717:d
708:A
704:d
700:=
695:B
691:Q
682:A
678:d
652:k
648:x
637:x
621:k
617:x
594:A
590:Q
581:B
577:d
573:=
570:)
565:k
561:y
557:,
552:k
548:x
544:(
522:B
518:Q
509:A
505:d
501:=
498:)
493:k
489:y
485:,
480:k
476:x
472:(
449:)
444:B
440:Q
436:,
431:B
427:d
423:(
403:)
398:A
394:Q
390:,
385:A
381:d
377:(
357:d
337:G
314:G
308:d
305:=
302:Q
282:Q
262:]
259:1
253:n
250:,
247:1
244:[
224:d
204:)
201:h
198:,
195:n
192:,
189:G
186:,
183:b
180:,
177:a
174:,
171:)
168:x
165:(
162:f
159:,
156:m
153:(
133:)
130:h
127:,
124:n
121:,
118:G
115:,
112:b
109:,
106:a
103:,
100:p
97:(
33:(
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.