While using BouncyCastle (this project's cryptography library), I noticed that the key generator could generate Elliptic Curve Digital Signature Algorithm ("ECDSA") and Elliptic Curve Diffie-Hellman ("ECDH") keys. Recently, I investigated Stackoverflow, one of my favorite and highly recommended websites, and found little about the potential for interaction between the two keys. So, I decided to ask StackOverflow and this post came to my rescue: Is there a difference between ECDH and ECDSA key?
Thomas Pornin, provided a thorough answer which included important issues regarding Fractus's potential authentication mechanism.
It's important to note that in the future, different authentication and encryption algorithms could be used. Perhaps in a few years someone will find a weakness in Elliptic Curve cryptography (as was found years ago in Single DES) or, alternatively, a tricky weakness in the curve used in Fractus currently. This needs to be accounted for in the protocol and implementation by specifying useful ciphers which possibly are not installed on the clients computer.
It's also entirely conceivable that the server, which acts as a CA, can be taken down in the future. Therefore the authentication mechanism will be "pluggable" enough on the client to allow for the use of a (perhaps simplified) Web of Trust model.
Many decisions need to be made today. I will post once I decide on the details of authentication and certificates.
Great Post !
ReplyDeleteYou are right that If some algorithm seems perfect today then its not sure that it will be considered perfect in future too as technology is evolving at very high pace.But if a thing is made from this point of view then its architecture can be made so that it can easily adapt to changes
ReplyDeletedigital signatures