Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [ephemeral]

Ephemeral defines things that are short-lived, like (for example) an ephemeral key, which is a key that only exists within the lifetime of a communication session.

Ephemeral defines things that are short-lived, like (for example) an ephemeral key, which is a key that only exists within the lifetime of a communication session.

Ephemeral secrets are used to that an attacker can not exploit a potential attack vector relying on long-lived secret usage. That's why the term "ephemeral" is mostly used in relation to public-key cryptography, where the short-lived secrets tend to be the ephemeral keys used.

26 questions
9
votes
1 answer

Does perfect forward secrecy (using DH or ECDH) imply quantum resistance?

Does perfect forwarding secrecy, as used for e.g. the DHE_ and ECDHE_ TLS ciphersuites make it impossible for quantum analysis to retrieve the plaintext data within the connection?
Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
7
votes
0 answers

Signal Protocol - Better way to generate one time pre keys (OTPK)

The following explains a different way (then one-time pre keys) for Bob to securely generate ephemeral keys asynchronously without a limit while still being able to delete the private key immediately after the session is created. I am wondering can…
OughtToPrevail
  • 374
  • 4
  • 17
6
votes
2 answers

What is the difference between a sealed box and a normal box in libsodium?

I'm trying to learn libsodium to better my crypto knowledge. One nagging question I have is what is the difference between libsodium's sealed box and their normal box? Not in terms of technicalities as the docs do distinguish this well; but in terms…
Sukima
  • 161
  • 1
  • 6
6
votes
1 answer

What's the difference between DH and DHE?

The DH equation is: $$ K = g^{xy} \bmod p$$ Does using DHE mean even the $g$ and $p$ parameters are randomly generated (instead of being fixed)? Is this the difference?
Roberta Vendramini
  • 61
  • 1
  • 2
6
votes
1 answer

Ephemeral Encryption Keys

My understanding is, ignoring implementation details, iOS disk encryption works like this: On boot (and/or every time you unlock your phone) an ephemeral session key is created that can decrypt encrypted files. My question is, how is it possible…
Ali
  • 163
  • 4
6
votes
3 answers

Can Curve25519 shared secret be safely truncated to half its size?

I am planning to use a key agreement mechanism in an application needing ephemeral keys, and Curve25519 looks promising, specifically because it offers 128 bits of security, just fine for AES-128 which is my symmetric cryptographic algorithm of…
juhist
  • 1,643
  • 1
  • 13
  • 18
4
votes
2 answers

Diffie–Hellman Ephemerality Nomenclature

Below is a short excerpt of available DH cipher suites available on a machine. I understand EDH is ephemeral DH, and that ECDH is for Elliptic-Curve DH which is computationally faster. ECDHE is both of those aspects together. The confusing bit how…
selkathguy
  • 143
  • 4
3
votes
0 answers

Purpose of signed prekey in X3DH?

In the X3DH protocol a signed prekey ($SPK_B$) is used as part of the handshake. What is the purpose of this key? There seem to be no obvious cryptographic drawbacks by omitting this key. One rationale could be that these "semi static" keys can be…
Arno
  • 31
  • 1
3
votes
1 answer

Forward Secrecy when using non-ephemeral DH

In context SSL/TLS, reading up on various sites, I find forward secrecy in DH key exchange being linked to its ephemeral use i.e. DHE. I don't fully understand this link, where does following reasoning break? If non-ephemeral use (plain DH) would…
Eve Mallory
  • 31
  • 1
3
votes
3 answers

Authenticate ephemeral key exchange

At the moment I'm designing a crytosystem for a VPN server. One of the requirements is Perfect Forward Secrecy, but I'n not sure how to implement authentication on the ephemeral key exchange. If both parties possess a signed public key (signed by a…
Yorick de Wid
  • 165
  • 1
  • 8
2
votes
2 answers

Are ephemeral keys symmetric or asymmetric?

My question is: Are ephemeral keys symmetric or asymmetric? If symmetric, can ephemeral keys be created based on a (UserID || nonce)?
Wei Wen
  • 315
  • 3
  • 12
2
votes
1 answer

Emphemeral key creation from a long term shared secret (without DH)

Assuming I cannot use DH scheme, and the long term key is known to both sides, is there a known algorithm / standard that defines how to derive a short term key from a long term key?
Offir
  • 313
  • 1
  • 3
  • 6
2
votes
1 answer

How to correctly evaluate the security of DH in TLS

I'm trying to understand and evaluate the security impact of DH in TLS. As far as I can tell, there are four major different implementations of DH in TLS. DH DHE ECDH ECDHE With the ephemeral DH's, forward secrecy is possible, which I consider a…
SaAtomic
  • 289
  • 3
  • 10
2
votes
1 answer

What are the consequences (and potential mitigation) to poor entropy/RNG on server-side during ephemermal key generation and DH exchange

I am using a hardware TRNG feeding the entropy pool on the client side. But, in a world of virtualized, headless server hosts, what are the cryptographic/security consequences for random numbers (or a RNG) of possibly poor quality (entropy) being…
Bryan D.
  • 31
  • 2
2
votes
1 answer

Ephemeral Diffie-Hellman generator selection

I need to generate a EDH group on the fly in one has not been specified in a config file. Diffie-Hellman is kind of expensive in terms of computation, so I'd like to reduce the cost if possible. Is there any benefit to selecting a generator of 5…
user10496
1
2