0

I would like to use IES (x25519 and AES-GCM), but every message used a new session key, does that affect the performance of the system? do I need to used session key to refer to the key that used by previous session?

For example,

  1. Assume Alice knows Bob's public key.
  2. Alice would like to send a message to Bob.
  3. Alice generates her public and private keys,

  4. Then, she derives a session key k by using her private and Bob's public keys.

  5. Then, by using AES-GCM provides authentication for her public key and encrypts the message.

  6. She sends her public key and encrypted message to Bob.
  7. Bob drives the key and decrypts the encrypted message.
  8. Bob replay by encrypted the message by using the k.
  9. Then, if Alice would communicate with Bob, she repeats generates her public and private key.
Aymn Alaney
  • 441
  • 6
  • 17
  • AES-GCM uses CTR mode. The counter must not restart or [use the same value](https://crypto.stackexchange.com/q/2991/18298) under the same key. You can continue until the limit is reached. The AES key schedule is not slower than encryption. – kelalaka Feb 06 '19 at 07:37
  • You mean nonce, I know the nonce will be regenerated every time. But concern is the key regenerated every time. – Aymn Alaney Feb 06 '19 at 07:47
  • Well, [IV-Nonce](https://crypto.stackexchange.com/a/3970/18298). The session is under your control, You can continue to use the counter to the limit. – kelalaka Feb 06 '19 at 07:52
  • What you have proposed is OTR protocol. [Watch this video from 20:57](https://www.youtube.com/watch?v=7WnwSovjYMs&feature=youtu.be&t=1257). But it requires the recipient to be online else the sender won't be able to derive a new key for the next message. – defalt Feb 07 '19 at 11:45

0 Answers0