7

Is a secret key generated with its own public and private keys any less secure than a "normal" secret key generated using DH key exchange?

Example:

KeyPair keyPair = kpg.genKeyPair();
publicKey = (DHPublicKey) keyPair.getPublic();
privateKey = (DHPrivateKey) keyPair.getPrivate();

KeyAgreement keyAgreement = KeyAgreement.getInstance("DH");
keyAgreement.init(privateKey);
keyAgreement.doPhase(
    KeyFactory.getInstance("DH")
        .generatePublic(
            new DHPublicKeySpec(publicKey.getY(), P, G)
        ),
    true);

secretKey = keyAgreement.generateSecret();
palindrom
  • 173
  • 5

1 Answers1

6

In traditional DH Key exchange, users A and B derive a common secret $g^{ab}$ from their respective key pairs $(pk_A=g^a, sk_A=a)$ and $(pk_B=g^b, sk_B=b)$. Aside from active attacks, the security of the scheme depends on the Computational Diffie-Hellman (CDH) assumption, since it is difficult to compute $g^{ab}$ from public keys $g^{a}$ and $g^{b}$.

If you perform the key agreement with yourself, you end up obtaining the secret $g^{a^2}$. The question now is if computing $g^{a^2}$ from your public key $g^a$ is difficult. The Square Computational Diffie-Hellman (SCDH) assumption says that, indeed, it is difficult. It can be proved that SCDH and CDH are equivalent for generic groups.

cygnusv
  • 4,952
  • 1
  • 22
  • 47
  • I'm assuming here that this is a theoretical question. Of course, this provides no additional security than directly deriving a secret from the private key. – cygnusv Jun 03 '16 at 10:35