4423:
797:
802:
The only information about her key that Alice initially exposes is her public key. So, no party except Alice can determine Alice's private key (Alice of course knows it by having selected it), unless that party can solve the elliptic curve
672:
841:
If Alice maliciously chooses invalid curve points for her key and Bob does not validate that Alice's points are part of the selected group, she can collect enough residues of Bob's key to derive his private key. Several
606:
534:
2789:
459:
413:
1783:
1377:
1111:
3138:
3075:
3012:
830:
nor key-compromise impersonation resilience, among other advanced security properties. Holders of static private keys should validate the other public key, and should apply a secure
2949:
4403:
4233:
2886:
2695:
1444:
1178:
2165:
822:
are temporary and not necessarily authenticated, so if authentication is desired, authenticity assurances must be obtained by other means. Authentication is necessary to avoid
214:
3863:
2307:
1519:
1319:
1014:
143:
966:
2554:
3573:
2637:
2509:
2467:
324:
2593:
2425:
2366:
1866:
1703:
1618:
1264:
1053:
3394:. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds) Public Key Cryptography - PKC 2006. Lecture Notes in Computer Science, vol 3958. Springer, Berlin, Heidelberg.
3338:. In Joppe W. Bos and Arjen K. Lenstra, editors, Topics in Computational Number Theory inspired by Peter L. Montgomery, pages 82–115. Cambridge University Press, 2017.
1979:
1539:
1464:
1198:
919:
2232:
2101:
2026:
1953:
1225:
879:
664:
633:
3991:
2815:
2721:
2070:
1827:
1641:
807:
problem. Bob's private key is similarly secure. No party other than Alice or Bob can compute the shared secret, unless that party can solve the elliptic curve
4086:
2386:
2327:
2252:
2205:
2185:
1906:
1886:
1661:
1579:
1559:
367:
347:
292:
234:
272:
3986:
3409:. In Advances in Cryptology - CRYPTO’85, Santa Barbara, California, USA, August 18-22, 1985, Proceedings, pages 417–426. Springer Berlin Heidelberg, 1985.
3715:
792:{\displaystyle d_{\text{A}}\cdot Q_{\text{B}}=d_{\text{A}}\cdot d_{\text{B}}\cdot G=d_{\text{B}}\cdot d_{\text{A}}\cdot G=d_{\text{B}}\cdot Q_{\text{A}}}
3894:
3888:
216:
in the binary case) must be agreed upon. Also, each party must have a key pair suitable for elliptic curve cryptography, consisting of a private key
834:
to the raw Diffie–Hellman shared secret to avoid leaking information about the static private key. For schemes with other security properties, see
4012:
3566:
826:. If one of either Alice's or Bob's public keys is static, then man-in-the-middle attacks are thwarted. Static public keys provide neither
4456:
921:. For this reason, the secret should not be used directly as a symmetric key, but it can be used as entropy for a key derivation function.
3274:
3421:
3317:
2234:. Following Miller, Montgomery and Bernstein, the Diffie-Hellman key agreement can be carried out on a Montgomery curve as follows. Let
327:
3630:
3655:
3620:
4079:
3610:
539:
467:
4451:
3559:
3518:
3688:
3635:
3221:
1666:
For computational efficiency, it is preferable to work with projective coordinates. The projective form of the
Montgomery curve
1541:
as the identity element. It is known that the order of this group is a multiple of 4. In fact, it is usually possible to obtain
62:
3774:
4282:
3799:
3683:
3292:
3246:
Special
Publication 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
4072:
3940:
3873:
3245:
3615:
4398:
4353:
4166:
4037:
3930:
3779:
3693:
3678:
3216:
86:
66:
808:
4277:
3789:
3660:
2730:
4393:
4042:
4022:
418:
372:
1708:
1324:
1058:
4383:
4373:
4228:
3981:
3752:
3080:
3017:
2954:
843:
823:
3455:"Security and Efficiency Trade-offs for Elliptic Curve Diffie-Hellman at the 128- and 224-bit Security Levels"
2891:
4378:
4368:
4171:
4131:
4124:
4114:
4109:
3935:
3582:
2828:
831:
58:
54:
2649:
4119:
4017:
3868:
3807:
3742:
3191:
1382:
1116:
2106:
4426:
4272:
4218:
3883:
3640:
3597:
3181:
148:
2257:
1469:
1269:
971:
4388:
4312:
3794:
3605:
2951:. At 256-bit security level, three Montgomery curves named M, M and M have been proposed in. For M,
4151:
3900:
3153:
2073:
814:
The public keys are either static (and trusted, say via a certificate) or ephemeral (also known as
92:
932:
4257:
4241:
4188:
3925:
3747:
3670:
3650:
3645:
3625:
3199:
2514:
804:
639:
coordinate of the point). Most standardized protocols based on ECDH derive a symmetric key from
2598:
2472:
2430:
297:
3454:
3271:
2559:
2391:
2332:
1832:
1669:
1584:
1230:
1019:
85:, but the only channel available for them may be eavesdropped by a third party. Initially, the
4317:
4307:
4178:
4007:
3950:
3878:
3764:
3353:
57:. The key, or the derived key, can then be used to encrypt subsequent communications using a
3406:
1958:
1524:
1449:
1183:
884:
4252:
3853:
3190:
uses ECDH to obtain post-compromise security. Implementations of this protocol are found in
3170:, an elliptic curve potentially offering 224 bits of security, developed by Mike Hamburg of
3161:
50:
2210:
2079:
1984:
1911:
1663:. For more extensive discussions of Montgomery curves and their arithmetic one may follow.
1203:
852:
642:
611:
3278:
3226:
3187:
3177:
3140:
respectively. Apart from these two, other proposals of
Montgomery curves can be found at.
827:
2794:
2700:
2031:
1788:
1623:
461:. Each party must know the other party's public key prior to execution of the protocol.
4327:
4247:
4208:
4156:
4141:
2371:
2312:
2237:
2190:
2170:
1891:
1871:
1646:
1564:
1544:
352:
332:
277:
219:
42:
3526:
239:
4445:
4408:
4363:
4322:
4302:
4198:
4161:
4136:
819:
82:
78:
46:
38:
4358:
4203:
4193:
4183:
4146:
4095:
4047:
4027:
3474:"Efficient Elliptic Curve Diffie-Hellman Computation at the 256-bit Security Level"
3354:"Montgomery curves and their arithmetic - the case of large characteristic fields"
4337:
3945:
3822:
3368:
4297:
4267:
4262:
4223:
3971:
3703:
3157:
3152:
is a popular set of elliptic curve parameters and reference implementation by
3149:
2818:
2643:
4287:
3496:
3473:
77:
The following example illustrates how a shared key is established. Suppose
4332:
4292:
4032:
3966:
3837:
3832:
3827:
3708:
3195:
3167:
2822:
2724:
3259:
Standards for efficient cryptography, SEC 1: Elliptic Curve
Cryptography
3858:
3817:
3483:
3479:
3391:
4213:
3976:
3171:
17:
3497:"Safecurves: choosing safe curves for elliptic- curve cryptography"
3439:
3335:
3812:
3769:
3737:
3730:
3725:
3720:
3460:
3318:"Speeding the Pollard and elliptic curve methods of factorization"
3258:
3203:
3369:"Can we avoid tests for zero in fast elliptic-curve arithmetic?"
3300:
European
Symposium on Research in Computer Security (ESORICS'15)
2469:. Using classical computers, the best known method of obtaining
4068:
3555:
669:
The shared secret calculated by both parties is equal, because
3905:
3759:
1200:. This is called the affine form of the curve. The set of all
835:
601:{\displaystyle (x_{k},y_{k})=d_{\text{B}}\cdot Q_{\text{A}}}
529:{\displaystyle (x_{k},y_{k})=d_{\text{A}}\cdot Q_{\text{B}}}
2817:. Couple of Montgomery curves named M and M competitive to
3291:
Tibor Jager; Jorg
Schwenk; Juraj Somorovsky (2015-09-04).
849:
The shared secret is uniformly distributed on a subset of
53:. This shared secret may be directly used as a key, or to
3184:
of all messages sent through said app since
October 2015.
2723:. The other Montgomery curve which is part of TLS 1.3 is
4234:
Cryptographically secure pseudorandom number generator
846:
libraries were found to be vulnerable to this attack.
3083:
3020:
2957:
2894:
2831:
2797:
2733:
2703:
2652:
2601:
2562:
2517:
2475:
2433:
2394:
2374:
2335:
2315:
2260:
2240:
2213:
2193:
2173:
2109:
2082:
2034:
1987:
1961:
1914:
1894:
1874:
1835:
1791:
1711:
1672:
1649:
1626:
1587:
1567:
1547:
1527:
1472:
1452:
1385:
1327:
1272:
1233:
1206:
1186:
1119:
1061:
1022:
974:
935:
887:
855:
675:
645:
614:
542:
470:
421:
375:
355:
335:
300:
280:
242:
222:
151:
95:
3543:
3519:"New generation of safe messaging: "Letter Sealing""
3323:. Mathematics of Computation, 48(177):243–264, 1987.
3180:
has used the ECDH protocol for its "Letter
Sealing"
4346:
4102:
4000:
3959:
3918:
3846:
3788:
3669:
3596:
3589:
3356:. J. Cryptographic Engineering, 8(3):227–240, 2018.
3164:
and alternative implementations are also available.
2646:which was introduced by Bernstein. For Curve25519,
3132:
3069:
3006:
2943:
2880:
2809:
2783:
2715:
2689:
2631:
2587:
2548:
2503:
2461:
2419:
2380:
2360:
2321:
2301:
2246:
2226:
2199:
2179:
2159:
2095:
2064:
2020:
1973:
1947:
1900:
1880:
1860:
1821:
1777:
1697:
1655:
1635:
1612:
1573:
1553:
1533:
1513:
1458:
1438:
1371:
1313:
1258:
1219:
1192:
1172:
1105:
1047:
1008:
960:
913:
873:
791:
658:
627:
600:
528:
453:
407:
361:
341:
318:
286:
266:
228:
208:
137:
3422:"Monte Carlo methods for index computation mod p"
925:Diffie-Hellman Key Agreement on Montgomery Curves
41:protocol that allows two parties, each having an
3442:. ACR Cryptology ePrint Archive, 2015:625, 2015.
3476:. IET Information Security, 14(6):633640, 2020.
3427:. Mathematics of Computation, 32:918–924, 1978.
2727:which was introduced by Hamburg. For Curve448,
2642:The most famous example of Montgomery curve is
1466:. Under a suitably defined addition operation,
666:using some hash-based key derivation function.
3392:"Curve25519: New Diffie-Hellman Speed Records"
3347:
3345:
3272:Suite B Implementers' Guide to NIST SP 800-56A
4080:
3567:
3336:"Montgomery curves and the Montgomery ladder"
3293:"Practical Invalid Curve Attacks on TLS-ECDH"
2254:be a generator of a prime order subgroup of
236:(a randomly selected integer in the interval
8:
3385:
3383:
3381:
2784:{\displaystyle p=2^{448}-2^{224}-1,A=156326}
2427:. The shared secret key of Alice and Bob is
1180:along with the point at infinity denoted as
818:, where final 'E' stands for "ephemeral").
2825:respectively have been proposed in. For M,
454:{\displaystyle (d_{\text{B}},Q_{\text{B}})}
408:{\displaystyle (d_{\text{A}},Q_{\text{A}})}
4087:
4073:
4065:
3593:
3574:
3560:
3552:
3548:
3544:
1778:{\displaystyle BY^{2}Z=X(X^{2}+AXZ+Z^{2})}
1372:{\displaystyle (x,y)\in F_{p}\times F_{p}}
1106:{\displaystyle (x,y)\in F_{p}\times F_{p}}
274:) and a public key represented by a point
3133:{\displaystyle p=2^{521}-1,A=1504058,B=1}
3094:
3082:
3070:{\displaystyle p=2^{510}-75,A=952902,B=1}
3031:
3019:
3007:{\displaystyle p=2^{506}-45,A=996558,B=1}
2968:
2956:
2905:
2893:
2842:
2830:
2796:
2757:
2744:
2732:
2702:
2663:
2651:
2616:
2612:
2600:
2567:
2561:
2528:
2516:
2480:
2474:
2438:
2432:
2399:
2393:
2373:
2340:
2334:
2314:
2290:
2265:
2259:
2239:
2218:
2212:
2192:
2172:
2145:
2114:
2108:
2087:
2081:
2033:
1986:
1960:
1913:
1893:
1873:
1840:
1834:
1790:
1766:
1741:
1719:
1710:
1677:
1671:
1648:
1625:
1592:
1586:
1566:
1546:
1526:
1502:
1477:
1471:
1451:
1412:
1393:
1384:
1363:
1350:
1326:
1302:
1277:
1271:
1238:
1232:
1211:
1205:
1185:
1146:
1127:
1118:
1097:
1084:
1060:
1027:
1021:
985:
973:
952:
934:
903:
886:
854:
783:
770:
751:
738:
719:
706:
693:
680:
674:
650:
644:
619:
613:
592:
579:
563:
550:
541:
520:
507:
491:
478:
469:
442:
429:
420:
396:
383:
374:
354:
334:
299:
279:
241:
221:
150:
94:
3440:"Ed448-goldilocks, a new elliptic curve"
3407:"Use of elliptic curves in cryptography"
3311:
3309:
45:public–private key pair, to establish a
3237:
2944:{\displaystyle p=2^{444}-17,A=4058,B=1}
2639:time using the Pollards rho algorithm.
2881:{\displaystyle p=2^{251}-9,A=4698,B=1}
2690:{\displaystyle p=2^{255}-19,A=486662}
1016:. The Montgomery form elliptic curve
81:wants to establish a shared key with
7:
3895:Naccache–Stern knapsack cryptosystem
3495:Bernstein, Daniel J.; Lange, Tanja.
3484:https://github.com/kn-cs/mont256-vec
3457:. J Cryptogr Eng 12, 107–121 (2022).
3334:Bernstein, Daniel J.; Lange, Tanja.
1439:{\displaystyle By^{2}=x(x^{2}+Ax+1)}
1173:{\displaystyle By^{2}=x(x^{2}+Ax+1)}
3480:https://github.com/kn-cs/mont256-dh
2167:which is defined for all values of
2160:{\displaystyle x_{0}(X:Z)=XZ^{p-2}}
3525:. LINE Corporation. Archived from
3352:Costello, Craig; Smith, Benjamin.
1528:
1453:
1187:
209:{\displaystyle (m,f(x),a,b,G,n,h)}
25:
4422:
4421:
2302:{\displaystyle E_{M,A,B}(F_{p})}
1514:{\displaystyle E_{M,A,B}(F_{p})}
1314:{\displaystyle E_{M,A,B}(F_{p})}
1009:{\displaystyle B(A^{2}-4)\neq 0}
369:times). Let Alice's key pair be
3926:Discrete logarithm cryptography
3472:Nath, Kaushik; Sarkar, Palash.
3461:https://github.com/kn-cs/x25519
3453:Nath, Kaushik; Sarkar, Palash.
4283:Information-theoretic security
2626:
2605:
2582:
2573:
2543:
2534:
2498:
2486:
2456:
2444:
2414:
2405:
2355:
2346:
2296:
2283:
2132:
2120:
2059:
2041:
2015:
2003:
1997:
1991:
1942:
1930:
1924:
1918:
1816:
1798:
1772:
1734:
1508:
1495:
1433:
1405:
1340:
1328:
1308:
1295:
1167:
1139:
1074:
1062:
997:
978:
900:
888:
868:
856:
569:
543:
497:
471:
448:
422:
402:
376:
261:
243:
203:
170:
164:
152:
132:
96:
1:
2309:. Alice chooses a secret key
138:{\displaystyle (p,a,b,G,n,h)}
31:Elliptic-curve Diffie–Hellman
3941:Non-commutative cryptography
3261:, Version 2.0, May 21, 2009.
2368:; Bob chooses a secret key
961:{\displaystyle A,B\in F_{p}}
4457:Elliptic curve cryptography
4399:Message authentication code
4354:Cryptographic hash function
4167:Cryptographic hash function
4038:Identity-based cryptography
3931:Elliptic-curve cryptography
3222:Diffie–Hellman key exchange
3217:Elliptic-curve cryptography
2549:{\displaystyle Q,x_{0}(sQ)}
67:elliptic-curve cryptography
4473:
4278:Harvest now, decrypt later
3270:NSA Suite B Cryptography,
2632:{\displaystyle O(p^{1/2})}
2504:{\displaystyle x_{0}(stQ)}
2462:{\displaystyle x_{0}(stQ)}
319:{\displaystyle Q=d\cdot G}
73:Key establishment protocol
4417:
4394:Post-quantum cryptography
4064:
4043:Post-quantum cryptography
3992:Post-Quantum Cryptography
3551:
3547:
2588:{\displaystyle x_{0}(tQ)}
2420:{\displaystyle x_{0}(tQ)}
2361:{\displaystyle x_{0}(sQ)}
1861:{\displaystyle E_{M,A,B}}
1698:{\displaystyle E_{M,A,B}}
1613:{\displaystyle E_{M,A,B}}
1259:{\displaystyle E_{M,A,B}}
1048:{\displaystyle E_{M,A,B}}
824:man-in-the-middle attacks
326:, that is, the result of
61:. It is a variant of the
4384:Quantum key distribution
4374:Authenticated encryption
4229:Random number generation
1113:satisfying the equation
608:. The shared secret is
4452:Key-agreement protocols
4379:Public-key cryptography
4369:Symmetric-key algorithm
4172:Key derivation function
4132:Cryptographic primitive
4125:Authentication protocol
4115:Outline of cryptography
4110:History of cryptography
3936:Hash-based cryptography
3583:Public-key cryptography
1974:{\displaystyle Z\neq 0}
1581:such that the order of
1534:{\displaystyle \infty }
1459:{\displaystyle \infty }
1193:{\displaystyle \infty }
914:{\displaystyle (n+1)/2}
832:key derivation function
4120:Cryptographic protocol
3517:JI (13 October 2015).
3174:Cryptography Research.
3134:
3071:
3008:
2945:
2882:
2811:
2785:
2717:
2691:
2633:
2589:
2550:
2505:
2463:
2421:
2382:
2362:
2323:
2303:
2248:
2228:
2201:
2181:
2161:
2097:
2066:
2022:
1975:
1949:
1902:
1882:
1862:
1823:
1779:
1699:
1657:
1637:
1614:
1575:
1555:
1535:
1515:
1460:
1440:
1373:
1315:
1260:
1221:
1194:
1174:
1107:
1049:
1010:
962:
915:
875:
809:Diffie–Hellman problem
793:
660:
629:
602:
530:
455:
415:and Bob's key pair be
409:
363:
343:
320:
288:
268:
230:
210:
139:
27:Key agreement protocol
4273:End-to-end encryption
4219:Cryptojacking malware
3598:Integer factorization
3390:Bernstein, Daniel J.
3367:Bernstein, Daniel J.
3316:Montgomery, Peter L.
3182:end-to-end encryption
3135:
3072:
3009:
2946:
2883:
2812:
2786:
2718:
2692:
2634:
2590:
2551:
2506:
2464:
2422:
2383:
2363:
2324:
2304:
2249:
2229:
2227:{\displaystyle F_{p}}
2202:
2182:
2162:
2098:
2096:{\displaystyle x_{0}}
2067:
2023:
2021:{\displaystyle x(P)=}
1976:
1950:
1948:{\displaystyle x(P)=}
1903:
1883:
1863:
1824:
1780:
1700:
1658:
1638:
1615:
1576:
1556:
1536:
1516:
1461:
1441:
1374:
1316:
1261:
1222:
1220:{\displaystyle F_{p}}
1195:
1175:
1108:
1050:
1011:
963:
916:
876:
874:{\displaystyle [0,p)}
794:
661:
659:{\displaystyle x_{k}}
630:
628:{\displaystyle x_{k}}
603:
536:. Bob computes point
531:
464:Alice computes point
456:
410:
364:
344:
321:
289:
269:
231:
211:
145:in the prime case or
140:
4389:Quantum cryptography
4313:Trusted timestamping
3523:LINE Engineers' Blog
3478:, Code available at
3459:, Code available at
3081:
3018:
2955:
2892:
2829:
2795:
2731:
2701:
2650:
2599:
2560:
2515:
2473:
2431:
2392:
2372:
2333:
2313:
2258:
2238:
2211:
2191:
2171:
2107:
2080:
2032:
1985:
1959:
1912:
1892:
1872:
1833:
1789:
1709:
1670:
1647:
1624:
1585:
1565:
1545:
1525:
1470:
1450:
1383:
1325:
1270:
1231:
1227:-rational points of
1204:
1184:
1117:
1059:
1020:
972:
933:
885:
853:
673:
643:
612:
540:
468:
419:
373:
353:
333:
298:
278:
240:
220:
149:
93:
59:symmetric-key cipher
4152:Cryptographic nonce
3901:Three-pass protocol
3257:Certicom Research,
3154:Daniel J. Bernstein
2810:{\displaystyle B=1}
2716:{\displaystyle B=1}
2388:and has public key
2329:and has public key
2076:introduced the map
4258:Subliminal channel
4242:Pseudorandom noise
4189:Key (cryptography)
3671:Discrete logarithm
3529:on 1 February 2019
3405:Miller, Victor S.
3277:2016-03-06 at the
3200:Facebook Messenger
3178:LINE messenger app
3130:
3067:
3004:
2941:
2878:
2807:
2781:
2713:
2687:
2629:
2585:
2546:
2501:
2459:
2417:
2378:
2358:
2319:
2299:
2244:
2224:
2197:
2177:
2157:
2093:
2065:{\displaystyle P=}
2062:
2018:
1971:
1945:
1908:is the following:
1898:
1878:
1858:
1822:{\displaystyle P=}
1819:
1775:
1695:
1653:
1636:{\displaystyle 4q}
1633:
1610:
1571:
1551:
1531:
1511:
1456:
1436:
1369:
1321:is the set of all
1311:
1256:
1217:
1190:
1170:
1103:
1055:is the set of all
1045:
1006:
958:
911:
871:
805:discrete logarithm
789:
656:
625:
598:
526:
451:
405:
359:
339:
316:
284:
264:
226:
206:
135:
55:derive another key
4439:
4438:
4435:
4434:
4318:Key-based routing
4308:Trapdoor function
4179:Digital signature
4060:
4059:
4056:
4055:
4008:Digital signature
3951:Trapdoor function
3914:
3913:
3631:Goldwasser–Micali
3420:Pollard, John M.
2381:{\displaystyle t}
2322:{\displaystyle s}
2247:{\displaystyle Q}
2200:{\displaystyle Z}
2180:{\displaystyle X}
1901:{\displaystyle x}
1881:{\displaystyle x}
1656:{\displaystyle q}
1574:{\displaystyle B}
1554:{\displaystyle A}
786:
773:
754:
741:
722:
709:
696:
683:
595:
582:
523:
510:
445:
432:
399:
386:
362:{\displaystyle d}
342:{\displaystyle G}
287:{\displaystyle Q}
229:{\displaystyle d}
87:domain parameters
16:(Redirected from
4464:
4425:
4424:
4253:Insecure channel
4089:
4082:
4075:
4066:
3897:
3798:
3793:
3753:signature scheme
3656:Okamoto–Uchiyama
3594:
3576:
3569:
3562:
3553:
3549:
3545:
3539:
3538:
3536:
3534:
3514:
3508:
3507:
3505:
3503:
3492:
3486:
3477:
3469:
3463:
3458:
3450:
3444:
3443:
3435:
3429:
3428:
3426:
3417:
3411:
3410:
3402:
3396:
3395:
3387:
3376:
3375:
3373:
3364:
3358:
3357:
3349:
3340:
3339:
3331:
3325:
3324:
3322:
3313:
3304:
3303:
3297:
3288:
3282:
3281:, July 28, 2009.
3268:
3262:
3255:
3249:
3242:
3139:
3137:
3136:
3131:
3099:
3098:
3076:
3074:
3073:
3068:
3036:
3035:
3013:
3011:
3010:
3005:
2973:
2972:
2950:
2948:
2947:
2942:
2910:
2909:
2887:
2885:
2884:
2879:
2847:
2846:
2816:
2814:
2813:
2808:
2790:
2788:
2787:
2782:
2762:
2761:
2749:
2748:
2722:
2720:
2719:
2714:
2696:
2694:
2693:
2688:
2668:
2667:
2638:
2636:
2635:
2630:
2625:
2624:
2620:
2594:
2592:
2591:
2586:
2572:
2571:
2555:
2553:
2552:
2547:
2533:
2532:
2510:
2508:
2507:
2502:
2485:
2484:
2468:
2466:
2465:
2460:
2443:
2442:
2426:
2424:
2423:
2418:
2404:
2403:
2387:
2385:
2384:
2379:
2367:
2365:
2364:
2359:
2345:
2344:
2328:
2326:
2325:
2320:
2308:
2306:
2305:
2300:
2295:
2294:
2282:
2281:
2253:
2251:
2250:
2245:
2233:
2231:
2230:
2225:
2223:
2222:
2206:
2204:
2203:
2198:
2186:
2184:
2183:
2178:
2166:
2164:
2163:
2158:
2156:
2155:
2119:
2118:
2102:
2100:
2099:
2094:
2092:
2091:
2071:
2069:
2068:
2063:
2027:
2025:
2024:
2019:
1980:
1978:
1977:
1972:
1954:
1952:
1951:
1946:
1907:
1905:
1904:
1899:
1888:-coordinate map
1887:
1885:
1884:
1879:
1867:
1865:
1864:
1859:
1857:
1856:
1828:
1826:
1825:
1820:
1784:
1782:
1781:
1776:
1771:
1770:
1746:
1745:
1724:
1723:
1704:
1702:
1701:
1696:
1694:
1693:
1662:
1660:
1659:
1654:
1642:
1640:
1639:
1634:
1619:
1617:
1616:
1611:
1609:
1608:
1580:
1578:
1577:
1572:
1560:
1558:
1557:
1552:
1540:
1538:
1537:
1532:
1521:is a group with
1520:
1518:
1517:
1512:
1507:
1506:
1494:
1493:
1465:
1463:
1462:
1457:
1445:
1443:
1442:
1437:
1417:
1416:
1398:
1397:
1378:
1376:
1375:
1370:
1368:
1367:
1355:
1354:
1320:
1318:
1317:
1312:
1307:
1306:
1294:
1293:
1265:
1263:
1262:
1257:
1255:
1254:
1226:
1224:
1223:
1218:
1216:
1215:
1199:
1197:
1196:
1191:
1179:
1177:
1176:
1171:
1151:
1150:
1132:
1131:
1112:
1110:
1109:
1104:
1102:
1101:
1089:
1088:
1054:
1052:
1051:
1046:
1044:
1043:
1015:
1013:
1012:
1007:
990:
989:
967:
965:
964:
959:
957:
956:
920:
918:
917:
912:
907:
880:
878:
877:
872:
798:
796:
795:
790:
788:
787:
784:
775:
774:
771:
756:
755:
752:
743:
742:
739:
724:
723:
720:
711:
710:
707:
698:
697:
694:
685:
684:
681:
665:
663:
662:
657:
655:
654:
634:
632:
631:
626:
624:
623:
607:
605:
604:
599:
597:
596:
593:
584:
583:
580:
568:
567:
555:
554:
535:
533:
532:
527:
525:
524:
521:
512:
511:
508:
496:
495:
483:
482:
460:
458:
457:
452:
447:
446:
443:
434:
433:
430:
414:
412:
411:
406:
401:
400:
397:
388:
387:
384:
368:
366:
365:
360:
348:
346:
345:
340:
325:
323:
322:
317:
293:
291:
290:
285:
273:
271:
270:
267:{\displaystyle }
265:
235:
233:
232:
227:
215:
213:
212:
207:
144:
142:
141:
136:
51:insecure channel
21:
4472:
4471:
4467:
4466:
4465:
4463:
4462:
4461:
4442:
4441:
4440:
4431:
4413:
4342:
4098:
4093:
4052:
3996:
3960:Standardization
3955:
3910:
3893:
3842:
3790:Lattice/SVP/CVP
3784:
3665:
3611:Blum–Goldwasser
3585:
3580:
3542:
3532:
3530:
3516:
3515:
3511:
3501:
3499:
3494:
3493:
3489:
3471:
3470:
3466:
3452:
3451:
3447:
3438:Hamburg, Mike.
3437:
3436:
3432:
3424:
3419:
3418:
3414:
3404:
3403:
3399:
3389:
3388:
3379:
3371:
3366:
3365:
3361:
3351:
3350:
3343:
3333:
3332:
3328:
3320:
3315:
3314:
3307:
3295:
3290:
3289:
3285:
3279:Wayback Machine
3269:
3265:
3256:
3252:
3243:
3239:
3235:
3227:Forward secrecy
3213:
3188:Signal Protocol
3146:
3090:
3079:
3078:
3027:
3016:
3015:
2964:
2953:
2952:
2901:
2890:
2889:
2838:
2827:
2826:
2793:
2792:
2753:
2740:
2729:
2728:
2699:
2698:
2659:
2648:
2647:
2608:
2597:
2596:
2595:requires about
2563:
2558:
2557:
2524:
2513:
2512:
2476:
2471:
2470:
2434:
2429:
2428:
2395:
2390:
2389:
2370:
2369:
2336:
2331:
2330:
2311:
2310:
2286:
2261:
2256:
2255:
2236:
2235:
2214:
2209:
2208:
2189:
2188:
2169:
2168:
2141:
2110:
2105:
2104:
2083:
2078:
2077:
2030:
2029:
1983:
1982:
1957:
1956:
1910:
1909:
1890:
1889:
1870:
1869:
1836:
1831:
1830:
1787:
1786:
1762:
1737:
1715:
1707:
1706:
1673:
1668:
1667:
1645:
1644:
1622:
1621:
1588:
1583:
1582:
1563:
1562:
1543:
1542:
1523:
1522:
1498:
1473:
1468:
1467:
1448:
1447:
1408:
1389:
1381:
1380:
1359:
1346:
1323:
1322:
1298:
1273:
1268:
1267:
1234:
1229:
1228:
1207:
1202:
1201:
1182:
1181:
1142:
1123:
1115:
1114:
1093:
1080:
1057:
1056:
1023:
1018:
1017:
981:
970:
969:
948:
931:
930:
927:
883:
882:
851:
850:
828:forward secrecy
779:
766:
747:
734:
715:
702:
689:
676:
671:
670:
646:
641:
640:
615:
610:
609:
588:
575:
559:
546:
538:
537:
516:
503:
487:
474:
466:
465:
438:
425:
417:
416:
392:
379:
371:
370:
351:
350:
331:
330:
296:
295:
276:
275:
238:
237:
218:
217:
147:
146:
91:
90:
75:
65:protocol using
28:
23:
22:
15:
12:
11:
5:
4470:
4468:
4460:
4459:
4454:
4444:
4443:
4437:
4436:
4433:
4432:
4430:
4429:
4418:
4415:
4414:
4412:
4411:
4406:
4404:Random numbers
4401:
4396:
4391:
4386:
4381:
4376:
4371:
4366:
4361:
4356:
4350:
4348:
4344:
4343:
4341:
4340:
4335:
4330:
4328:Garlic routing
4325:
4320:
4315:
4310:
4305:
4300:
4295:
4290:
4285:
4280:
4275:
4270:
4265:
4260:
4255:
4250:
4248:Secure channel
4245:
4239:
4238:
4237:
4226:
4221:
4216:
4211:
4209:Key stretching
4206:
4201:
4196:
4191:
4186:
4181:
4176:
4175:
4174:
4169:
4159:
4157:Cryptovirology
4154:
4149:
4144:
4142:Cryptocurrency
4139:
4134:
4129:
4128:
4127:
4117:
4112:
4106:
4104:
4100:
4099:
4094:
4092:
4091:
4084:
4077:
4069:
4062:
4061:
4058:
4057:
4054:
4053:
4051:
4050:
4045:
4040:
4035:
4030:
4025:
4020:
4015:
4010:
4004:
4002:
3998:
3997:
3995:
3994:
3989:
3984:
3979:
3974:
3969:
3963:
3961:
3957:
3956:
3954:
3953:
3948:
3943:
3938:
3933:
3928:
3922:
3920:
3916:
3915:
3912:
3911:
3909:
3908:
3903:
3898:
3891:
3889:Merkle–Hellman
3886:
3881:
3876:
3871:
3866:
3861:
3856:
3850:
3848:
3844:
3843:
3841:
3840:
3835:
3830:
3825:
3820:
3815:
3810:
3804:
3802:
3786:
3785:
3783:
3782:
3777:
3772:
3767:
3762:
3757:
3756:
3755:
3745:
3740:
3735:
3734:
3733:
3728:
3718:
3713:
3712:
3711:
3706:
3696:
3691:
3686:
3681:
3675:
3673:
3667:
3666:
3664:
3663:
3658:
3653:
3648:
3643:
3638:
3636:Naccache–Stern
3633:
3628:
3623:
3618:
3613:
3608:
3602:
3600:
3591:
3587:
3586:
3581:
3579:
3578:
3571:
3564:
3556:
3541:
3540:
3509:
3487:
3464:
3445:
3430:
3412:
3397:
3377:
3359:
3341:
3326:
3305:
3283:
3263:
3250:
3248:, March, 2006.
3236:
3234:
3231:
3230:
3229:
3224:
3219:
3212:
3209:
3208:
3207:
3185:
3175:
3165:
3145:
3142:
3129:
3126:
3123:
3120:
3117:
3114:
3111:
3108:
3105:
3102:
3097:
3093:
3089:
3086:
3066:
3063:
3060:
3057:
3054:
3051:
3048:
3045:
3042:
3039:
3034:
3030:
3026:
3023:
3003:
3000:
2997:
2994:
2991:
2988:
2985:
2982:
2979:
2976:
2971:
2967:
2963:
2960:
2940:
2937:
2934:
2931:
2928:
2925:
2922:
2919:
2916:
2913:
2908:
2904:
2900:
2897:
2877:
2874:
2871:
2868:
2865:
2862:
2859:
2856:
2853:
2850:
2845:
2841:
2837:
2834:
2806:
2803:
2800:
2780:
2777:
2774:
2771:
2768:
2765:
2760:
2756:
2752:
2747:
2743:
2739:
2736:
2712:
2709:
2706:
2686:
2683:
2680:
2677:
2674:
2671:
2666:
2662:
2658:
2655:
2628:
2623:
2619:
2615:
2611:
2607:
2604:
2584:
2581:
2578:
2575:
2570:
2566:
2545:
2542:
2539:
2536:
2531:
2527:
2523:
2520:
2500:
2497:
2494:
2491:
2488:
2483:
2479:
2458:
2455:
2452:
2449:
2446:
2441:
2437:
2416:
2413:
2410:
2407:
2402:
2398:
2377:
2357:
2354:
2351:
2348:
2343:
2339:
2318:
2298:
2293:
2289:
2285:
2280:
2277:
2274:
2271:
2268:
2264:
2243:
2221:
2217:
2196:
2176:
2154:
2151:
2148:
2144:
2140:
2137:
2134:
2131:
2128:
2125:
2122:
2117:
2113:
2090:
2086:
2061:
2058:
2055:
2052:
2049:
2046:
2043:
2040:
2037:
2017:
2014:
2011:
2008:
2005:
2002:
1999:
1996:
1993:
1990:
1970:
1967:
1964:
1944:
1941:
1938:
1935:
1932:
1929:
1926:
1923:
1920:
1917:
1897:
1877:
1855:
1852:
1849:
1846:
1843:
1839:
1818:
1815:
1812:
1809:
1806:
1803:
1800:
1797:
1794:
1785:. For a point
1774:
1769:
1765:
1761:
1758:
1755:
1752:
1749:
1744:
1740:
1736:
1733:
1730:
1727:
1722:
1718:
1714:
1692:
1689:
1686:
1683:
1680:
1676:
1652:
1632:
1629:
1607:
1604:
1601:
1598:
1595:
1591:
1570:
1550:
1530:
1510:
1505:
1501:
1497:
1492:
1489:
1486:
1483:
1480:
1476:
1455:
1435:
1432:
1429:
1426:
1423:
1420:
1415:
1411:
1407:
1404:
1401:
1396:
1392:
1388:
1366:
1362:
1358:
1353:
1349:
1345:
1342:
1339:
1336:
1333:
1330:
1310:
1305:
1301:
1297:
1292:
1289:
1286:
1283:
1280:
1276:
1253:
1250:
1247:
1244:
1241:
1237:
1214:
1210:
1189:
1169:
1166:
1163:
1160:
1157:
1154:
1149:
1145:
1141:
1138:
1135:
1130:
1126:
1122:
1100:
1096:
1092:
1087:
1083:
1079:
1076:
1073:
1070:
1067:
1064:
1042:
1039:
1036:
1033:
1030:
1026:
1005:
1002:
999:
996:
993:
988:
984:
980:
977:
955:
951:
947:
944:
941:
938:
926:
923:
910:
906:
902:
899:
896:
893:
890:
870:
867:
864:
861:
858:
820:Ephemeral keys
782:
778:
769:
765:
762:
759:
750:
746:
737:
733:
730:
727:
718:
714:
705:
701:
692:
688:
679:
653:
649:
622:
618:
591:
587:
578:
574:
571:
566:
562:
558:
553:
549:
545:
519:
515:
506:
502:
499:
494:
490:
486:
481:
477:
473:
450:
441:
437:
428:
424:
404:
395:
391:
382:
378:
358:
338:
315:
312:
309:
306:
303:
283:
263:
260:
257:
254:
251:
248:
245:
225:
205:
202:
199:
196:
193:
190:
187:
184:
181:
178:
175:
172:
169:
166:
163:
160:
157:
154:
134:
131:
128:
125:
122:
119:
116:
113:
110:
107:
104:
101:
98:
74:
71:
63:Diffie–Hellman
43:elliptic-curve
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
4469:
4458:
4455:
4453:
4450:
4449:
4447:
4428:
4420:
4419:
4416:
4410:
4409:Steganography
4407:
4405:
4402:
4400:
4397:
4395:
4392:
4390:
4387:
4385:
4382:
4380:
4377:
4375:
4372:
4370:
4367:
4365:
4364:Stream cipher
4362:
4360:
4357:
4355:
4352:
4351:
4349:
4345:
4339:
4336:
4334:
4331:
4329:
4326:
4324:
4323:Onion routing
4321:
4319:
4316:
4314:
4311:
4309:
4306:
4304:
4303:Shared secret
4301:
4299:
4296:
4294:
4291:
4289:
4286:
4284:
4281:
4279:
4276:
4274:
4271:
4269:
4266:
4264:
4261:
4259:
4256:
4254:
4251:
4249:
4246:
4243:
4240:
4235:
4232:
4231:
4230:
4227:
4225:
4222:
4220:
4217:
4215:
4212:
4210:
4207:
4205:
4202:
4200:
4199:Key generator
4197:
4195:
4192:
4190:
4187:
4185:
4182:
4180:
4177:
4173:
4170:
4168:
4165:
4164:
4163:
4162:Hash function
4160:
4158:
4155:
4153:
4150:
4148:
4145:
4143:
4140:
4138:
4137:Cryptanalysis
4135:
4133:
4130:
4126:
4123:
4122:
4121:
4118:
4116:
4113:
4111:
4108:
4107:
4105:
4101:
4097:
4090:
4085:
4083:
4078:
4076:
4071:
4070:
4067:
4063:
4049:
4046:
4044:
4041:
4039:
4036:
4034:
4031:
4029:
4026:
4024:
4021:
4019:
4016:
4014:
4011:
4009:
4006:
4005:
4003:
3999:
3993:
3990:
3988:
3985:
3983:
3980:
3978:
3975:
3973:
3970:
3968:
3965:
3964:
3962:
3958:
3952:
3949:
3947:
3944:
3942:
3939:
3937:
3934:
3932:
3929:
3927:
3924:
3923:
3921:
3917:
3907:
3904:
3902:
3899:
3896:
3892:
3890:
3887:
3885:
3882:
3880:
3877:
3875:
3872:
3870:
3867:
3865:
3862:
3860:
3857:
3855:
3852:
3851:
3849:
3845:
3839:
3836:
3834:
3831:
3829:
3826:
3824:
3821:
3819:
3816:
3814:
3811:
3809:
3806:
3805:
3803:
3801:
3796:
3791:
3787:
3781:
3778:
3776:
3773:
3771:
3768:
3766:
3763:
3761:
3758:
3754:
3751:
3750:
3749:
3746:
3744:
3741:
3739:
3736:
3732:
3729:
3727:
3724:
3723:
3722:
3719:
3717:
3714:
3710:
3707:
3705:
3702:
3701:
3700:
3697:
3695:
3692:
3690:
3687:
3685:
3682:
3680:
3677:
3676:
3674:
3672:
3668:
3662:
3661:Schmidt–Samoa
3659:
3657:
3654:
3652:
3649:
3647:
3644:
3642:
3639:
3637:
3634:
3632:
3629:
3627:
3624:
3622:
3621:Damgård–Jurik
3619:
3617:
3616:Cayley–Purser
3614:
3612:
3609:
3607:
3604:
3603:
3601:
3599:
3595:
3592:
3588:
3584:
3577:
3572:
3570:
3565:
3563:
3558:
3557:
3554:
3550:
3546:
3528:
3524:
3520:
3513:
3510:
3498:
3491:
3488:
3485:
3481:
3475:
3468:
3465:
3462:
3456:
3449:
3446:
3441:
3434:
3431:
3423:
3416:
3413:
3408:
3401:
3398:
3393:
3386:
3384:
3382:
3378:
3370:
3363:
3360:
3355:
3348:
3346:
3342:
3337:
3330:
3327:
3319:
3312:
3310:
3306:
3301:
3294:
3287:
3284:
3280:
3276:
3273:
3267:
3264:
3260:
3254:
3251:
3247:
3241:
3238:
3232:
3228:
3225:
3223:
3220:
3218:
3215:
3214:
3210:
3205:
3201:
3197:
3193:
3189:
3186:
3183:
3179:
3176:
3173:
3169:
3166:
3163:
3159:
3155:
3151:
3148:
3147:
3143:
3141:
3127:
3124:
3121:
3118:
3115:
3112:
3109:
3106:
3103:
3100:
3095:
3091:
3087:
3084:
3064:
3061:
3058:
3055:
3052:
3049:
3046:
3043:
3040:
3037:
3032:
3028:
3024:
3021:
3001:
2998:
2995:
2992:
2989:
2986:
2983:
2980:
2977:
2974:
2969:
2965:
2961:
2958:
2938:
2935:
2932:
2929:
2926:
2923:
2920:
2917:
2914:
2911:
2906:
2902:
2898:
2895:
2875:
2872:
2869:
2866:
2863:
2860:
2857:
2854:
2851:
2848:
2843:
2839:
2835:
2832:
2824:
2820:
2804:
2801:
2798:
2778:
2775:
2772:
2769:
2766:
2763:
2758:
2754:
2750:
2745:
2741:
2737:
2734:
2726:
2710:
2707:
2704:
2684:
2681:
2678:
2675:
2672:
2669:
2664:
2660:
2656:
2653:
2645:
2640:
2621:
2617:
2613:
2609:
2602:
2579:
2576:
2568:
2564:
2540:
2537:
2529:
2525:
2521:
2518:
2495:
2492:
2489:
2481:
2477:
2453:
2450:
2447:
2439:
2435:
2411:
2408:
2400:
2396:
2375:
2352:
2349:
2341:
2337:
2316:
2291:
2287:
2278:
2275:
2272:
2269:
2266:
2262:
2241:
2219:
2215:
2194:
2174:
2152:
2149:
2146:
2142:
2138:
2135:
2129:
2126:
2123:
2115:
2111:
2088:
2084:
2075:
2056:
2053:
2050:
2047:
2044:
2038:
2035:
2012:
2009:
2006:
2000:
1994:
1988:
1968:
1965:
1962:
1939:
1936:
1933:
1927:
1921:
1915:
1895:
1875:
1853:
1850:
1847:
1844:
1841:
1837:
1813:
1810:
1807:
1804:
1801:
1795:
1792:
1767:
1763:
1759:
1756:
1753:
1750:
1747:
1742:
1738:
1731:
1728:
1725:
1720:
1716:
1712:
1690:
1687:
1684:
1681:
1678:
1674:
1664:
1650:
1630:
1627:
1605:
1602:
1599:
1596:
1593:
1589:
1568:
1548:
1503:
1499:
1490:
1487:
1484:
1481:
1478:
1474:
1430:
1427:
1424:
1421:
1418:
1413:
1409:
1402:
1399:
1394:
1390:
1386:
1364:
1360:
1356:
1351:
1347:
1343:
1337:
1334:
1331:
1303:
1299:
1290:
1287:
1284:
1281:
1278:
1274:
1266:, denoted as
1251:
1248:
1245:
1242:
1239:
1235:
1212:
1208:
1164:
1161:
1158:
1155:
1152:
1147:
1143:
1136:
1133:
1128:
1124:
1120:
1098:
1094:
1090:
1085:
1081:
1077:
1071:
1068:
1065:
1040:
1037:
1034:
1031:
1028:
1024:
1003:
1000:
994:
991:
986:
982:
975:
953:
949:
945:
942:
939:
936:
924:
922:
908:
904:
897:
894:
891:
865:
862:
859:
847:
845:
839:
837:
833:
829:
825:
821:
817:
812:
810:
806:
800:
780:
776:
767:
763:
760:
757:
748:
744:
735:
731:
728:
725:
716:
712:
703:
699:
690:
686:
677:
667:
651:
647:
638:
620:
616:
589:
585:
576:
572:
564:
560:
556:
551:
547:
517:
513:
504:
500:
492:
488:
484:
479:
475:
462:
439:
435:
426:
393:
389:
380:
356:
336:
329:
313:
310:
307:
304:
301:
281:
258:
255:
252:
249:
246:
223:
200:
197:
194:
191:
188:
185:
182:
179:
176:
173:
167:
161:
158:
155:
129:
126:
123:
120:
117:
114:
111:
108:
105:
102:
99:
88:
84:
80:
72:
70:
68:
64:
60:
56:
52:
48:
47:shared secret
44:
40:
39:key agreement
36:
32:
19:
4359:Block cipher
4204:Key schedule
4194:Key exchange
4184:Kleptography
4147:Cryptosystem
4096:Cryptography
4048:OpenPGP card
4028:Web of trust
3698:
3684:Cramer–Shoup
3531:. Retrieved
3527:the original
3522:
3512:
3500:. Retrieved
3490:
3467:
3448:
3433:
3415:
3400:
3362:
3329:
3299:
3286:
3266:
3253:
3240:
2641:
2103:as follows:
1665:
1643:for a prime
928:
848:
840:
815:
813:
801:
668:
636:
463:
76:
34:
30:
29:
4347:Mathematics
4338:Mix network
4018:Fingerprint
3982:NSA Suite B
3946:RSA problem
3823:NTRUEncrypt
3077:and for M,
2888:and for M,
1446:along with
1379:satisfying
4446:Categories
4298:Ciphertext
4268:Decryption
4263:Encryption
4224:Ransomware
3972:IEEE P1363
3590:Algorithms
3533:5 February
3233:References
3150:Curve25519
2819:Curve25519
2644:Curve25519
968:such that
349:to itself
89:(that is,
4288:Plaintext
3502:April 15,
3101:−
3038:−
3014:, for M,
2975:−
2912:−
2849:−
2764:−
2751:−
2670:−
2150:−
2074:Bernstein
1966:≠
1529:∞
1454:∞
1357:×
1344:∈
1188:∞
1091:×
1078:∈
1001:≠
992:−
946:∈
777:⋅
758:⋅
745:⋅
726:⋅
713:⋅
687:⋅
586:⋅
514:⋅
311:⋅
256:−
4427:Category
4333:Kademlia
4293:Codetext
4236:(CSPRNG)
4033:Key size
3967:CRYPTREC
3884:McEliece
3838:RLWE-SIG
3833:RLWE-KEX
3828:NTRUSign
3641:Paillier
3275:Archived
3211:See also
3196:WhatsApp
3168:Curve448
3162:Bindings
3144:Software
2823:Curve448
2725:Curve448
881:of size
49:over an
4103:General
3879:Lamport
3859:CEILIDH
3818:NewHope
3765:Schnorr
3748:ElGamal
3726:Ed25519
3606:Benaloh
3116:1504058
294:(where
37:) is a
4214:Keygen
4001:Topics
3977:NESSIE
3919:Theory
3847:Others
3704:X25519
3244:NIST,
3192:Signal
3172:Rambus
3053:952902
2990:996558
2779:156326
2685:486662
1868:, the
328:adding
4244:(PRN)
3813:Kyber
3808:BLISS
3770:SPEKE
3738:ECMQV
3731:Ed448
3721:EdDSA
3716:ECDSA
3646:Rabin
3425:(PDF)
3372:(PDF)
3321:(PDF)
3296:(PDF)
3204:Skype
2511:from
816:ECDHE
635:(the
79:Alice
4013:OAEP
3987:CNSA
3864:EPOC
3709:X448
3699:ECDH
3535:2018
3504:2024
3482:and
3202:and
2927:4058
2864:4698
2821:and
2791:and
2697:and
2556:and
2187:and
1981:and
1561:and
929:Let
35:ECDH
18:ECDH
4023:PKI
3906:XTR
3874:IES
3869:HFE
3800:SIS
3795:LWE
3780:STS
3775:SRP
3760:MQV
3743:EKE
3694:DSA
3679:BLS
3651:RSA
3626:GMR
3156:in
3096:521
3033:510
2970:506
2907:444
2844:251
2759:224
2746:448
2665:255
2207:in
2028:if
1955:if
1829:on
1705:is
1620:is
844:TLS
836:MQV
83:Bob
4448::
3854:AE
3689:DH
3521:.
3380:^
3344:^
3308:^
3298:.
3198:,
3194:,
3160:.
3041:75
2978:45
2915:17
2673:19
2072:.
838:.
811:.
799:.
69:.
4088:e
4081:t
4074:v
3797:/
3792:/
3575:e
3568:t
3561:v
3537:.
3506:.
3374:.
3302:.
3206:.
3158:C
3128:1
3125:=
3122:B
3119:,
3113:=
3110:A
3107:,
3104:1
3092:2
3088:=
3085:p
3065:1
3062:=
3059:B
3056:,
3050:=
3047:A
3044:,
3029:2
3025:=
3022:p
3002:1
2999:=
2996:B
2993:,
2987:=
2984:A
2981:,
2966:2
2962:=
2959:p
2939:1
2936:=
2933:B
2930:,
2924:=
2921:A
2918:,
2903:2
2899:=
2896:p
2876:1
2873:=
2870:B
2867:,
2861:=
2858:A
2855:,
2852:9
2840:2
2836:=
2833:p
2805:1
2802:=
2799:B
2776:=
2773:A
2770:,
2767:1
2755:2
2742:2
2738:=
2735:p
2711:1
2708:=
2705:B
2682:=
2679:A
2676:,
2661:2
2657:=
2654:p
2627:)
2622:2
2618:/
2614:1
2610:p
2606:(
2603:O
2583:)
2580:Q
2577:t
2574:(
2569:0
2565:x
2544:)
2541:Q
2538:s
2535:(
2530:0
2526:x
2522:,
2519:Q
2499:)
2496:Q
2493:t
2490:s
2487:(
2482:0
2478:x
2457:)
2454:Q
2451:t
2448:s
2445:(
2440:0
2436:x
2415:)
2412:Q
2409:t
2406:(
2401:0
2397:x
2376:t
2356:)
2353:Q
2350:s
2347:(
2342:0
2338:x
2317:s
2297:)
2292:p
2288:F
2284:(
2279:B
2276:,
2273:A
2270:,
2267:M
2263:E
2242:Q
2220:p
2216:F
2195:Z
2175:X
2153:2
2147:p
2143:Z
2139:X
2136:=
2133:)
2130:Z
2127::
2124:X
2121:(
2116:0
2112:x
2089:0
2085:x
2060:]
2057:0
2054::
2051:1
2048::
2045:0
2042:[
2039:=
2036:P
2016:]
2013:0
2010::
2007:1
2004:[
2001:=
1998:)
1995:P
1992:(
1989:x
1969:0
1963:Z
1943:]
1940:Z
1937::
1934:X
1931:[
1928:=
1925:)
1922:P
1919:(
1916:x
1896:x
1876:x
1854:B
1851:,
1848:A
1845:,
1842:M
1838:E
1817:]
1814:Z
1811::
1808:Y
1805::
1802:X
1799:[
1796:=
1793:P
1773:)
1768:2
1764:Z
1760:+
1757:Z
1754:X
1751:A
1748:+
1743:2
1739:X
1735:(
1732:X
1729:=
1726:Z
1721:2
1717:Y
1713:B
1691:B
1688:,
1685:A
1682:,
1679:M
1675:E
1651:q
1631:q
1628:4
1606:B
1603:,
1600:A
1597:,
1594:M
1590:E
1569:B
1549:A
1509:)
1504:p
1500:F
1496:(
1491:B
1488:,
1485:A
1482:,
1479:M
1475:E
1434:)
1431:1
1428:+
1425:x
1422:A
1419:+
1414:2
1410:x
1406:(
1403:x
1400:=
1395:2
1391:y
1387:B
1365:p
1361:F
1352:p
1348:F
1341:)
1338:y
1335:,
1332:x
1329:(
1309:)
1304:p
1300:F
1296:(
1291:B
1288:,
1285:A
1282:,
1279:M
1275:E
1252:B
1249:,
1246:A
1243:,
1240:M
1236:E
1213:p
1209:F
1168:)
1165:1
1162:+
1159:x
1156:A
1153:+
1148:2
1144:x
1140:(
1137:x
1134:=
1129:2
1125:y
1121:B
1099:p
1095:F
1086:p
1082:F
1075:)
1072:y
1069:,
1066:x
1063:(
1041:B
1038:,
1035:A
1032:,
1029:M
1025:E
1004:0
998:)
995:4
987:2
983:A
979:(
976:B
954:p
950:F
943:B
940:,
937:A
909:2
905:/
901:)
898:1
895:+
892:n
889:(
869:)
866:p
863:,
860:0
857:[
785:A
781:Q
772:B
768:d
764:=
761:G
753:A
749:d
740:B
736:d
732:=
729:G
721:B
717:d
708:A
704:d
700:=
695:B
691:Q
682:A
678:d
652:k
648:x
637:x
621:k
617:x
594:A
590:Q
581:B
577:d
573:=
570:)
565:k
561:y
557:,
552:k
548:x
544:(
522:B
518:Q
509:A
505:d
501:=
498:)
493:k
489:y
485:,
480:k
476:x
472:(
449:)
444:B
440:Q
436:,
431:B
427:d
423:(
403:)
398:A
394:Q
390:,
385:A
381:d
377:(
357:d
337:G
314:G
308:d
305:=
302:Q
282:Q
262:]
259:1
253:n
250:,
247:1
244:[
224:d
204:)
201:h
198:,
195:n
192:,
189:G
186:,
183:b
180:,
177:a
174:,
171:)
168:x
165:(
162:f
159:,
156:m
153:(
133:)
130:h
127:,
124:n
121:,
118:G
115:,
112:b
109:,
106:a
103:,
100:p
97:(
33:(
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.