https://en.formulasearchengine.com/index.php?action=history&feed=atom&title=Volatility_clusteringVolatility clustering - Revision history2026-06-09T20:54:41ZRevision history for this page on the wikiMediaWiki 1.43.0-wmf.28https://en.formulasearchengine.com/index.php?title=Volatility_clustering&diff=306402&oldid=prev68.82.204.206: Added citation for Mandelbrot quote.2014-02-28T12:24:32Z<p>Added citation for Mandelbrot quote.</p>
<a href="https://en.formulasearchengine.com/index.php?title=Volatility_clustering&diff=306402&oldid=8864">Show changes</a>68.82.204.206https://en.formulasearchengine.com/index.php?title=Volatility_clustering&diff=8864&oldid=preven>Khazar2: clean-up, MOS:HYPHEN, replaced: widely- → widely using AWB2013-11-03T21:19:08Z<p>clean-up, <a href="/index.php?title=MOS:HYPHEN&action=edit&redlink=1" class="new" title="MOS:HYPHEN (page does not exist)">MOS:HYPHEN</a>, replaced: widely- → widely using <a href="/index.php?title=Testwiki:AWB&action=edit&redlink=1" class="new" title="Testwiki:AWB (page does not exist)">AWB</a></p>
<p><b>New page</b></p><div>'''MQV''' ('''Menezes–Qu–Vanstone''') is an [[authentication|authenticated]] [[protocol (cryptography)|protocol]] for [[key agreement]] based on the [[Diffie–Hellman]] scheme. Like other authenticated Diffie-Hellman schemes, MQV provides protection against an active attacker. The protocol can be modified to work in an arbitrary [[finite group]], and, in particular, [[elliptic curve]] groups, where it is known as '''elliptic curve MQV (ECMQV)'''.<br />
<br />
MQV was initially proposed by [[Alfred Menezes|Menezes]], Qu and [[Scott Vanstone|Vanstone]] in 1995. It was modified with Law and Solinas in 1998. There are one-, two- and three-pass variants.<br />
<br />
MQV is incorporated in the public-key standard [[IEEE P1363]].<br />
<br />
Some variants of MQV are claimed in patents assigned to [[Certicom]] [http://www.certicom.com/index.php?action=ip,protocol].<br />
<br />
MQV has some weaknesses that were fixed by [[HMQV]] in 2005 [http://eprint.iacr.org/2005/176]; see [http://eprint.iacr.org/2005/205], [http://www.ams.org/notices/200708/tx070800972p.pdf], [http://www.ams.org/notices/200711/tx071101454p.pdf] for an alternative viewpoint.<br />
<br />
ECMQV has been dropped from the National Security Agency's [[NSA Suite B|Suite B]] set of cryptographic standards.<br />
<br />
Both MQV and HMQV have weaknesses, that are fixed in the FHMQV protocol (see [http://eprint.iacr.org/2009/408])<br />
<br />
__TOC__<br />
<br />
==Description==<br />
Alice has a key pair (''A,a'') with ''A'' her public key and ''a'' her private key and Bob has the key pair (''B,b'') with ''B'' his public key and ''b'' his private key. <br />
<br />
In the following <math>\bar{R}</math> has the following meaning. Let <math>R = (x,y)</math> be a point on an elliptic curve. Then <math>\bar{R} = (x\, \bmod\, 2^L) + 2^L</math> where <math>L = \left \lceil \frac{\lfloor \log_{2} n \rfloor + 1}{2} \right \rceil </math> and ''n'' is the order of the used generator point ''P''. So <math>\bar{R}</math> are the first ''L'' bits of the x coordinate of ''R''.<br />
<br />
{| class="wikitable"<br />
|-<br />
! Step<br />
! Operation<br />
|-<br />
| 1<br />
| Alice generates a key pair (''X,x'') by generating randomly ''x'' and calculating X=xP with P a point on an elliptic curve.<br />
|-<br />
| 2<br />
| Bob generates a key pair (''Y,y'') in the same way as Alice.<br />
|-<br />
| 3<br />
| Now, Alice calculates <math>S_a = x + \bar{X} a</math> and sends X to Bob.<br />
|-<br />
| 4<br />
| Bob calculates <math> S_b = y + \bar{Y} b</math> and sends Y to Alice.<br />
|-<br />
| 5<br />
| Alice calculates <math>K = h \cdot S_a (Y + \bar{Y}B)</math> and Bob calculates <math>K = h \cdot S_b (X + \bar{X}A)</math> where ''h'' is the cofactor (see [[Elliptic_curve_cryptography#Domain_parameters|Elliptic curve cryptography: domain parameters]]).<br />
|-<br />
| 6<br />
| The communication of secret <math>K</math> was successful. A key for a [[symmetric-key algorithm]] can be derived from ''K''.<br />
|}<br />
<br />
Note: for the algorithm to be secure some checks have to be performed. See Hankerson et al.<br />
<br />
===Correctness===<br />
Bob calculates:<br />
<math>K = h \cdot S_b (X + \bar{X}A) = h \cdot S_b (xP + \bar{X}aP) = h \cdot S_b (x + \bar{X}a)P = h \cdot S_b S_a P </math>.<br />
<br />
Alice calculates:<br />
<math>K = h \cdot S_a (Y + \bar{Y}B) = h \cdot S_a (yP + \bar{Y}bP) = h \cdot S_a (y + \bar{Y}b)P = h \cdot S_b S_a P </math>.<br />
<br />
So the keys K are indeed the same with <math>K = h \cdot S_b S_a P </math><br />
<br />
==See also==<br />
* [[Elliptic curve cryptography]]<br />
<br />
==References==<br />
* {{cite doi|10.1145/501978.501981}}<br />
* {{cite doi|10.1023/A:1022595222606}}<br />
* {{cite doi|10.1007/10958513_19}}<br />
* A. Menezes, M. Qu, and S. Vanstone, [http://sacworkshop.org/proc/SAC_95_003.pdf Some new key agreement protocols providing implicit authentication], Preproceedings of Workshops on [[Selected Areas in Cryptography]] (1995).<br />
* {{cite doi|10.1007/b97644}}<br />
<br />
==External links==<br />
* [http://eprint.iacr.org/2009/408 A Secure and Efficient Authenticated Diffie–Hellman Protocol by Sarr, Elbaz-Vincent, and Bajard]<br />
* [http://eprint.iacr.org/2005/176 HMQV: A High-Performance Secure Diffie–Hellman Protocol by Hugo Krawczyk]<br />
* [http://eprint.iacr.org/2005/205 Another look at HMQV]<br />
* [http://www.cacr.math.uwaterloo.ca/techreports/1998/corr98-05.pdf An Efficient Protocol for Authenticated Key Agreement]<br />
* [http://grouper.ieee.org/groups/1363/WorkingGroup/presentations/hmqv-and-mqv.ppt MQV and HMQV in IEEE P1363 (power point)]<br />
<br />
{{Cryptography navbox | public-key}}<br />
<br />
{{DEFAULTSORT:Mqv}}<br />
[[Category:Key-agreement protocols]]<br />
[[Category:Elliptic curve cryptography]]</div>en>Khazar2