I am currently designing an application for communication between two and more users. At the moment I am trying to figure out what methods to use for the asymmetric cryptology.
With the recent "breakthroughs" that everybody has been talking about concerning RSA I am a bit unsure whether to use it or not for future projects.
I looked at ECC and RSA alternatives such as ElGamal, but it seems like one could study that subject for the next 35 years and would still not come up with a decision.
In particular I looked at key exchange between two or more users via a server. After reading for a day or two and striking out OTR for a protocol, I got interested in Elliptic Curve Diffie–Hellman — and as it says on the Wikipedia article: "to derive another key which can then be used to encrypt subsequent communications using a symmetric key cipher."
However, it seems that ECDH is not advanced enough to satisfy my requirements of CIA & deniable encryption with regards towards MITM attacks.
Its suggested to use FHMQV for more advanced security. Sadly, as soon as I read the introduction I blacked out because I didn't understand anything.
I have about 1 year of deeper experience and understanding of cryptology, but I am by far no expert on this subject. Still, I need to make a decision and would like to know from you whether to be concerned about RSA or not and if I should go down the DH route.
