The Statistically Unique and Cryptographically Verifiable Protocol (SUCVp) is used by two IPv6 Peers that used SUCV addresses (a.k.a. Cryptographically Generated Address, CGA) to bootstrap an IPsec Security Association. An IPv6 node generate its SUCV address by concatenating its 64 bits long IPv6 Network Prefix with the 64 leftmost bits of the hash of its public key. The protocol allows the two Peers to perform an ephemeral Diffie-Hellman key exchange. Several flavors of it have been implemented: In the first version the Initiator proves ownership of its SUCVAddr and the SA could provide data origin authentication and anti-replay protection to the Initiator. In the second version the Responder also proves owhership of its SUCVAdrr and the SA could provide data origin authentication, anti-replay protection and confidentiality to both Peers. The third version allows the Initiator to delay the disclosure of its SUCVAddr to the Initiator until Responder has proved SUCVAddr ownerhip, thus preventing an active attacker to learn an its identity (i.e. its Public Key). The SA could provides Active Identity Protection to the Initiator. This implementation has been carried on the FreeBSD operating systems.
The project home page can be found here!