Re: [Cfrg] I-D Action: draft-irtf-cfrg-augpake-02.txt
SeongHan Shin <seonghan.shin@aist.go.jp> Fri, 08 August 2014 06:01 UTC
Return-Path: <seonghan.shin@aist.go.jp>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA1B61A02DF for <cfrg@ietfa.amsl.com>; Thu, 7 Aug 2014 23:01:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.678
X-Spam-Level:
X-Spam-Status: No, score=-3.678 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cma8gn747WQO for <cfrg@ietfa.amsl.com>; Thu, 7 Aug 2014 23:01:16 -0700 (PDT)
Received: from na3sys010aog106.obsmtp.com (na3sys010aog106.obsmtp.com [74.125.245.80]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 993AE1A02DD for <cfrg@ietf.org>; Thu, 7 Aug 2014 23:01:15 -0700 (PDT)
Received: from mail-lb0-f179.google.com ([209.85.217.179]) (using TLSv1) by na3sys010aob106.postini.com ([74.125.244.12]) with SMTP ID DSNKU+RnqpgbvjNxBMbZBWUEH4HmDmz1KCRS@postini.com; Thu, 07 Aug 2014 23:01:15 PDT
Received: by mail-lb0-f179.google.com with SMTP id v6so3379801lbi.24 for <cfrg@ietf.org>; Thu, 07 Aug 2014 23:01:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aist.go.jp; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=c5iFhRKqh6xenuGnjZuVKRr+205/uAnOSQ9ZFGmYLeQ=; b=f0IHfhHPCckQqzCWCAR1lnlFwlrC7cA5bVskOmL+wgOYuSZWqSnbsMrC7X8Y6K+DP3 OZhTiv85bGClypsZDeEY13RxIfQfzV4b++Plwm8CPId8SAmecTLRmXtkKnUwQkOa7wmd 5z1Abj57z1w+M1aVFIPJttj7cAhQuJp+B0RfE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=c5iFhRKqh6xenuGnjZuVKRr+205/uAnOSQ9ZFGmYLeQ=; b=HVABLIidfhM2rEfETlUaSuMEoPmerwBiFQFCcDZw8308m5H8PR2QX9siNsRDaQpktw XpQiajSw6kQYYi2HVOoaCiICMpyXIT52fgx2R1YO0XwegWK1/KoXchwGsGY8jrbNSHYD YAF7My4oT3xGimWrLYxBBqsvjJpPMvVpj3bWiGmd8sxNU7PLjliqWep5HoPDgkABv+rq h9tQkDGclDa+N2uFwMoX8zSCVUfy5q5L1vflHaG7na8eLe0aAwc6qrlBFmnevMoS+z5k 4NH/2jgfGHBsCalfP8gQnAJS8ol8t7/H30pNEydh0FEwsghl1aEtMDOcz2L+jgA/MODi meSA==
X-Gm-Message-State: ALoCoQm7RUuEtvzJAC/VnPD3W88I8C1K1E5plou52V6wgpL/mI6H63/qP7nGIs87cK8R81M4ZsaG/tb6i1Bsy7RwrnE3acerJN4q0tm4hVW9f1Q17NrMuAYyUm21e1w9bbNyWS/IfIa1
X-Received: by 10.112.72.3 with SMTP id z3mr19081032lbu.30.1407477673641; Thu, 07 Aug 2014 23:01:13 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.112.72.3 with SMTP id z3mr19081021lbu.30.1407477673516; Thu, 07 Aug 2014 23:01:13 -0700 (PDT)
Received: by 10.112.3.169 with HTTP; Thu, 7 Aug 2014 23:01:13 -0700 (PDT)
In-Reply-To: <20140806151649.GA20212@LK-Perkele-VII>
References: <20140806141208.29148.79482.idtracker@ietfa.amsl.com> <20140806151649.GA20212@LK-Perkele-VII>
Date: Fri, 08 Aug 2014 15:01:13 +0900
Message-ID: <CAEKgtqms2E+L_5ZGp2YG27-LUSe7XwjbB9u5YF-iSAuw3PVbbw@mail.gmail.com>
From: SeongHan Shin <seonghan.shin@aist.go.jp>
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Content-Type: multipart/alternative; boundary="001a11c34140c27a7d050017ee29"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/5uV3W3uhvT24cjVY28vbdnA9rM4
Cc: 古原和邦 <k-kobara@aist.go.jp>, cfrg@ietf.org
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-augpake-02.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Aug 2014 06:01:18 -0000
Dear Ilari, Thank you for your comments! >"If the received X from user U is not a point on E or [2^n] * X = 0_E," >Should this be: >If the received X from user U is not a point on E or [k] * X = 0_E, >Similarly, there is: >"If the received Y from server S is not a point on E or [2^n] * Y = 0_E," >Should this be: >"If the received Y from server S is not a point on E or [k] * Y = 0_E," > >Rationale: >k is the cofactor, which may be ("optionally") power of two, it may >not be 2^n. In Appendix C, we set k = 2^n * q_1 * q_2 ... q_t where n = {0,1,2} and every primes q_i > q for i = 1, 2, ..., t (or optionally k = 2^n). With this cofactor k, checking [2^n] * X =/ 0_E and [2^n] * Y =/ 0_E is enough to exclude elements whose group order is smaller than q. Now, X and Y are elements whose group order is q or greater than q. Of course, if k = 2^n * M where M is a composite integer whose factors are < q, the check should be [k] * X =/ 0_E and [k] * Y =/ 0_E as you recommended. >Also: >"The cofactor k is the value (#E / q) satisfying k = 2^n * q_1 * q_2 >... q_t where n = {0,1,2} and every primes q_i > q for i = 1, 2, >..., t." > >q_i are bigger than q? Isn't q usually chosen to be the biggest prime >factor of #E? As above, by using this cofactor k (or k = 2^n) one can avoid the order check of elements received from the other party. >Also, for some curves one might want to use (due to good performance >and security), k=8. I'll add this to the I-D. Best regards, Shin On Thu, Aug 7, 2014 at 12:16 AM, Ilari Liusvaara < ilari.liusvaara@elisanet.fi> wrote: > On Wed, Aug 06, 2014 at 07:12:08AM -0700, internet-drafts@ietf.org wrote: > > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > This draft is a work item of the Crypto Forum Research Group Working > Group of the IETF. > > > > Title : Augmented Password-Authenticated Key Exchange > (AugPAKE) > > Authors : SeongHan Shin > > Kazukuni Kobara > > Filename : draft-irtf-cfrg-augpake-02.txt > > Pages : 20 > > Date : 2014-08-06 > > > > There's also a htmlized version available at: > > http://tools.ietf.org/html/draft-irtf-cfrg-augpake-02 > > > > A diff from the previous version is available at: > > http://www.ietf.org/rfcdiff?url2=draft-irtf-cfrg-augpake-02 > > Did a quick read of changes: > > Appendix C: > > "If the received X from user U is not a point on E or [2^n] * X = 0_E," > > Should this be: > > If the received X from user U is not a point on E or [k] * X = 0_E, > > Similarly, there is: > > "If the received Y from server S is not a point on E or [2^n] * Y = 0_E," > > Should this be: > > "If the received Y from server S is not a point on E or [k] * Y = 0_E," > > > Rationale: > > k is the cofactor, which may be ("optionally") power of two, it may > not be 2^n. > > > Also: > > "The cofactor k is the value (#E / q) satisfying k = 2^n * q_1 * q_2 > ... q_t where n = {0,1,2} and every primes q_i > q for i = 1, 2, > ..., t." > > q_i are bigger than q? Isn't q usually chosen to be the biggest prime > factor of #E? > > Also, for some curves one might want to use (due to good performance > and security), k=8. > > > > -Ilari > -- ------------------------------------------------------------------ SeongHan Shin Research Institute for Secure Systems (RISEC), National Institute of Advanced Industrial Science and Technology (AIST), Central 2, 1-1-1, Umezono, Tsukuba City, Ibaraki 305-8568 Japan Tel : +81-29-861-2670/5284 Fax : +81-29-861-5285 E-mail : seonghan.shin@aist.go.jp ------------------------------------------------------------------
- [Cfrg] I-D Action: draft-irtf-cfrg-augpake-02.txt internet-drafts
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-augpake-02… SeongHan Shin
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-augpake-02… Ilari Liusvaara
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-augpake-02… SeongHan Shin