Re: [Cfrg] [TLS] Curve25519 in TLS and Additional Curves in TLS
Andrey Jivsov <crypto@brainhub.org> Fri, 24 January 2014 20:24 UTC
Return-Path: <crypto@brainhub.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CBDF1A01CF for <cfrg@ietfa.amsl.com>; Fri, 24 Jan 2014 12:24:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.3
X-Spam-Level:
X-Spam-Status: No, score=-1.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, J_CHICKENPOX_12=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TiWvtsvyVsO5 for <cfrg@ietfa.amsl.com>; Fri, 24 Jan 2014 12:24:37 -0800 (PST)
Received: from qmta13.emeryville.ca.mail.comcast.net (qmta13.emeryville.ca.mail.comcast.net [IPv6:2001:558:fe2d:44:76:96:27:243]) by ietfa.amsl.com (Postfix) with ESMTP id 3E0F71A00AD for <cfrg@irtf.org>; Fri, 24 Jan 2014 12:24:37 -0800 (PST)
Received: from omta24.emeryville.ca.mail.comcast.net ([76.96.30.92]) by qmta13.emeryville.ca.mail.comcast.net with comcast id HwE31n0041zF43QADwQcM6; Fri, 24 Jan 2014 20:24:36 +0000
Received: from [127.0.0.1] ([71.202.164.227]) by omta24.emeryville.ca.mail.comcast.net with comcast id HwQb1n0034uhcbK8kwQbSs; Fri, 24 Jan 2014 20:24:35 +0000
Message-ID: <52E2CAC9.2080100@brainhub.org>
Date: Fri, 24 Jan 2014 12:19:21 -0800
From: Andrey Jivsov <crypto@brainhub.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: Michael Hamburg <mike@shiftleft.org>
References: <87ob3456s1.fsf@latte.josefsson.org> <CABqy+spt7BYqjsqLAkZssGp3aY9M+iLqV+pmyr7ZN-TXmJJpVg@mail.gmail.com> <52E060D0.9030801@polarssl.org> <CABqy+spJoswrPovxf18QS1SGdk6K=mfny6joJm3X24Vh65oagQ@mail.gmail.com> <52E0E241.40406@polarssl.org> <CABqy+sqs31ATDWJSum55m1o5pRvw8Wq5GtB-mF-hgP2emB5eFQ@mail.gmail.com> <CABqy+sozYSOTh7pbUS2GXf=4kYV3zgztXZBa10Bx=s-N8zHHyA@mail.gmail.com> <CABqy+soSojSMfx=yU9eFhmAeuJaJ_r=4h=RDR6JtOchYZ9zsQA@mail.gmail.com> <52E1BAE0.8060809@brainhub.org> <2311ADE0-B85D-4EEA-A675-03ED3735DE1D@shiftleft.org> <52E208AD.2020100@brainhub.org> <0F98B193-910E-430B-A5DF-4F72A3D9C6EC@shiftleft.org> <52E2C6A2.1010403@brainhub.org> <98B78561-8357-4636-ADA7-1A55FE32C491@shiftleft.org>
In-Reply-To: <98B78561-8357-4636-ADA7-1A55FE32C491@shiftleft.org>
Content-Type: multipart/alternative; boundary="------------030100080009020300010602"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20121106; t=1390595076; bh=7dbOAI9AYFjYgdIu8JwSQANLGWNbNGcfOfQL9JTBz68=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=Z60bcMH2rC3ZQd8MPOAZ+w2LYtXi+sqzoq0UdSutizl6TTDJrDM7/7VyJ8+L7aSFq vDIWlB/ndu+akhcFLwzH1p71CInxb7jetDXyMziXsBp3k5r09ISHuoxC5MtkDbJ+sQ pQC3Z4+o09GJ8lTDyL42jnnO0bw0KIaTSqbd/RKxZttSlZdwWHjA5H5GM6Im/Qjh0d heTNwffJNfHuS0IQhOpulYXMG5zwq1R6FwQsmYSYeKJyloKoAt3yOZjAaiTdFKl8xL 8LBQylciMqCD9Vm7Q0Te9twPRHaMqagESogFVaxjs6DGuP9DXuZX6rLyThPtps5PlB YRorj6pHBSxHw==
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] [TLS] Curve25519 in TLS and Additional Curves in TLS
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jan 2014 20:24:38 -0000
On 01/24/2014 12:13 PM, Michael Hamburg wrote: > On Jan 24, 2014, at 12:01 PM, Andrey Jivsov <crypto@brainhub.org > <mailto:crypto@brainhub.org>> wrote: >> This should work for your suggestions to use the Elligator map, >> assuming that I get the corresponding scalar. >> >> I will need access to the private m for M=mG. I assumed it is sort of >> a user static public key. >> >> The server side adjustments are similar. > > It is critical to the security of SPAKE2 that nobody can know m. Part > of why Elligator is nice is that it removes the possibility that > someone could somehow figure out m, thereby breaking the security of > the entire system. It is an essential security feature of Elligator > (in this use and others) that it does not give you access to that > discrete log. > > So, in other words, you can’t do this, and changing the system so that > you can do this would break it. > > Cheers, > — Mike Given that I am trusted to keep my password, why am I not trusted to keep my m in M=m*G private?
- [Cfrg] Fwd: [TLS] Curve25519 in TLS and Additiona… Robert Ransom
- Re: [Cfrg] Fwd: [TLS] Curve25519 in TLS and Addit… Andrey Jivsov
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Michael Hamburg
- Re: [Cfrg] Fwd: [TLS] Curve25519 in TLS and Addit… Robert Ransom
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Robert Ransom
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Mike Hamburg
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Andrey Jivsov
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Michael Hamburg
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Andrey Jivsov
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Michael Hamburg
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Andrey Jivsov
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Robert Ransom
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Andrey Jivsov
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Watson Ladd
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Dan Harkins
- Re: [Cfrg] Fwd: [TLS] Curve25519 in TLS and Addit… Andrey Jivsov
- Re: [Cfrg] Fwd: [TLS] Curve25519 in TLS and Addit… Robert Ransom
- Re: [Cfrg] Fwd: [TLS] Curve25519 in TLS and Addit… Andrey Jivsov