[Cfrg] small editorial error in and question on draft-irtf-cfrg-dragonfly-01 (was: Re: CFRG meeting at IETF 87)
Rene Struik <rstruik.ext@gmail.com> Fri, 26 July 2013 23:05 UTC
Return-Path: <rstruik.ext@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38B8C11E8162 for <cfrg@ietfa.amsl.com>; Fri, 26 Jul 2013 16:05:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[AWL=-0.699, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_35=0.6, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c7hnliSgO7Ce for <cfrg@ietfa.amsl.com>; Fri, 26 Jul 2013 16:05:41 -0700 (PDT)
Received: from mail-qa0-x231.google.com (mail-qa0-x231.google.com [IPv6:2607:f8b0:400d:c00::231]) by ietfa.amsl.com (Postfix) with ESMTP id 6942E21F9B03 for <cfrg@irtf.org>; Fri, 26 Jul 2013 16:05:41 -0700 (PDT)
Received: by mail-qa0-f49.google.com with SMTP id cr7so693575qab.1 for <cfrg@irtf.org>; Fri, 26 Jul 2013 16:05:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type; bh=mB7cbkyei1hwEsHIC/Os0bwOe9Sm0GzrMSjvMJcwzgQ=; b=aZ5nbqDvLdPDBoOGUdk4AKe2/999C5UEH7JGLCSKHxuyLcPAsSFNbEFCCC4xOOLYVo XN8bZg0qE/H6UvfYlhm4JEJRYSVNzHEFyI3RfAWMMxvK4DKl1ULN58NhiVBZayhZtAIY wGtehNJae3rSqseiZpGkmhvFcvX0u/5ggJ0davczQFJS8GHGXcjWYNzL7vCSi/yqjj/a +UT1aecTkpgf36pLxusX49/BD6/LplDDybDmKNCsN9D4/ufVl95hAKiM7lenNtws+TXo eDKPowFXFFlFmLf601Cc+xWKoIUPDb9tdSn+sZW+KlSsj1dRshgQqBlWT6ru3JAWoOT0 oiYQ==
X-Received: by 10.229.92.196 with SMTP id s4mr13355018qcm.5.1374879939889; Fri, 26 Jul 2013 16:05:39 -0700 (PDT)
Received: from [192.168.1.101] (CPE0013100e2c51-CM001cea35caa6.cpe.net.cable.rogers.com. [99.231.4.27]) by mx.google.com with ESMTPSA id w2sm60066224qec.8.2013.07.26.16.05.37 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 26 Jul 2013 16:05:38 -0700 (PDT)
Message-ID: <51F300BF.3090907@gmail.com>
Date: Fri, 26 Jul 2013 19:05:35 -0400
From: Rene Struik <rstruik.ext@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: Dan Harkins <dharkins@arubanetworks.com>
References: <1374875408.7839.627.camel@darkstar>
In-Reply-To: <1374875408.7839.627.camel@darkstar>
Content-Type: multipart/alternative; boundary="------------000802030706070702060207"
Cc: David McGrew <mcgrew@cisco.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Subject: [Cfrg] small editorial error in and question on draft-irtf-cfrg-dragonfly-01 (was: Re: CFRG meeting at IETF 87)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jul 2013 23:05:42 -0000
Hi Dan: I just quickly revisited the "password to point" mapping for elliptic curves in draft-irtf-cfrg-dragonfly-01 (Section 3.2.1) and noticed a small error: the seed is recursively defined. Fortunately, this is easy to fix, as follows: was: base = H(max(Alice,Bob) | min(Alice,Bob) | password | counter) seed = KDF-n(seed, "Dragonfly Hunting And Pecking") suggested change: base = H(max(Alice,Bob) | min(Alice,Bob) | password | counter) seed = KDF-n(base, "Dragonfly Hunting And Pecking") On a more general note, with the draft rev1 version, the found point Q is a function of the password itself and the presumed key sharing parties Alice and Bob. In other words, the password-derived generator of the curve "PE Element" is fixed throughout the lifetime of the pair (password, key sharing parties). With draft-harkins-tls-pwd-03, a similar procedure is proposed, but there a "salt" is mixed in as well. Just curious: why the difference? <http://tools.ietf.org/pdf/draft-harkins-tls-pwd-03.pdf> Best regards, Rene On 7/26/2013 5:50 PM, David McGrew wrote: > Hi, > > here is the agenda for our upcoming meeting; we are looking forward to > seeing you there. > > David and Kevin > > --- > > Crypto Forum Research Group at IETF 87 > Monday, July 29, 2013 > 1510-1610 Afternoon Session II > Room: Tiergarten 1/2 > > Agenda Bashing > > Randomized Hashing (as described in NIST SP-800-106/107) - Quynh Dang > > Updates on active drafts > > - OCB Mode of Operation, draft-irtf-cfrg-ocb-03 > > - Dragonfly Key Exchange, draft-irtf-cfrg-dragonfly-01 > > - Hash-Based Signatures, draft-mcgrew-hash-sigs-00 > > "Selection of Future Cryptographic Standards", Sheffer, Grieco, McGrew. > draft-mcgrew-standby-cipher-00 > > Discussion on other crypto work > Salsa20 > DTLS In Constrained Environments (DICE) > CAESER > > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg -- email: rstruik.ext@gmail.com | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
- [Cfrg] CFRG meeting at IETF 87 David McGrew
- [Cfrg] CFRG meeting at IETF 87 David McGrew
- [Cfrg] small editorial error in and question on d… Rene Struik
- Re: [Cfrg] CFRG meeting at IETF 87 David McGrew