Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG document

"Dearlove, Christopher (UK)" <> Mon, 19 January 2015 11:56 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 0BCE81B2A39 for <>; Mon, 19 Jan 2015 03:56:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id vZGKGQ6RMogg for <>; Mon, 19 Jan 2015 03:56:30 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EC8BD1B2A2A for <>; Mon, 19 Jan 2015 03:56:29 -0800 (PST)
X-IronPort-AV: E=Sophos;i="5.09,426,1418083200"; d="scan'208";a="435517297"
Received: from unknown (HELO ([]) by with ESMTP; 19 Jan 2015 11:56:28 +0000
X-IronPort-AV: E=Sophos;i="5.09,426,1418083200"; d="scan'208";a="87604751"
Received: from ([]) by with ESMTP; 19 Jan 2015 11:56:28 +0000
Received: from ([]) by ([]) with mapi id 14.03.0174.001; Mon, 19 Jan 2015 11:56:28 +0000
From: "Dearlove, Christopher (UK)" <>
To: Alexey Melnikov <>, "" <>
Thread-Topic: [Cfrg] Adoption of draft-ladd-spake2 as a RG document
Thread-Index: AQHQF7xXOo91hqf0Rk+tvRj62s2bbpzHixcA
Date: Mon, 19 Jan 2015 11:56:27 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-GB, en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Archived-At: <>
Subject: Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG document
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 19 Jan 2015 11:56:32 -0000

A minor point compared to choice of curve. Commenting on draft draft-agl-cfrgcurve-00, it indicates, in section 8 the use of little-endian order. RFC 5480 (obvious prior art in IETF) does not appear to specify big/little endianness, but delegates that to its reference SEC1. That document ( in section 2.3.7 reverses the order of its x and M coefficients to produce a big-endian representation of an integer. Big endian format is also used by, for example, OpenSSL. Is the use of little endian format here a deliberate design decision?

Christopher Dearlove
Senior Principal Engineer, Information Assurance Group
Communications, Networks and Image Analysis Capability
BAE Systems Advanced Technology Centre
West Hanningfield Road, Great Baddow, Chelmsford, CM2 8HN, UK
Tel: +44 1245 242194 |  Fax: +44 1245 242124 |

BAE Systems (Operations) Limited
Registered Office: Warwick House, PO Box 87, Farnborough Aerospace Centre, Farnborough, Hants, GU14 6YU, UK
Registered in England & Wales No: 1996687

This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.