Re: [Cfrg] Point format endian (was: Adoption of draft-ladd-spake2 as a RG document)

"Dan Harkins" <dharkins@lounge.org> Tue, 27 January 2015 17:30 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8496E1A883E for <cfrg@ietfa.amsl.com>; Tue, 27 Jan 2015 09:30:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.867
X-Spam-Level:
X-Spam-Status: No, score=-3.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dpzCFDOuRXNl for <cfrg@ietfa.amsl.com>; Tue, 27 Jan 2015 09:30:45 -0800 (PST)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 2F6E41A01A9 for <cfrg@irtf.org>; Tue, 27 Jan 2015 09:30:45 -0800 (PST)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id A93B010224008; Tue, 27 Jan 2015 09:30:44 -0800 (PST)
Received: from 104.36.248.10 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Tue, 27 Jan 2015 09:30:44 -0800 (PST)
Message-ID: <4dbcfbff889d175765d549d96826767a.squirrel@www.trepanning.net>
In-Reply-To: <CACsn0c=+uKicVmuex+jo5L6VQcJPLuQ45z3T1EZbSXMOrpy-=A@mail.gmail.com>
References: <9A043F3CF02CD34C8E74AC1594475C73AAF6839A@uxcn10-tdc05.UoA.auckland.ac.nz> <54C77376.3080005@cs.tcd.ie> <9ad11090808dc1e97bfc10196ad0e0c4.squirrel@www.trepanning.net> <CACsn0c=+uKicVmuex+jo5L6VQcJPLuQ45z3T1EZbSXMOrpy-=A@mail.gmail.com>
Date: Tue, 27 Jan 2015 09:30:44 -0800
From: Dan Harkins <dharkins@lounge.org>
To: Watson Ladd <watsonbladd@gmail.com>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/F5jUH6F06aL_3JAHfLrF0hJFNRE>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Point format endian (was: Adoption of draft-ladd-spake2 as a RG document)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jan 2015 17:30:46 -0000

On Tue, January 27, 2015 9:07 am, Watson Ladd wrote:
>
> My SPAKE2 draft contains specified M&N, generated by a C program
> Nathan McCullum sent me. I've been unable to determine what that
> program does in anything more than the vaguest terms because OpenSSL
> internals are opaque, but users do not need to generate their own
> points.

  Yes, it's opaque to you, the application writer. That's the point! But
to have curve25519 as a special case then you'd have to pry into the
opacity of the code and figure out what's going on.

  So to allow Nathan McCullum to send you a chunk of code that
should work with any curve supported by OpenSSL, and have it just
work without you knowing any opaque internals, it requires a
canonical conversion of bitstring to integer to field element and
back.

  If, as you say, users do not need to generate their own points then
they're gonna have to have a registry of M and N for all curves. And
to import a bitstring (for instance from the appendix of your draft)
into code requires converting that bitstring into an element. And
without the canonical conversion then you need to know about the
opaque internals.

  Thank you for illustrating my point so well!

  Dan.