IETF Logo Mail Archive

Re: [Cfrg] (flaws with Curve25519 DH function, if one does not check the output) Re: Elliptic Curves - curve form and coordinate systems

Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Tue, 17 March 2015 16:12 UTC

Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 457CB1A873D for <cfrg@ietfa.amsl.com>; Tue, 17 Mar 2015 09:12:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gxxkRnxu7TaB for <cfrg@ietfa.amsl.com>; Tue, 17 Mar 2015 09:12:06 -0700 (PDT)
Received: from emh02.mail.saunalahti.fi (emh02.mail.saunalahti.fi [62.142.5.108]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B92D1A872A for <cfrg@irtf.org>; Tue, 17 Mar 2015 09:12:06 -0700 (PDT)
Received: from LK-Perkele-VII (a88-112-44-140.elisa-laajakaista.fi [88.112.44.140]) by emh02.mail.saunalahti.fi (Postfix) with ESMTP id 2EE7781836; Tue, 17 Mar 2015 18:12:04 +0200 (EET)
Date: Tue, 17 Mar 2015 18:12:04 +0200
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: "Salz, Rich" <rsalz@akamai.com>
Message-ID: <20150317161204.GA8321@LK-Perkele-VII>
References: <5501E6A5.5040608@brainhub.org> <A6F30412-8E0A-4D8D-9F26-580307B46874@shiftleft.org> <20150316002255.28855.qmail@cr.yp.to> <20150316044906.GA27479@mournblade.imrryr.org> <5506D5BB.3090700@gmail.com> <20150316135620.GC27479@mournblade.imrryr.org> <5506EF80.7010809@gmail.com> <CACsn0ck6EY1PVB39a6gTxrnxgPTY_quMRGya2jm79CsH4iLC4Q@mail.gmail.com> <CAK9dnSyKKvRwcsciK81tS_wYy+Z7DwozUC0TmRRTRcFqDwuYKQ@mail.gmail.com> <f3fc8edb06ad47389182c0b0c55afaf6@usma1ex-dag1mb2.msg.corp.akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <f3fc8edb06ad47389182c0b0c55afaf6@usma1ex-dag1mb2.msg.corp.akamai.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/KAkil5Ibj562wha_XDyaXG9tCRQ>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] (flaws with Curve25519 DH function, if one does not check the output) Re: Elliptic Curves - curve form and coordinate systems
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Mar 2015 16:12:13 -0000

On Tue, Mar 17, 2015 at 04:00:17PM +0000, Salz, Rich wrote:
> > What's a bit annoying is that the encoding of those inputs has changed over
> > time together with the interpretation of the MSB.
> 
> Really?  Perhaps there were some bugs in the X25519 drafts, but I do not
> think the wire format has ever changed.  Can you provide specifics and,
> ideally, links?

I guess this refers to interpretation of public keys with high bit set.

Some implementations (notably the original) don't ignore the high bit,
whereas newer stuff (and some implementations switched midway) ignore
the high bit.

This affects what octet sequences with high bit set represent public
keys with low order.


-Ilari

v2.23.0 | Report a Bug | By Email