[Cfrg] Quotient groups and SPAKE2
Watson Ladd <watsonbladd@gmail.com> Sat, 27 April 2019 21:53 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C59F61202A4 for <cfrg@ietfa.amsl.com>; Sat, 27 Apr 2019 14:53:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SFKfv7fpzldH for <cfrg@ietfa.amsl.com>; Sat, 27 Apr 2019 14:53:30 -0700 (PDT)
Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF01212029D for <cfrg@irtf.org>; Sat, 27 Apr 2019 14:53:29 -0700 (PDT)
Received: by mail-lf1-x133.google.com with SMTP id t30so4963385lfd.8 for <cfrg@irtf.org>; Sat, 27 Apr 2019 14:53:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=q7rFa+JTI1xSE+8ESSli1n21tLwoYjXzG0L4D0e/t8A=; b=kpRCBUc8lmLDNi4cRXj51jdingxyA4szAS3NsHEMzTEwI5PrjsI0C61mTK4Wh+BkD6 mRU/oGO/O4nU3knoUZizY+FZHQmFXBKhW+rZsYK/ZtWbKFvylepjRjn4k04MOcp2yUZ8 ofO74RYqrrM0wVQpVBZ8h81BuRni8cpgIXcssLaG8IwCp7XVs0HA0tARxfkdfncFiK1i Z0xzI6sGch0qBidjK3osUUAN+2SN5ilQDn7gl9AFf2GltNUMEGu2M9pMoxSmOxZbwuI9 mU9CzOKXwUJe6YZZidMAE6uVmOFub5mnnHzdvadrSMXWBPXVFkzHN690UuPXw6AkW4y9 +boA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=q7rFa+JTI1xSE+8ESSli1n21tLwoYjXzG0L4D0e/t8A=; b=WIj/q9yg6XFON/uSggxEMnXW716gPAAePLpT05lYZGpAfOqVnBVBw3tjWt0zl8YgwK uow7jYI8tC3UCx1LiictBR/xEWzTAPbXre5XvOKRQZ1I/Np4B+TU7ElSK0Rd28H2BApE u/NERvwj5tSJRKKLdVpFISIMsDYgkHaeWraHhxu79qBXTpMnr3OdneSZfT9Z9N5koZ2Y PVTa3OAR+rfp2dG3+nPeHQ2Ahb1op07DFyMd4kErDeaWrjGD32/l79zi/YDeMUYza5OK GvjLWhQ5yG4EnlEMp0Tb1NiNE8IWjWZxD/AGEiVaIeMw7+Q15Ftq/2ihc9cC8oVo1PFy 7/Bg==
X-Gm-Message-State: APjAAAVtWz/CC5/tDsghfYl10/87MT4YaQVxwh+Da/KXsIFKiY6zVjRn pobiJOMdSDt/BSqhA9klJMzING5K8dw2JNFTRXGLLQ==
X-Google-Smtp-Source: APXvYqzVNOC5+v0efD/EAGgs6PjU0x+ZLNAbGw7Myz0raOYLB2hM+vNO3YZem95KBdNubmRt2nWb9coMCzHQw88ByBM=
X-Received: by 2002:ac2:51da:: with SMTP id u26mr28271039lfm.32.1556402007335; Sat, 27 Apr 2019 14:53:27 -0700 (PDT)
MIME-Version: 1.0
From: Watson Ladd <watsonbladd@gmail.com>
Date: Sat, 27 Apr 2019 14:53:16 -0700
Message-ID: <CACsn0cnQXTOEb8fcsy-ygSWcs2fXwtQDrRuZ51T1Xq=KUGXE=Q@mail.gmail.com>
To: CFRG <cfrg@irtf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/PKodm9ZWeA7tYg1pvemT5q76J_A>
Subject: [Cfrg] Quotient groups and SPAKE2
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Apr 2019 21:53:32 -0000
Dear all, When I wrote the -07 I attempted to make sure all operations were happening in the quotient group. The map from the group to the quotient group is multiplication by h, and the final answer is multiplied by some consistent multiple of h, which is invertible so doesn't affect the security. (An efficiently computable isomorphism applied consistently can be applied by an attacker is the principle). -08 attempted to use membership in the prime order group but failed to specify the check correctly. I hope this clarifies things. Sincerely, Watson Ladd
- [Cfrg] Quotient groups and SPAKE2 Watson Ladd