IETF Logo Mail Archive

[CFRG] [Technical Errata Reported] RFC7748 (7879)

RFC Errata System <rfc-editor@rfc-editor.org> Tue, 02 April 2024 20:23 UTC

Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEBBEC151066; Tue, 2 Apr 2024 13:23:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.949
X-Spam-Level:
X-Spam-Status: No, score=-3.949 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Urvd_2TFN6tC; Tue, 2 Apr 2024 13:23:02 -0700 (PDT)
Received: from rfcpa.amsl.com (rfcpa.amsl.com [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD6C6C14CEFD; Tue, 2 Apr 2024 13:22:57 -0700 (PDT)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 9242D18FFDB3; Tue, 2 Apr 2024 13:22:57 -0700 (PDT)
To: agl@google.com, mike@shiftleft.org, sean@sn3rd.com, irsg@irtf.org, cfrg@irtf.org
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: nawrashussein2@gmail.com, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20240402202257.9242D18FFDB3@rfcpa.amsl.com>
Date: Tue, 02 Apr 2024 13:22:57 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/bqqbOm71UipXuqtks2gr3Dh8TgU>
Subject: [CFRG] [Technical Errata Reported] RFC7748 (7879)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2024 20:23:07 -0000

The following errata report has been submitted for RFC7748,
"Elliptic Curves for Security".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid7879

--------------------------------------
Type: Technical
Reported by: Nawras Hussein Sabbry <nawrashussein2@gmail.com>

Section: 5

Original Text
-------------
z_2 = E * (AA + a24 * E)

Corrected Text
--------------
z_2 = E * (BB + a24 * E)

Notes
-----
In the for loop on page 8, the variable AA should be replaced with BB in Z_2. This modification is necessary because the mathematical formula for point doubling on the Montgomery curve according to (https://en.wikipedia.org/wiki/Montgomery_curve#Montgomery_arithmetic) indicates that Z2n (equivalent to Z_2 in this case) is calculated as follows: Z2n = 4XnZn((Xn-Zn)^2 + ((A+2)/4)(4XnZn)). It is observed in this equation that the operation in the (Xn-Zn)^2 part involves subtraction similar to the variable B, while the operation in the variable A involves addition. Considering this discrepancy, it is suggested to substitute AA with BB for correctness.

Instructions:
-------------
This erratum is currently posted as "Reported". (If it is spam, it 
will be removed shortly by the RFC Production Center.) Please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
will log in to change the status and edit the report, if necessary.

--------------------------------------
RFC7748 (draft-irtf-cfrg-curves-11)
--------------------------------------
Title               : Elliptic Curves for Security
Publication Date    : January 2016
Author(s)           : A. Langley, M. Hamburg, S. Turner
Category            : INFORMATIONAL
Source              : Crypto Forum Research Group
Stream              : IRTF
Verifying Party     : IRSG

v2.23.0 | Report a Bug | By Email