Re: [Cfrg] [TLS] Curve25519 in TLS and Additional Curves in TLS
Michael Hamburg <mike@shiftleft.org> Fri, 24 January 2014 20:13 UTC
Return-Path: <mike@shiftleft.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3163B1A004E for <cfrg@ietfa.amsl.com>; Fri, 24 Jan 2014 12:13:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.157
X-Spam-Level: **
X-Spam-Status: No, score=2.157 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_NET=0.311, HTML_MESSAGE=0.001, J_CHICKENPOX_12=0.6, RDNS_DYNAMIC=0.982, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Cv7hW9w4AKt for <cfrg@ietfa.amsl.com>; Fri, 24 Jan 2014 12:13:52 -0800 (PST)
Received: from aspartame.shiftleft.org (199-116-74-157-v301.PUBLIC.monkeybrains.net [199.116.74.157]) by ietfa.amsl.com (Postfix) with ESMTP id 377441A001A for <cfrg@irtf.org>; Fri, 24 Jan 2014 12:13:52 -0800 (PST)
Received: from [10.184.148.249] (w035.z205158021.lax-ca.dsl.cnc.net [205.158.21.35]) by aspartame.shiftleft.org (Postfix) with ESMTPSA id 8D3803AA04; Fri, 24 Jan 2014 12:11:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=shiftleft.org; s=sldo; t=1390594290; bh=J/wRlGpZt9rV+dT+nv0Ho/CoHe3ZllnlmJJUDhvvUOE=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=BzwVbzqf6IjdFt/5G6vqafwPntMpF/xxn3kWbfonUUb0kTNKblUPVw1XRiLJ2GL60 7JhG3VcTGHwCf8txXr5g+KebFLTBr8IiBZCra8ZQG41toSz9VLcxWZrgM1CNYxUVa2 PU2BRNiOc0XdOq+GVr0R2ippkwNg+yicV/gZzJZA=
Content-Type: multipart/alternative; boundary="Apple-Mail=_1B2A3C34-139A-4B9D-BF14-72892ED54265"
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Michael Hamburg <mike@shiftleft.org>
In-Reply-To: <52E2C6A2.1010403@brainhub.org>
Date: Fri, 24 Jan 2014 12:13:49 -0800
Message-Id: <98B78561-8357-4636-ADA7-1A55FE32C491@shiftleft.org>
References: <87ob3456s1.fsf@latte.josefsson.org> <CABqy+spt7BYqjsqLAkZssGp3aY9M+iLqV+pmyr7ZN-TXmJJpVg@mail.gmail.com> <52E060D0.9030801@polarssl.org> <CABqy+spJoswrPovxf18QS1SGdk6K=mfny6joJm3X24Vh65oagQ@mail.gmail.com> <52E0E241.40406@polarssl.org> <CABqy+sqs31ATDWJSum55m1o5pRvw8Wq5GtB-mF-hgP2emB5eFQ@mail.gmail.com> <CABqy+sozYSOTh7pbUS2GXf=4kYV3zgztXZBa10Bx=s-N8zHHyA@mail.gmail.com> <CABqy+soSojSMfx=yU9eFhmAeuJaJ_r=4h=RDR6JtOchYZ9zsQA@mail.gmail.com> <52E1BAE0.8060809@brainhub.org> <2311ADE0-B85D-4EEA-A675-03ED3735DE1D@shiftleft.org> <52E208AD.2020100@brainhub.org> <0F98B193-910E-430B-A5DF-4F72A3D9C6EC@shiftleft.org> <52E2C6A2.1010403@brainhub.org>
To: Andrey Jivsov <crypto@brainhub.org>
X-Mailer: Apple Mail (2.1827)
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] [TLS] Curve25519 in TLS and Additional Curves in TLS
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jan 2014 20:13:53 -0000
On Jan 24, 2014, at 12:01 PM, Andrey Jivsov <crypto@brainhub.org> wrote: > This should work for your suggestions to use the Elligator map, assuming that I get the corresponding scalar. > > I will need access to the private m for M=mG. I assumed it is sort of a user static public key. > > The server side adjustments are similar. It is critical to the security of SPAKE2 that nobody can know m. Part of why Elligator is nice is that it removes the possibility that someone could somehow figure out m, thereby breaking the security of the entire system. It is an essential security feature of Elligator (in this use and others) that it does not give you access to that discrete log. So, in other words, you can’t do this, and changing the system so that you can do this would break it. Cheers, — Mike
- [Cfrg] Fwd: [TLS] Curve25519 in TLS and Additiona… Robert Ransom
- Re: [Cfrg] Fwd: [TLS] Curve25519 in TLS and Addit… Andrey Jivsov
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Michael Hamburg
- Re: [Cfrg] Fwd: [TLS] Curve25519 in TLS and Addit… Robert Ransom
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Robert Ransom
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Mike Hamburg
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Andrey Jivsov
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Michael Hamburg
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Andrey Jivsov
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Michael Hamburg
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Andrey Jivsov
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Robert Ransom
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Andrey Jivsov
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Watson Ladd
- Re: [Cfrg] [TLS] Curve25519 in TLS and Additional… Dan Harkins
- Re: [Cfrg] Fwd: [TLS] Curve25519 in TLS and Addit… Andrey Jivsov
- Re: [Cfrg] Fwd: [TLS] Curve25519 in TLS and Addit… Robert Ransom
- Re: [Cfrg] Fwd: [TLS] Curve25519 in TLS and Addit… Andrey Jivsov