[Cfrg] Why zero checks?
Watson Ladd <watsonbladd@gmail.com> Thu, 26 March 2015 03:19 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9157B1A6FEF for <cfrg@ietfa.amsl.com>; Wed, 25 Mar 2015 20:19:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sQdhV2lHJYO5 for <cfrg@ietfa.amsl.com>; Wed, 25 Mar 2015 20:19:57 -0700 (PDT)
Received: from mail-yh0-x234.google.com (mail-yh0-x234.google.com [IPv6:2607:f8b0:4002:c01::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82DF41A6FEC for <cfrg@irtf.org>; Wed, 25 Mar 2015 20:19:57 -0700 (PDT)
Received: by yhjf44 with SMTP id f44so20995426yhj.3 for <cfrg@irtf.org>; Wed, 25 Mar 2015 20:19:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=3IsP83sBcFfrm2P/AhYrYRmF1au9jTYo4+EgwEeLhds=; b=PwJJzlT9uBsoyamQkldpSZodesj1X3I8QkV4TnnnHmgzI1lz+aSI7HMFzEOskL2cDg TFq+EEV33+BvQQ9HxiPxVV5J/+G94qgm1GaHPu4uGGrJ7eT/6jbQZ4mjge/a4C1o+I9T wNpiOe8sPt/bFrspbpu9rCNmyaq21dz/dzPTiYIJ04PownW9b3zqhVmX94J1Js7UJtMA tZPPYiehW+kkFdR4PM0odDAZA78wJKXMCsjy0V+y7WIjZG6XHu5+Wq/VsLwFJdXCuBPv kAp28twu8fe1Lxg3uoheyK2XKshXZu1tcQWr5rC65bFFvYEd7LrIgJP1KIjTfXyFN+3y EvtQ==
MIME-Version: 1.0
X-Received: by 10.236.1.38 with SMTP id 26mr13008650yhc.163.1427339996855; Wed, 25 Mar 2015 20:19:56 -0700 (PDT)
Received: by 10.170.58.201 with HTTP; Wed, 25 Mar 2015 20:19:56 -0700 (PDT)
Date: Wed, 25 Mar 2015 20:19:56 -0700
Message-ID: <CACsn0cnsYxzs4CZsstmRqBgeeiagDg6cCxzxo5BV2nSEA6jvTw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/idCfKikSdhvh2JPibLzoi5-3WQU>
Subject: [Cfrg] Why zero checks?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2015 03:19:58 -0000
Draft-irtf-cfrg-02 contains the following sentence: "Both MUST check, without leaking extra information about the value of K, whether K is the all-zero value and abort if so (see below)." This check isn't currently implemented by any Curve25519 implementation. It's also not necessary in most protocols, as the exchanged DH parameters will either be signed or authenticated some other way. Why has this been added? Sincerely, Watson Ladd
- [Cfrg] Why zero checks? Watson Ladd
- Re: [Cfrg] Why zero checks? Damien Miller
- Re: [Cfrg] Why zero checks? lfw_frank
- Re: [Cfrg] Why zero checks? Adam Langley
- Re: [Cfrg] Why zero checks? Adam Langley
- Re: [Cfrg] Why zero checks? CodesInChaos
- Re: [Cfrg] Why zero checks? Nick Mathewson
- Re: [Cfrg] Why zero checks? D. J. Bernstein
- Re: [Cfrg] Why zero checks? Andy Lutomirski
- Re: [Cfrg] Why zero checks? Watson Ladd
- Re: [Cfrg] Why zero checks? Nico Williams