[Cfrg] Security proofs v DH backdoors

Dan Brown <danibrown@blackberry.com> Tue, 25 October 2016 13:10 UTC

Return-Path: <danibrown@blackberry.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 7E829129544 for <cfrg@ietfa.amsl.com>; Tue, 25 Oct 2016 06:10:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.132
X-Spam-Status: No, score=-1.132 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id GjiR6sobHTvw for <cfrg@ietfa.amsl.com>; Tue, 25 Oct 2016 06:10:18 -0700 (PDT)
Received: from smtp-p01.blackberry.com (smtp-p01.blackberry.com []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D471129574 for <cfrg@irtf.org>; Tue, 25 Oct 2016 06:10:17 -0700 (PDT)
Received: from xct104cnc.rim.net ([]) by mhs210cnc.rim.net with ESMTP/TLS/DHE-RSA-AES256-SHA; 25 Oct 2016 09:10:16 -0400
Received: from XMB116CNC.rim.net ([fe80::45d:f4fe:6277:5d1b]) by XCT104CNC.rim.net ([::1]) with mapi id 14.03.0319.002; Tue, 25 Oct 2016 09:10:16 -0400
From: Dan Brown <danibrown@blackberry.com>
To: CFRG <cfrg@irtf.org>
Thread-Topic: Security proofs v DH backdoors
Thread-Index: AdIuwSDNwRWUIafTQyeYSwlwLZEKKQ==
Date: Tue, 25 Oct 2016 13:10:16 +0000
Message-ID: <20161025131014.5709905.2866.6563@blackberry.com>
Accept-Language: en-US
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_20161025131014570990528666563blackberrycom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/w_ct19eBQOJyGYRWWH8gu7HH7Nk>
Subject: [Cfrg] Security proofs v DH backdoors
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Oct 2016 13:10:20 -0000

How do the 3 recent IACR eprints on FFDH backdoors‎ reconcile with past security proofs for TLS, SSH, etc?

Some guesses: (1) the attacks are outside the security definitions (=> attacks not so important?), (2) the proofs assume strong FFDH groups plus validation, etc.

Sent from my BlackBerry 10 smartphone on the Rogers network.