Re: [Cfrg] I-D Action: draft-irtf-cfrg-augpake-02.txt

[Ilari Liusvaara <ilari.liusvaara@elisanet.fi>]

On Wed, Aug 06, 2014 at 07:12:08AM -0700, internet-drafts@ietf.org wrote:
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>  This draft is a work item of the Crypto Forum Research Group Working Group of the IETF.
> 
>         Title           : Augmented Password-Authenticated Key Exchange (AugPAKE)
>         Authors         : SeongHan Shin
>                           Kazukuni Kobara
> 	Filename        : draft-irtf-cfrg-augpake-02.txt
> 	Pages           : 20
> 	Date            : 2014-08-06
> 
> There's also a htmlized version available at:
> http://tools.ietf.org/html/draft-irtf-cfrg-augpake-02
> 
> A diff from the previous version is available at:
> http://www.ietf.org/rfcdiff?url2=draft-irtf-cfrg-augpake-02

Did a quick read of changes:

Appendix C:

"If the received X from user U is not a point on E or [2^n] * X = 0_E,"

Should this be:

If the received X from user U is not a point on E or [k] * X = 0_E,

Similarly, there is:

"If the received Y from server S is not a point on E or	[2^n] * Y = 0_E,"

Should this be:

"If the received Y from server S is not a point on E or [k] * Y = 0_E,"


Rationale:

k is the cofactor, which may be ("optionally") power of two, it may
not be 2^n.


Also:

"The cofactor k is the value (#E / q) satisfying k = 2^n * q_1 * q_2	
...  q_t where n = {0,1,2} and every primes q_i > q for i = 1, 2,	
..., t."

q_i are bigger than q? Isn't q usually chosen to be the biggest prime
factor of #E?

Also, for some curves one might want to use (due to good performance
and security), k=8.



-Ilari