Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cryptography - suggested verification of Diffie-Hellman points #2501

Open
randomstuff opened this issue Jan 2, 2025 · 3 comments
Open

Cryptography - suggested verification of Diffie-Hellman points #2501

randomstuff opened this issue Jan 2, 2025 · 3 comments
Assignees
@danielcuthbert
Labels
1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) V6 _5.0 - prep This needs to be addressed to prepare 5.0

Comments

@randomstuff
Copy link
Contributor

Suggested recuirement from Bart Preneel:

6.7.2. [ADDED] For Diffie-Hellman and Elliptic Curve Diffie-Hellman, verify that the point received is legitimate: e.g, for Diffie-Hellman the values 0, 1, and p-1 are not valid and for Elliptic Curve Diffie-Hellman (ECDH) the point should lie on the elliptic curve and should not be the point P or the point at infinity.
@randomstuff
Copy link
Contributor Author

randomstuff commented Jan 2, 2025
edited
Loading

It is indeed important that the code verifies that the DH points are valid.

I think the wording should be instead:

6.7.2. [ADDED] Verify that the when the application receives a Diffie-Hellman point for Diffie-Hellman key agreement, it verified that this point is valid. For Finite Field Diffie-Hellman the values 0, 1, and p-1 are not valid. For Elliptic Curve Diffie-Hellman (ECDH), the point should lie on the elliptic curve and should not be the point P or the point at infinity.

Question: I'm wondering what "the point P" is? Are we talking about the generator of the subgroup? If so, this requirement should equally apply to FFDH?

About "the point P", should this requirement apply to FFDH as well (i.e. the point should not be the generator)?

@randomstuff
Copy link
Contributor Author

See RFC 2631 for some validation of Finite Field Diffie-Hellman public keys.

@elarlang elarlang added the V6 label Jan 3, 2025
@tghosth tghosth added 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet _5.0 - prep This needs to be addressed to prepare 5.0 labels Jan 5, 2025
@tghosth
Copy link
Collaborator

tghosth commented Jan 5, 2025

I defer to @danielcuthbert

@tghosth tghosth added the Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) label Jan 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@danielcuthbert danielcuthbert

Labels
1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) V6 _5.0 - prep This needs to be addressed to prepare 5.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@randomstuff @danielcuthbert @tghosth @elarlang