draft-mglt-lurk-tls12's People
Forkers
icboureanudraft-mglt-lurk-tls12's Issues
X25519/X448 proof of possession verification
There is a problem applying currently defined ECDHE proof-of-possession mechanism to X25519 and X448 key exchanges. The issue is that neither X25519 nor X448 compute the sign of the result, and thus it is impossible to tell apart P+Q and P-Q.
Fortunately, it seems it is enough to check if tG is in { c(bG) + rG, c(bG) - rG } = { cB + R, cB - R}. And this check can be performed efficiently, as shown in cryptology eprint 2017/518. However, there is a further complication: The c must be clamped before computing cb+r on client side (clamping is just 2 bit-wise single-byte/word AND and 1 bit-wise single-byte/word OR, so very cheap), since X25519 and X448 implementations have internal clamp on private key.
Regarding future extensions to TLS 1.2, I think it is very unlikely that ECDHE key exchange in TLS 1.2 is ever extended to anything so exotic that neither straightforward addition nor techniques described in the paper above work. This does not hold for TLS 1.3 however. But TLS 1.3 has explicit type tags for signatures, so one presumably does not need proof-of-possession (and the signature payload is a hash too).
Edit: Turns out this is insufficient to to be able to use stock x25519/x448 implementations with internal clamp. To use those, also b and r must be clamped. But even that would not be enough: the t must have clamped representation that is equivalent mod order, and only about half of possible values of t have such. r can be varied, but unfortunately there are pairs (b, c) such that no r is suitable. But fortunately it turns out that t = cb - r also works (since signs are lost in computation) and one of cb + r and cb - r always has r that gives suitable t.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.