[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Forward secrecy in spiped

To: Frederick Akalin <akalin@gmail.com>
Subject: Re: Forward secrecy in spiped
From: Colin Percival <cperciva@tarsnap.com>
Date: Fri, 25 Apr 2014 00:13:34 -0700
Cc: spiped@tarsnap.com
In-reply-to: <CAC0aHXZhKkPnAjPrvBd0HMrbMnAn1k9HykUFE0QzeMjPzEuhUw@mail.gmail.com>
References: <CAC0aHXa79cBJ7VxsRL-3AYNTnrgV4vsffpXmMCO0rog-njDTYw@mail.gmail.com> <0000014595fb9049-a9e40991-6b7e-4b8d-90ea-1e888c1d03e0-000000@email.amazonses.com> <CAC0aHXZhKkPnAjPrvBd0HMrbMnAn1k9HykUFE0QzeMjPzEuhUw@mail.gmail.com>

On 04/24/14 17:08, Frederick Akalin wrote:
> On Thu, Apr 24, 2014 at 4:04 PM, Colin Percival <cperciva@tarsnap.com> wrote:
>> If you receive y=1 from a protocol-compliant endpoint, it is running with
>> FPS turned off.
> 
> You're right. I had to think for a bit to come up with a proof -- for
> anyone else who is wondering, it follows from there being no
> non-trivial square roots of unity mod p for prime p, and from the fact
> that we're working in the group of quadratic residues mod p.

Much simpler proof: The standard MODP groups, including group #14 which we use,
are selected such that q = (p - 1) / 2 is prime.  Consequently the group of
quadratic residues is cyclic and 2^x = 1 mod p means that x = 0 mod q. :-)

-- 
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid

References:
- Forward secrecy in spiped
  - From: Frederick Akalin <akalin@gmail.com>
- Re: Forward secrecy in spiped
  - From: Frederick Akalin <akalin@gmail.com>

Prev by Date: Re: Forward secrecy in spiped
Next by Date: Re: Forward secrecy in spiped
Previous by thread: Re: Forward secrecy in spiped
Next by thread: Re: Forward secrecy in spiped
Index(es):
- Date
- Thread