[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [torspec/master] Clarify the point-at-infinity check we actually used.



commit feaa2da97b8c3871fe9aa609498fc5f73de8b30d
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Thu Dec 13 11:45:27 2012 -0500

    Clarify the point-at-infinity check we actually used.
---
 proposals/216-ntor-handshake.txt |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/proposals/216-ntor-handshake.txt b/proposals/216-ntor-handshake.txt
index cb36ea1..fe727b1 100644
--- a/proposals/216-ntor-handshake.txt
+++ b/proposals/216-ntor-handshake.txt
@@ -91,8 +91,9 @@ Protocol:
 
     The client verifies that AUTH == H(auth_input, t_mac).
 
-  [NOTE: It may be adequate to check that EXP(Y,x) is not the point at
-  infinity.  See tor-dev thread.]
+  Both parties check that none of the EXP() operations produced the point at
+  infinity. [NOTE: This is an adequate replacement for checking Y for group
+  membership, if the group is curve25519.]
 
   Both parties now have a shared value for KEY_SEED.  They expand this into
   the keys needed for the Tor relay protocol.

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits