Brian's Blog cryptography
SPAKE2 Interoperability
I've been working on a Rust implementation of SPAKE2. I want it to be compatible with my Python version. What do I need to change? Where have I accidentally indulged in protocol design, so a choice I make in this library might cause it to behave differently than somebody else's …
more…Uniformly Random Scalars
Many cryptographic protocols, like Diffie-Hellman and SPAKE2, require a way to choose a uniformly random scalar from some prime-order range. Why? What is the best way to do this?
What (is a scalar)?
Classic Diffie-Hellman Key Exchange starts with each side chosing a random scalar. This is kept secret, but …
more…SPAKE2 "random" elements
SPAKE2 requires two special "arbitrary" constants M and N. What properties do these constants really need? What attacks are possible if these requirements are not met?
SPAKE2, like all PAKE ("Password-Authenticated Key Exchange") protocols, allows two people start with a weak password and then agree upon a strong shared key …
more…