Equal Troubles about kyber HOT 4 CLOSED

Sorry I wasn't able to get back to looking at this until now.

The intention of both the Point and Secret interfaces is that you are supposed to set objects of those classes explicitly to something before you try to use them (e.g., in Equal or any other method that reads them). For example, if you want to compare a point P against the neutral element, then you might do P.Equal(suite.Point().Null()), not just P.Equal(suite.Point()). If you want to compare P against the standard base point, you might do P.Equal(suite.Point().Base()). I just committed a change to the documentation for abstract.Group to clarify this requirement; sorry that was left unclear.

It's of course perfectly debatable whether the Point/Secret interfaces should require explicit initialization before use: for example, Go's big.Int does not require initialization before use, such that any uninitialized big.Int defaults to zero. That's convenient, and probably makes sense for general-purpose big.Int calculations. However, since Secret and Point objects are specifically intended for security-critical usage scenarios, in which buggy code that forgets to initialize a Secret or Point to the non-zero value it's supposed to have might very easily "fail open" and look like it's behaving correctly while in fact being completely insecure, it seemed to me that avoiding that security risk of actually having a Secret or Point default to a "null" value seems worth the slight convenience cost of requiring every Secret or Point to be explicitly initialized before use.

Make sense?
B

from kyber.

Thanks, I thought group.Point() and group.Secret() returned initialized objects. I should be able to finish up the testing code now.

As a side note, for the different cryptographic schemes that we have, are there any that will generate a fresh, initialized secret (private key) and a point (public key) from that secret?

from kyber.

On Jan 28, 2015, at 3:31 PM, William Bailey [email protected] wrote:

Thanks, I thought group.Point() and group.Secret() returned initialized objects. I should be able to finish up the testing code now.

As a side note, for the different cryptographic schemes that we have, are there any that will generate a fresh, initialized secret (private key) and a point (public key) from that secret?

Use Secret.Pick() to generate the fresh private key and Point.Mul() to produce its public key. Just grep through the crypto library source code and existing test cases and you’ll find a lot of examples where that is done.

B

—
Reply to this email directly or view it on GitHub #21 (comment).

from kyber.

Thanks!

from kyber.