[tor-commits] [torspec/master] Clarify the point-at-infinity check we actually used.
nickm at torproject.org
nickm at torproject.org
Thu Dec 13 16:45:46 UTC 2012
commit feaa2da97b8c3871fe9aa609498fc5f73de8b30d
Author: Nick Mathewson <nickm at torproject.org>
Date: Thu Dec 13 11:45:27 2012 -0500
Clarify the point-at-infinity check we actually used.
---
proposals/216-ntor-handshake.txt | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/proposals/216-ntor-handshake.txt b/proposals/216-ntor-handshake.txt
index cb36ea1..fe727b1 100644
--- a/proposals/216-ntor-handshake.txt
+++ b/proposals/216-ntor-handshake.txt
@@ -91,8 +91,9 @@ Protocol:
The client verifies that AUTH == H(auth_input, t_mac).
- [NOTE: It may be adequate to check that EXP(Y,x) is not the point at
- infinity. See tor-dev thread.]
+ Both parties check that none of the EXP() operations produced the point at
+ infinity. [NOTE: This is an adequate replacement for checking Y for group
+ membership, if the group is curve25519.]
Both parties now have a shared value for KEY_SEED. They expand this into
the keys needed for the Tor relay protocol.
More information about the tor-commits
mailing list