[noise] Invalid point attacks

Trevor Perrin trevp at trevp.net
Thu Mar 30 14:22:05 PDT 2017


On Thu, Mar 30, 2017 at 2:13 PM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
>
> DH(private, public_zero) = 0
> DH(private, CLAMP(public_zero)) != 0
>
> So, you raise a good point.

Not sure what you mean by clamping a public value, I meant:

private = CLAMP(0)
public = DH(private, basepoint)

private != 0
public != 0
DH(private, good_public) != 0

Trevor


More information about the Noise mailing list