Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do we remove leading zeros from a ECDH key agreement secret #3

Closed
jimsch opened this issue Aug 7, 2015 · 1 comment
Closed

Do we remove leading zeros from a ECDH key agreement secret #3

jimsch opened this issue Aug 7, 2015 · 1 comment

Comments

@jimsch
Copy link

jimsch commented Aug 7, 2015

For the NIST curves, there are two different methods of using the resulting shared secret.

TLS treats the resulting output as an integer and thus removes all leading zero bytes.

S/MIME treats the resulting output as a byte string and keeps leading zeros.

Both methods are equally secure in terms of the randomness that is included in the following KDF.

Note: This is not an issue for the newly minted CFRG ECDH algorithms. The shared secret is defined to be an octet string and leading bytes would not be removed.
@jimsch
Copy link
Author

jimsch commented Aug 29, 2015

Input from Ilari tells me that while this is true in TLS for the DH algorithm, this is not true for the ECDH algorithm. This means that we can assume that leading zeros are not going to be removed in any situation. I don't think we need to document this fact.

@jimsch jimsch closed this as completed Aug 29, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jimsch