## Tuesday, May 6, 2014

### Dual EC SRP (in SageMath)

I've been using SageMath to work some example numbers for proposal to adapt Secure Remote Passwords to elliptic curves.  For anyone who might want to play around with it, you can read the code below or find the pastebin copy here.

I'm very new to Sage so I apologize if the code stinks.

Note 1: In order to distinguish between Alice and Bob's variables, Alice variable's all begin with "A_" and Bob's with "B_".  Shared parameters (such as the curve E) do not have a prefix.

Note 2: I'm using static values for everything.  In reality, a, b and r should be random.  Feel free to change the values.  Alice and Bob should still agree on their shared key S.

Note 3: I don't use a salt value.  It's important in real life, but not necessary here.

# NIST Parameters
NIST_p = 115792089210356248762697446949407573530086143415290314195533631308867097853951
NIST_r = 115792089210356248762697446949407573529996955224135760342422259061068512044369
NIST_b = Integer(0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b)
NIST_Px = Integer(0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296)
NIST_Py = Integer(0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5)
NIST_Qx = Integer(0xc97445f45cdef9f0d3e05e1e585fc297235b82b5be8ff3efca67c59852018192)

# Construct E and Q using NIST parameters
F = GF(NIST_p)
E = EllipticCurve(F, [0, 0, 0, -3, NIST_b])
print "E: " + str(E)
print
Q = E(NIST_Qx, NIST_Qy)
print "Q: " + str(Q) + "\n"

# Use Alice's password hash to determine P
x = Integer(0x4efa264f5ef3e1a5c95736e07544ebf0)
print "MD5 Hash of \"curve\", x = " + str(x)
P = x*Q
print "P = x*Q = " + str(P) + "\n"

#Create Alice's public key
A_a = Integer(0xd103fb3406c351a03578097503d26fa5)
A_A = A_a*Q
print "Alice's secret key a = " + str(A_a)
print "Alice's public key A = a*Q = " + str(A_A) + "\n"

#Give Alice's key to Bob
B_A = A_A

# Create Bob's public key, Bprime
B_b = Integer(0x6abd98d8b311a26ab2cab394e1ecb8af)
print "Bob's secret key b = " + str(B_b)
B_Bprime = B_b*Q
print "Bob's value of Bprime = " + str(B_Bprime) + "\n"

# Generate Tp and Tq
B_r = Integer(0xdfd98dc638b36d4f86712de2e3bd37de)
print "Bob's random value r = " + str(B_r)
B_Tq = B_r*Q
B_Tp = B_r*P
print "Bob's Tq = r*Q = " + str(B_Tq)
print "Bob's Tp = r*P = " + str(B_Tp)

# Mask Bob's public key using Tp
B_B = B_Bprime+B_Tp
print "Bob's value of B = " + str(B_B) + "\n"

# Give B and Tq to Alice
A_Tq = B_Tq
A_B = B_B

# Calculate Alice's Tp
A_Tp = x*A_Tq
A_Bprime = A_B - A_Tp
print "Alice's Tp = " + str(A_Tp)
print "Alice's Bprime = " + str(A_Bprime) + "\n"

# Alice's calculation of the shared key
A_S = A_a*A_Bprime
print "Alice's S = " + str(A_S)

# Bob's calculation of the shared key
B_S = B_b*B_A
print "Bob's S = " + str(B_S)

Here's a screen capture of the output: Click for full size