[STDS-802-11-TGAI] modp group question
Hi Dan:
RFC 3526 specifies a number of MODP groups Zp, but does not seem to
specify the order q of the prime-order subgroup G of Zp\{0} to be used
with DH. The RFC document does not mention what the presumed
cryptographic bit strength of any of these discrete log groups is. Do
you know where the q-values in RFC 3526 are defined?
This topic came up, since 802.11ai/D0.4 refers to the IANA DLP groups as
allowed groups for FILS authentication.
For specification purposes, one needs to know
a) presumed cryptographic bit strength;
b) value of order q of prime order subgroup.
The value of q is required for use of DSS with the groups in question
(since signatures have size roughly 2*bit-size(q)). The presume
bit-strength would help in specifying which hash functions are supposed
to be used of "matching" security strength.
IANA DLP groups #14-#17 ("huge" discrete log groups):
#14 - 2048-bit DLP group (256=2*128 octets);
#15 - 3072-bit DLP group (384=3*128 octets);
#16 - 4096-bit DLP group (512=4*128 octets);
#17 - 6144-bit DLP group (768=6*128 octets);
#18 - 8192-bit DLP group (1024=8*128 octets).
Best regards, Rene
--
email: rstruik.ext@xxxxxxxxx | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
_______________________________________________________________________________
IF YOU WISH to be Removed from this reflector, PLEASE DO NOT send your request to this
CLOSED reflector. We use this valuable tool to communicate on the issues at hand.
SELF SERVICE OPTION:
Point your Browser to - http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGAI and
then amend your subscription on the form provided. If you require removal from the reflector
press the LEAVE button.
Further information can be found at: http://www.ieee802.org/11/Email_Subscribe.html
_______________________________________________________________________________