RFC Errata
RFC 7836, "Guidelines on the Cryptographic Algorithms to Accompany the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012", March 2016
Source of RFC: INDEPENDENTSee Also: RFC 7836 w/ inline errata
Errata ID: 6201
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Billy Brumley
Date Reported: 2020-06-03
Verifier Name: Adrian Farrel
Date Verified: 2020-07-01
Section 4.3.2 says:
where m and q are the parameters of an elliptic curve defined in the GOST R 34.10-2012 [GOST3411-2012] standard (m is an elliptic curve points group order, q is an order of a cyclic subgroup), P is a non- zero point of the subgroup; P is defined by a protocol.
It should say:
where m and q are the parameters of an elliptic curve defined in the GOST R 34.10-2012 [GOST3411-2012] standard (m is an elliptic curve points group order, q is an order of a cyclic subgroup), P is a non- zero point of the subgroup; P is defined by a specification of an elliptic curve or by a protocol. Note that in most practical cases the private key y is unknown so the point (y*P) is just a pair of coordinates, which MUST be checked for satisfying the curve equation before calculating the K value.
Notes:
The proposed text clarifies the P point specification ways and the need to check the public key of one side for belonging to the elliptic curve used by the opposite side.