J-Pake over EC

[roshanrajaratnam]

Hi, if I understood correctly the current implementation of J-Pake is based on J-Pake over Finite Field? If so will there be a J-Pake over EC implementation in your road map? If not do you have any suggestions as to how we approach implementing this ourselves? Any feedback would be much appreciated. If you do have any other channel where we could take these discussions I would like to discuss it there. Thanks again.

[mathiaszenger]

Hi, I have the same question. I am curious if you got any answer to your request or if it was moved to somewhere else. Thanks for sharing.

[haofeng66]

Yes, the current J-PAKE implementation in BC is over Finite Field only. The code was originally written by Phil Clay in 2013 (I proofread his code back then). An elliptic curve implementation of J-PAKE should be straightforward; see an example demo: https://github.com/haofeng66/J-PAKE-demo/blob/master/EllipticCurveJPAKEDemo.java. The protocol is exactly the same. However, I haven't got the time to include this into BC myself. If people are interested, this can be something worth doing. If we are to add an EC version of J-PAKE in BC, I think it will be really good to ensure it is compatible with the existing EC-JPAKE implementation in Thread. This is not difficult but needs some testing. I should be able to find test vectors. If anyone is interested to contribute, please feel free to get in touch. - Feng Hao (feng.hao at Warwick ac uk)

[sergeuz]

Just stumbled across this discussion. I ported the EC-JPAKE implementation from mbedTLS, which is based on the Thread spec, to Java/BouncyCastle for one of my company's projects. It's under Apache 2.0 and can be found here.

[haofeng66]

Dawid has done an elliptic curve J-PAKE implementation based on adapting the finite field J-PAKE implementation in bouncycastle, as part of a university summer project working with me. Here is the pull request: https://github.com/bcgit/bc-java/pull/1842. Any comments can be posted there. @dawmit