Lines Matching full:subgroup
37 * <p>Subgroup confinment attacks:
41 * element of a small subgroup. If the receiver does not check for such elements then may be
42 * possible to find the private key modulo the order of the small subgroup.
46 * NIST SP 800-56A rev. 2, Section 5.5.1.1 only requires that the size of the subgroup generated
49 * bit prime p and a 224 bit prime q are sufficient for 112 bit security. To avoid subgroup
59 * values as PKCS#3. In particular, it does not contain the order of the subgroup q.
64 * subgroup confinement attacks. Without a key validation it is insecure to use the key-pair
77 * order subgroup", CRYPTO' 98, pp 249?263.
85 * <p>RFC 2785, "Methods for Avoiding 'Small-Subgroup' Attacks on the Diffie-Hellman Key Agreement
301 assertEquals("g likely does not generate a prime oder subgroup", BigInteger.ONE,
305 // I.e., subgroup confinment attacks can find at least keySize - r.bitLength() bits of the key.
361 * itself cannot prevent all small-subgroup attacks because of the missing parameter q in the
