sof-auth-model/sof-dhcr.spthy, branch master Symbolic model of SoF auth Model points at infinity as malicious public keys 2026-03-25T14:16:09+00:00 Osmium Sorcerer os@sof.beauty 2026-03-25T14:16:09+00:00 c48736a18976a8d1c62fec3dbfa5c8c4dce38bc6 If the server doesn't check that the user's public key is an identity element O (point at infinity), authentication breaks down. Because O^x = O, no matter the verification secret, the final result will be: h(<O, challenge, O, username>). Username is assumed to be public information in the model, and the challenge is openly sent into the network. What's supposed to prove authenticity of the client via its secret key and identity, now becomes a trivial universal backdoor with the server challenge acting as a direct invitiation. 
If the server doesn't check that the user's public key is an identity
element O (point at infinity), authentication breaks down.

Because O^x = O, no matter the verification secret, the final result
will be: h(<O, challenge, O, username>). Username is assumed to be
public information in the model, and the challenge is openly sent into
the network. What's supposed to prove authenticity of the client via its
secret key and identity, now becomes a trivial universal backdoor with
the server challenge acting as a direct invitiation.
Initialize 2026-03-13T15:50:28+00:00 Osmium Sorcerer os@sof.beauty 2026-03-13T15:50:28+00:00 cd4acb94133f7e6d42f0a04085cd11433b9eb611