1
2# M and N are defined as "randomly chosen elements of the group". It is
3# important that nobody knows their discrete log (if your
4# parameter-provider picked a secret 'haha' and told you to use
5# M=pow(g,haha,p), you couldn't tell that M wasn't randomly chosen, but
6# they could then mount an active attack against your PAKE session). S
7# is the same, but used for both sides of a symmetric session.
8#
9# The safe way to choose these is to hash a public string.
10
11class _Params:
12    def __init__(self, group, M=b"M", N=b"N", S=b"symmetric"):
13        self.group = group
14        self.M = group.arbitrary_element(seed=M)
15        self.N = group.arbitrary_element(seed=N)
16        self.S = group.arbitrary_element(seed=S)
17        self.M_str = M
18        self.N_str = N
19        self.S_str = S
20