diff --git a/auth/request.go b/auth/request.go
index d37385815b55d2f6b1e87fabc5e1f167bb704360..31a064f8f0bf14e6f508b349ee508460a5e92ae3 100644
--- a/auth/request.go
+++ b/auth/request.go
@@ -82,6 +82,11 @@ func (s *state) request(partner contact.Contact, myfacts fact.FactList,
 	historicalDHPub := diffieHellman.GeneratePublicKey(historicalDHPriv,
 		dhGrp)
 
+	if !dhGrp.Inside(partner.DhPubKey.GetLargeInt()) {
+		return 0, errors.Errorf("partner's DH public key is not in the E2E "+
+			"group; E2E group fingerprint is %d and DH key has %d",
+			dhGrp.GetFingerprint(), partner.DhPubKey.GetGroupFingerprint())
+	}
 	ownership := cAuth.MakeOwnershipProof(historicalDHPriv,
 		partner.DhPubKey, dhGrp)
 	confirmFp := cAuth.MakeOwnershipProofFP(ownership)