[Cfrg] CFRG feedback on signing with secp256k1 curve
Mike Jones <Michael.Jones@microsoft.com> Tue, 12 June 2018 00:03 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04CE112F1AB for <cfrg@ietfa.amsl.com>; Mon, 11 Jun 2018 17:03:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OXukMOBCRxOb for <cfrg@ietfa.amsl.com>; Mon, 11 Jun 2018 17:03:12 -0700 (PDT)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0098.outbound.protection.outlook.com [104.47.40.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D84BF130DC4 for <cfrg@irtf.org>; Mon, 11 Jun 2018 17:03:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7BRhfn74Nn40QKK2TsFJdIahYhvn14EkjknSFfBXsWI=; b=PYCHjpU3YN1RZUorbjAfw7AK1uh8AIRO7C7f+g/kDOBxJMSYLjhJQd+jcquLGSx1z4wqNa1/xJ6NVWK3uGTLu2qoglMZ3R0SWB33my0SkVTgaa3T0Z7kIj4HQ9qYjEiPstsvFneYu0nQi+/vWgmNG3CJxQ+Yjwziz5+vcl8UDks=
Received: from MW2PR00MB0300.namprd00.prod.outlook.com (52.132.148.31) by MW2PR00MB0443.namprd00.prod.outlook.com (52.132.149.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.894.0; Tue, 12 Jun 2018 00:03:11 +0000
Received: from MW2PR00MB0300.namprd00.prod.outlook.com ([fe80::b515:6f11:ca53:c9a]) by MW2PR00MB0300.namprd00.prod.outlook.com ([fe80::b515:6f11:ca53:c9a%6]) with mapi id 15.20.0897.000; Tue, 12 Jun 2018 00:03:11 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: CFRG feedback on signing with secp256k1 curve
Thread-Index: AdQB3vwgpxKUsU9XRnCoysNCHCWZFA==
Date: Tue, 12 Jun 2018 00:03:10 +0000
Message-ID: <MW2PR00MB0300CA51291C5238E7272C52F57F0@MW2PR00MB0300.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [50.47.80.188]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MW2PR00MB0443; 7:76g5utOyAzGr1GjvqCD+pkABdNkS48PjKM8+/jBOuVs0Z+Lv0B2BJ1rn2PI2fXA7VaAZalrbKSpYqZBkDQ2Lqr7UWpBVcf2agTOibhleLHQevIvzieHShmYB+Ki1zmlyCgV6llpTjD4NOIlcuIU67h56OGObLWYgfy+OEWuygecetDXTPS9bBZokgk1nJnCxr1bjNAL8YfbA5XZUJc5LjnWDx0+aqmSfXKYD8b5JhiN9AKaYlEoUQap7QWfS3nwK
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020); SRVR:MW2PR00MB0443;
x-ms-traffictypediagnostic: MW2PR00MB0443:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-prvs: <MW2PR00MB04433087CD680C22FC0A11DFF57F0@MW2PR00MB0443.namprd00.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(192374486261705)(788757137089)(21748063052155)(5213294742642);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(2017102700009)(2017102701064)(6040522)(2401047)(5005006)(8121501046)(2017102702064)(20171027021009)(20171027022009)(20171027023009)(20171027024009)(20171027025009)(20171027026009)(2017102703076)(3231254)(2018427008)(944501410)(52105095)(3002001)(93006095)(93001095)(10201501046)(6055026)(149027)(150027)(6041310)(20161123562045)(20161123558120)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011)(7699016); SRVR:MW2PR00MB0443; BCL:0; PCL:0; RULEID:; SRVR:MW2PR00MB0443;
x-forefront-prvs: 07013D7479
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(39380400002)(376002)(366004)(39860400002)(346002)(199004)(189003)(966005)(54906003)(97736004)(8990500004)(5630700001)(25786009)(10290500003)(33656002)(68736007)(478600001)(236005)(6506007)(606006)(316002)(2351001)(102836004)(413944005)(53936002)(1730700003)(81156014)(81166006)(186003)(8676002)(106356001)(8936002)(105586002)(14454004)(4326008)(72206003)(6116002)(790700001)(86362001)(26005)(7696005)(3660700001)(3846002)(5250100002)(2906002)(2501003)(74316002)(476003)(66066001)(10090500001)(54896002)(86612001)(99286004)(486006)(6436002)(6916009)(7736002)(59450400001)(3280700002)(6306002)(5660300001)(9686003)(2900100001)(22452003)(55016002)(5640700003); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR00MB0443; H:MW2PR00MB0300.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: lrC/y+NmiB1viJl4MfQMVyMDbfgJ031MSo/hfP8obBE6ZJ8C7h837Fc9ih+npieHIswABtgG4yjuw7cKVOOD/0+IFC2L1z0SGbwGDnGpHMYZmUzbdda0woi8Y8kP/Em7H9gdogJhBQSKn2LQxkQ79mpaemtQasHO6mNAmNx8APjGs/G3ANubfy7F3WGJvfMs
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_MW2PR00MB0300CA51291C5238E7272C52F57F0MW2PR00MB0300namp_"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: bbe602c5-9437-4ba9-0552-08d5cff7e2ce
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bbe602c5-9437-4ba9-0552-08d5cff7e2ce
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jun 2018 00:03:10.8485 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR00MB0443
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/D7fg0r1l5DewqtP-16Hbombs1hs>
Subject: [Cfrg] CFRG feedback on signing with secp256k1 curve
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jun 2018 00:03:18 -0000
Dear CFRG, You'll recall that the "secp256k1" elliptic curve is described by Dan Brown and Certicom in "SEC 2: Recommended Elliptic Curve Domain Parameters" http://www.secg.org/sec2-v2.pdf (the same document that described the secp256r1 curve - a.k.a., P-256). I recently wrote https://tools.ietf.org/html/draft-jones-webauthn-secp256k1-00 with a very specific and narrow purpose: to register JOSE and COSE curve identifiers for the SECG secp256k1 elliptic curve and associated algorithm identifiers for signing. This curve is already being used by FIDO UAF, the W3C Verifiable Claims interest group, and several blockchain projects. I want to get standard identifiers registered so these projects can use standards-based, rather than ad-hoc, cryptographic representations. A path forward for this document is being discussed at secdispatch@ietf.org<mailto:secdispatch@ietf.org>. As part of the SECDISPATCH evaluation, Ekr had suggested that I ask the CFRG for references to security analyses of secp256k1. No matter what you or I may think of Blockchain, because Blockchain is using secp256k1 and is under tremendous scrutiny, it's my assumption that if major security flaws were known, people would be widely talking about them. But I'd like to replace my assumption with an actual security analysis or two and thoughts from the CFRG, if possible. Thanks, -- Mike
- Re: [Cfrg] CFRG feedback on signing with secp256k… Dan Brown
- Re: [Cfrg] CFRG feedback on signing with secp256k… Dan Brown
- Re: [Cfrg] CFRG feedback on signing with secp256k… Dan Brown
- Re: [Cfrg] CFRG feedback on signing with secp256k… Peter Gutmann
- Re: [Cfrg] CFRG feedback on signing with secp256k… denis bider
- [Cfrg] CFRG feedback on signing with secp256k1 cu… Mike Jones
- Re: [Cfrg] CFRG feedback on signing with secp256k… Richard Barnes