Re: [Cfrg] When's the decision?
Phillip Hallam-Baker <phill@hallambaker.com> Thu, 09 October 2014 05:20 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEFC51A90CE for <cfrg@ietfa.amsl.com>; Wed, 8 Oct 2014 22:20:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VROvIpgaKma2 for <cfrg@ietfa.amsl.com>; Wed, 8 Oct 2014 22:20:42 -0700 (PDT)
Received: from mail-la0-x233.google.com (mail-la0-x233.google.com [IPv6:2a00:1450:4010:c03::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACE7B1A90C8 for <cfrg@irtf.org>; Wed, 8 Oct 2014 22:20:40 -0700 (PDT)
Received: by mail-la0-f51.google.com with SMTP id ge10so436855lab.24 for <cfrg@irtf.org>; Wed, 08 Oct 2014 22:20:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=9hI03x24ZOmwyAxFg/b/GaeS/3Kb50NYb6GqozSjlP4=; b=XNQyFnvOIK+HERqkDrhNIpktw/FnekTwsdDooA2ebvhQQGn0giUPOxKVzpvY81k4nI CQ7D5hjPCofvu0k3SljmtpmySnhg6HCHKdd9aBm/yt487kUgHpUDXzUiGoK569mUuhHj 27ltQgJ9Em4H7qAGw5h5jISn5BnKLfpVhXQjlTwqLOV74iJLFhTfJbnoLhuP9WfHBfo8 jR0tu1+8K5YWwiP4937OR/KHk+P8BJ1UWxR7Cz2J3wlqao7C4sA4lgN7lk0fmC3Gq7aR 2g45oyyqu3JeCDEjd2dFe6OAE4jkE7eMNSCGMKIHkUShzX85a4M1tnX0FfsDfj9TzaSe p/Sw==
MIME-Version: 1.0
X-Received: by 10.152.205.38 with SMTP id ld6mr401027lac.97.1412832038993; Wed, 08 Oct 2014 22:20:38 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.66.196 with HTTP; Wed, 8 Oct 2014 22:20:38 -0700 (PDT)
In-Reply-To: <54360428.6090801@shiftleft.org>
References: <CACsn0cnHDc6_jWf1mXc5kQgj5XEc6dBBZa7K8D2=4uLti5e3aA@mail.gmail.com> <20141008173154.15169.qmail@cr.yp.to> <2FBC676C3BBFBB4AA82945763B361DE608F1D021@MX17A.corp.emc.com> <CACsn0c=6_qBhXsTicPjoQjncf5DoHp+yQZgabS7fGVCjYUc+Yw@mail.gmail.com> <2FBC676C3BBFBB4AA82945763B361DE608F1D036@MX17A.corp.emc.com> <54360428.6090801@shiftleft.org>
Date: Thu, 09 Oct 2014 01:20:38 -0400
X-Google-Sender-Auth: 2PZG7GctvXwB0bdoWEAYqcT0xnY
Message-ID: <CAMm+LwhG9gHYBSm+R9niVz_sk8-9Fm0HeXftZEYDeKy_W6S5yQ@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Mike Hamburg <mike@shiftleft.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/01qG7E6eIUS2Be3b7HKACjpzaec
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] When's the decision?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Oct 2014 05:20:43 -0000
On Wed, Oct 8, 2014 at 11:42 PM, Mike Hamburg <mike@shiftleft.org> wrote: > > This is basically the point of Ed448-Goldilocks. It's received a mixed > response in this forum, since some people would prefer the most constrained > curve, for some definition of "constrained" which doesn't consider > performance. I am happy to consider performance but only if the differences are large and consistent. This is not a competition where more is better. I don't want more than exactly one high strength curve and exactly one exceptionally high curve. I don't want to see any options or parameters either. Either we are all doing the twist again or nobody is. Either we are all doing compression or not. And if there isn't a clear basis for a decision we can throw darts. Some performance issues are show stoppers. Anything that is not less than a clean multiple of a power of 2 is going to cause severe performance hits on future architectures. 512 bit memory buses are common in graphics cards, 521 bit buses are not. If ED448 is twice as fast as the exactly 512 bit curve then there is a decisive performance advantage. Anything less than 20% is noise. The point is elimination, to vote people off the island so we can have a winner, not to get more people in.
- [Cfrg] When's the decision? Watson Ladd
- Re: [Cfrg] When's the decision? Yoav Nir
- Re: [Cfrg] When's the decision? Stephen Farrell
- Re: [Cfrg] When's the decision? Watson Ladd
- Re: [Cfrg] When's the decision? David Jacobson
- Re: [Cfrg] When's the decision? Watson Ladd
- Re: [Cfrg] When's the decision? Michael Hamburg
- Re: [Cfrg] When's the decision? David Jacobson
- Re: [Cfrg] When's the decision? D. J. Bernstein
- [Cfrg] Publicly verifiable benchmarks D. J. Bernstein
- Re: [Cfrg] When's the decision? Parkinson, Sean
- Re: [Cfrg] When's the decision? Watson Ladd
- Re: [Cfrg] When's the decision? Parkinson, Sean
- Re: [Cfrg] When's the decision? Mike Hamburg
- Re: [Cfrg] When's the decision? Parkinson, Sean
- Re: [Cfrg] When's the decision? Phillip Hallam-Baker
- Re: [Cfrg] When's the decision? Mike Hamburg
- Re: [Cfrg] When's the decision? Parkinson, Sean
- Re: [Cfrg] Publicly verifiable benchmarks David Jacobson
- Re: [Cfrg] Publicly verifiable benchmarks Michael Hamburg
- Re: [Cfrg] Publicly verifiable benchmarks Andrey Jivsov
- Re: [Cfrg] Publicly verifiable benchmarks Watson Ladd
- Re: [Cfrg] Publicly verifiable benchmarks Parkinson, Sean
- Re: [Cfrg] Publicly verifiable benchmarks D. J. Bernstein
- Re: [Cfrg] Publicly verifiable benchmarks Michael Hamburg
- [Cfrg] Constant-time implementations D. J. Bernstein
- Re: [Cfrg] Constant-time implementations David Jacobson
- Re: [Cfrg] Constant-time implementations Adam Langley
- Re: [Cfrg] Constant-time implementations Yoav Nir
- Re: [Cfrg] Constant-time implementations Watson Ladd
- Re: [Cfrg] Constant-time implementations Mike Hamburg
- Re: [Cfrg] When's the decision? Paterson, Kenny
- Re: [Cfrg] When's the decision? Parkinson, Sean
- Re: [Cfrg] When's the decision? Ilari Liusvaara
- Re: [Cfrg] When's the decision? Yoav Nir
- [Cfrg] ed448goldilocks vs. numsp384t1 and numsp51… D. J. Bernstein
- Re: [Cfrg] ed448goldilocks vs. numsp384t1 and num… Ilari Liusvaara
- Re: [Cfrg] ed448goldilocks vs. numsp384t1 and num… Michael Hamburg
- Re: [Cfrg] ed448goldilocks vs. numsp384t1 and num… Ilari Liusvaara
- Re: [Cfrg] ed448goldilocks vs. numsp384t1 and num… Michael Hamburg