Re: [Cfrg] Adoption request: draft-hdevalence-cfrg-ristretto

"Filippo Valsorda" <filippo@ml.filippo.io> Thu, 25 July 2019 02:16 UTC

Return-Path: <filippo@ml.filippo.io>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BD2D120059 for <cfrg@ietfa.amsl.com>; Wed, 24 Jul 2019 19:16:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=filippo.io header.b=rJc3ws/1; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=l4Utt5Jd
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mgS_mwjqnWsM for <cfrg@ietfa.amsl.com>; Wed, 24 Jul 2019 19:16:35 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7A1312017E for <cfrg@irtf.org>; Wed, 24 Jul 2019 19:16:33 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id E42DA21B2C; Wed, 24 Jul 2019 22:16:32 -0400 (EDT)
Received: from imap1 ([10.202.2.51]) by compute3.internal (MEProxy); Wed, 24 Jul 2019 22:16:32 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=filippo.io; h= mime-version:message-id:in-reply-to:references:date:from:to:cc :subject:content-type; s=fm1; bh=hdEgNgmRKkFCP4n7wa4Lm1EM9j0yJ6T VTq+LzOZny1c=; b=rJc3ws/1UMUnQC5BisFSOsjnFXEnJ/vFisfefU64xmlceqi Q8dmmPLnIU9s1iqjpN/XsOT/D3WIpnppzY/vZmn1WgxzLYBds4Nr2SJDpMffsX3o MKSG2PQ3Oc/OGnc47x5f/BDw5nVg2pSacJfBDTAKocd9iUevb1MViCNZ1Xl5BNZ/ irXnQHXJ9AROwV5M+Z8QmWUTaeeDHCIFTAtRIu09AEm6/WIxb4SL2qXafkxVzqMF o74938Bt4pKQvNV/bygwceg1xQ5xfau5MCtvjeDAHtDfkdxLuXFMK432lhgub7ga RoO+C3lUBBWLsY0AhCnLYPcaZFI6cd3TvxbJEYw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=hdEgNg mRKkFCP4n7wa4Lm1EM9j0yJ6TVTq+LzOZny1c=; b=l4Utt5JdSqRJtX0xMPeU6f sLbkxLfDFjSLCgC3tZs0z0Itard3KgLsPoTRoiHFQPXRKFc9GjN7kyetMyBxfTcB JDc+4lO5Mf4NHNRmp8+dIdig/oZ4WCHGx13Kgqn+eo2Jw85Eekbm6fwKXNftkSzS FXsxDqdWM5UPhSoodY3XkLRPNv7T+hjKZ+Irv1eHWQGAloRs7UHsm/k0+KqgRYBL b73oF4pGvjQ4OdMZfFdHYE72ZvfVsGy6pQiH1+dgtSprzdSaSVDdl5nr1qHWHC2B aqU6cICn+wgW8Y7ntTVNorpP9pUTv/6onq6xe0C7thaEhZ8jbiu1n5Vl1QAqO1JA ==
X-ME-Sender: <xms:ABE5XTkiEMC3M96TTUQkfZoDORingZ_vXX0MXI31mbJ4mLfpusbHjg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddrkedugdehfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdfhihhlihhpphhoucggrghlshhorhgurgdfuceofhhilhhi phhpohesmhhlrdhfihhlihhpphhordhioheqnecurfgrrhgrmhepmhgrihhlfhhrohhmpe hfihhlihhpphhosehmlhdrfhhilhhiphhpohdrihhonecuvehluhhsthgvrhfuihiivgep td
X-ME-Proxy: <xmx:ABE5XRihz2Je7urARc4SUbULXiFiwlVdqBq_G7yPD2XbIFrKK5TteA> <xmx:ABE5XQTaAvxMPh8QWNGgyfvo8oIt6qQ7hRzJ5rD7veQqugYPwSji4g> <xmx:ABE5XWgH7-1abtLpEoP5DRPAxFWuc0Lv1rgtWp18MqOoVXORA124dw> <xmx:ABE5XWzxJISwW_9Q1yvgGKsNLwrNvRH0R1sk1L63s4vuTzUjG5R3xg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 3B031C200A4; Wed, 24 Jul 2019 22:16:32 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-736-gdfb8e44-fmstable-20190718v2
Mime-Version: 1.0
Message-Id: <3dde344b-40d2-4ea8-84c9-7ddec039afe3@www.fastmail.com>
In-Reply-To: <20190725015259.betglszxmwpgg7q7@positron.jfet.org>
References: <a505c99b-32a9-447a-9c69-a8efe3ed1b70@www.fastmail.com> <0370cd6b-adf3-4be2-9ab4-79693b9dc096@www.fastmail.com> <B7F73174-29F0-4B83-8AC0-A7D42D372D4A@inf.ethz.ch> <075d43b1-e123-42a9-ccd9-64fe45306f8b@web3.foundation> <20190724212030.ddcswlg5uxm3muzo@positron.jfet.org> <CAPC=aNVCV2cn62rhQsu+RsJsdjt2Dqqw_rqooLsuc8J5v9s3kQ@mail.gmail.com> <20190725004633.l5k7toldcgy7uthb@positron.jfet.org> <a391f8d5-c4c4-4650-9392-860864543198@www.fastmail.com> <20190725015259.betglszxmwpgg7q7@positron.jfet.org>
Date: Thu, 25 Jul 2019 04:16:31 +0200
From: "Filippo Valsorda" <filippo@ml.filippo.io>
To: "Riad S. Wahby" <rsw@jfet.org>
Cc: cfrg@irtf.org, draft-hdevalence-cfrg-ristretto@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/09Fla7Ubw2lPZY14elOxFZJ-77g>
Subject: Re: [Cfrg] Adoption request: draft-hdevalence-cfrg-ristretto
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jul 2019 02:16:36 -0000

2019-07-25 03:53 GMT+02:00 Riad S. Wahby <rsw@jfet.org>rg>:
> > We believe sections 3.2 and 3.3 provide all operations necessary to
> > implement the "prime order group" interface (and if not, we should
> > specify the missing ones).
> 
> Here is the problem: Sections 3.2 and 3.3 *do not* provide those
> operations. For example, the document does not indicate how to perform
> point addition, because nowhere in the document is it made clear that
> the output of DECODE as defined in Section 3 is an edwards25519 point.

Oh, I understand now, thanks for patiently following up.

I think we put all that weight on this opening sentence (considering
s/Curve25519/edwards25519/ per previous discussion).

>    This documents describes how to implement the ristretto255 group
>    using Curve25519 points as an internal representation.

I fully agree that Section 3.3 should be expanded to clarify that the
operations are indeed edwards25519 addition, subtraction and scalar
multiplication (when using edwards25519 as internal representatives).