Re: [Cfrg] On relative performance of Edwards v.s. Montgomery Curve25519, variable base
Andrey Jivsov <crypto@brainhub.org> Tue, 06 January 2015 06:18 UTC
Return-Path: <crypto@brainhub.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DC621A90F9 for <cfrg@ietfa.amsl.com>; Mon, 5 Jan 2015 22:18:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nw8KasI1AdHu for <cfrg@ietfa.amsl.com>; Mon, 5 Jan 2015 22:18:08 -0800 (PST)
Received: from resqmta-ch2-09v.sys.comcast.net (resqmta-ch2-09v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:41]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 711A01A90F8 for <cfrg@irtf.org>; Mon, 5 Jan 2015 22:18:08 -0800 (PST)
Received: from resomta-ch2-13v.sys.comcast.net ([69.252.207.109]) by resqmta-ch2-09v.sys.comcast.net with comcast id cWHu1p0012N9P4d01WJ7MC; Tue, 06 Jan 2015 06:18:07 +0000
Received: from [192.168.1.2] ([71.202.164.227]) by resomta-ch2-13v.sys.comcast.net with comcast id cWJ61p00E4uhcbK01WJ63G; Tue, 06 Jan 2015 06:18:07 +0000
Message-ID: <54AB7E1E.50706@brainhub.org>
Date: Mon, 05 Jan 2015 22:18:06 -0800
From: Andrey Jivsov <crypto@brainhub.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: Watson Ladd <watsonbladd@gmail.com>
References: <54AA4AB9.70505@brainhub.org> <54AA5AD3.9020009@shiftleft.org> <54AAEEFC.9060309@brainhub.org> <CACsn0c=nFHgwmx7aENVAp=xBm8QkqV0CLDSvFnydXSXcRVpG6A@mail.gmail.com>
In-Reply-To: <CACsn0c=nFHgwmx7aENVAp=xBm8QkqV0CLDSvFnydXSXcRVpG6A@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1420525087; bh=HiblT3Bqsfz6w3vnCVJGdIN619OLfosOziDog7z+U4g=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=SQIhhTZ5vOH25PnYZASaeus2Iz37XlLdAPPjxGz/goY25ShsMAr1jRQMoR4YaxxW+ rUCvF7Au+iBT7/CR+bXV6OmZdv0kAVbXyfyHiAX+bxgaJ7h8w+58xUqG1Gk9HIKL0J NXwhPmjutSzQDKPaKzU68LVgIrOllJ/vvshl9Ed61erY4G3Z+DMOM18FIQ06En1Y0y Fsyhb67K5IYM6l38cRLP+qhGOz3z8Nf25iBsKhXyrNeQ+MjbSajpk0T9nfLgQhegvs TvAkCfGWqX8+XQCV8bMlH/WzCI7gAO2YbAjk7/qoOMb61YkNgMaj+MXTbMnWfjnAL8 nBkxCF4VndGiQ==
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/17QYkqrL1KxjXllEDq0pMEojC7Q
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] On relative performance of Edwards v.s. Montgomery Curve25519, variable base
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jan 2015 06:18:11 -0000
On 01/05/2015 08:28 PM, Watson Ladd wrote: > Despite claims earlier in your email that certification stops the > problem, invalid point attacks are a real threat. I didn't mean to say it this way. Implementations have plenty of chances to do this wrong. One should not overestimate what this group can do, for example, about preventing an application from hardcoding an "ephemeral" ECDH key pair into the source code. The point validation is a part of the group of tests that can be legitimately not claimed on the FIPS 140-2 validation. This is in ECDSAVS, sec 6.3 http://csrc.nist.gov/groups/STM/cavp/documents/dss2/ecdsa2vs.pdf Interesting about validation patents. I try not to read them. Checking that (x,y) satisfies some f(x,y)=0 seems to have prior art.
- [Cfrg] On relative performance of Edwards v.s. Mo… Andrey Jivsov
- Re: [Cfrg] On relative performance of Edwards v.s… Mike Hamburg
- Re: [Cfrg] On relative performance of Edwards v.s… Andrey Jivsov
- Re: [Cfrg] On relative performance of Edwards v.s… Michael Hamburg
- Re: [Cfrg] On relative performance of Edwards v.s… Andrey Jivsov
- Re: [Cfrg] On relative performance of Edwards v.s… Michael Hamburg
- Re: [Cfrg] On relative performance of Edwards v.s… Michael Hamburg
- Re: [Cfrg] On relative performance of Edwards v.s… Watson Ladd
- Re: [Cfrg] On relative performance of Edwards v.s… Andrey Jivsov
- Re: [Cfrg] On relative performance of Edwards v.s… Andrey Jivsov
- Re: [Cfrg] On relative performance of Edwards v.s… Mike Hamburg
- Re: [Cfrg] On relative performance of Edwards v.s… Andrey Jivsov
- Re: [Cfrg] On relative performance of Edwards v.s… Peter Dettman
- Re: [Cfrg] On relative performance of Edwards v.s… Michael Hamburg
- Re: [Cfrg] On relative performance of Edwards v.s… Andrey Jivsov
- Re: [Cfrg] On relative performance of Edwards v.s… Michael Hamburg
- Re: [Cfrg] On relative performance of Edwards v.s… Watson Ladd
- Re: [Cfrg] On relative performance of Edwards v.s… Michael Hamburg
- Re: [Cfrg] On relative performance of Edwards v.s… Watson Ladd
- Re: [Cfrg] On relative performance of Edwards v.s… Kurt Roeckx
- Re: [Cfrg] On relative performance of Edwards v.s… Andrey Jivsov
- Re: [Cfrg] On relative performance of Edwards v.s… Watson Ladd
- Re: [Cfrg] On relative performance of Edwards v.s… Andrey Jivsov
- Re: [Cfrg] On relative performance of Edwards v.s… Watson Ladd
- Re: [Cfrg] On relative performance of Edwards v.s… Andrey Jivsov
- Re: [Cfrg] On relative performance of Edwards v.s… Watson Ladd
- Re: [Cfrg] On relative performance of Edwards v.s… Andrey Jivsov