Re: [Cfrg] Chopping out curves

Mike Hamburg <mike@shiftleft.org> Fri, 17 January 2014 22:06 UTC

Return-Path: <mike@shiftleft.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97FC61ACCF8 for <cfrg@ietfa.amsl.com>; Fri, 17 Jan 2014 14:06:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.556
X-Spam-Level: *
X-Spam-Status: No, score=1.556 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.982, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZkmNVEh7fBV7 for <cfrg@ietfa.amsl.com>; Fri, 17 Jan 2014 14:06:00 -0800 (PST)
Received: from aspartame.shiftleft.org (199-116-74-157-v301.PUBLIC.monkeybrains.net [199.116.74.157]) by ietfa.amsl.com (Postfix) with ESMTP id DFB591AD627 for <cfrg@irtf.org>; Fri, 17 Jan 2014 14:05:59 -0800 (PST)
Received: from [192.168.1.106] (unknown [192.168.1.1]) by aspartame.shiftleft.org (Postfix) with ESMTPSA id B43893AA03; Fri, 17 Jan 2014 14:03:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=shiftleft.org; s=sldo; t=1389996228; bh=Bw1xksbNINWqLGy1Qvg5C+BxtNgf9yctbKLmkQtOAF0=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=FchC6eLz9f8GSqeatsOjMGWJqF+hvobj8R+VVJIO5DvUxY3m4G66MYVwsqCEMkxXe z1L8P6iTvYL2UR5FkKSbJFDl09NZLwLh/QXulzE3EGH9xN5ruyYF2fi34X4cgUhTv3 Y/J7LdKtEXCBWf6DowyGeCuPGm1+BcSUjUELqwrI=
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Mike Hamburg <mike@shiftleft.org>
In-Reply-To: <CACsn0cmM2Dd=MKZAtyoAj2_-aJrdYqnvxwohyy4KnwFQiW5xKw@mail.gmail.com>
Date: Fri, 17 Jan 2014 14:05:39 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <0478BDB9-C924-4B96-8CC9-782FADD9363C@shiftleft.org>
References: <CACsn0cmJX2begH0q8vOUZhP2t3CFo_2Ad71Neke4EKejoYCPRg@mail.gmail.com> <CAGZ8ZG1qF4ba3ogjHQnMwgXV+0Fj7eR44QdvuSw3GYBvNVFZBA@mail.gmail.com> <c406386b6fc67d11332141423f2f0f40.squirrel@www.trepanning.net> <CACsn0c=Eh1J81JHq=u8WsTtVK4HAJDghyisTZnM6U61jdr2KUQ@mail.gmail.com> <20140117011414.GA3413@netbook.cypherspace.org> <20140117023629.GA4435@netbook.cypherspace.org> <52D8DEC1.9060805@akr.io> <20140117124159.GA9258@netbook.cypherspace.org> <3374f0a3-9998-44e9-a052-61a4a94fe00c@email.android.com> <CABqy+soq1uvuiMRyF2FVXZoQ1gpdiO92Gj9A+Ri5FQa=5yp3-w@mail.gmail.com> <52D97D44.6040401@akr.io> <CACsn0c=_k4yS7tQFjOtrGVSfUP3BDqpd6d0F9vJLU8uRA5Mm+A@mail.gmail.com> <52D981D1.7090400@elzevir.fr> <CACsn0cmM2Dd=MKZAtyoAj2_-aJrdYqnvxwohyy4KnwFQiW5xKw@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
X-Mailer: Apple Mail (2.1827)
Cc: =?windows-1252?Q?Manuel_P=E9gouri=E9-Gonnard?= <mpg@elzevir.fr>, "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Chopping out curves
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jan 2014 22:06:01 -0000

By the way, folks, are any of these curves actually implemented (in C/C++, not python) besides the 25519 ones?

On Jan 17, 2014, at 11:23 AM, Watson Ladd <watsonbladd@gmail.com> wrote:

> On Fri, Jan 17, 2014 at 11:17 AM, Manuel Pégourié-Gonnard
> <mpg@elzevir.fr> wrote:
>> On 17/01/2014 20:01, Watson Ladd wrote:
>>> Okay. I'll follow the Ed25519 paper and call it te25519 and add the
>>> paper as a reference.
>>> Are rationals fine, or do people want me to write big numbers?
>> 
>> I'm sorry, but I'd prefer big numbers (or best, both). Of course it's more work
>> for you, but it's less for the readers. And since the document will hopefully be
>> read more often than it is written... :)
> 
> Blegh. This is going to be one ugly looking equation. 4/5 and
> -121665/121666 I can memorize.
> Can't do the same with giant numbers. Okay, time to fire up PARI and
> make the changes.
> 
>> 
>> Unrelated, but Alyssa wrote:
>>>> • But if we call it 'Ed25519', people might confuse it with the whole
>>>>  Ed25519 signature scheme.
>>>> 
>> With all the respect I have for the great work done by Bernstein on this, I find
>> it unfortunate that the same name is used for a curve, a particular protocol
>> using this curve (and often even "the" implementation), causing some confusion.
> 
> I'm not sure this is correct. Bernstein's implementation today is the
> donna implementation,
> and tweetnacl has tweetnacl implementation of cuve25519. It's no worse
> than BLAS, where
> ATLAS, gotoBLAS, netlib BLAS, and Intel all provide implementations of BLAS.
> 
>> I'll be really glad if the I{R,E}TF encourages more distinct names for curves
>> and protocols (and of course, many distinct interoperable implementations as usual).
> 
> ECDH on curve XXXX seems to be what people do when disambiguation is required.
>> 
>> Manuel.
>> _______________________________________________
>> Cfrg mailing list
>> Cfrg@irtf.org
>> http://www.irtf.org/mailman/listinfo/cfrg
> 
> 
> 
> -- 
> "Those who would give up Essential Liberty to purchase a little
> Temporary Safety deserve neither  Liberty nor Safety."
> -- Benjamin Franklin
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg