[Cfrg] Change of point formats

Watson Ladd <watsonbladd@gmail.com> Thu, 23 January 2014 06:56 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 695F01A0279 for <cfrg@ietfa.amsl.com>; Wed, 22 Jan 2014 22:56:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id XTDaT0sogPuY for <cfrg@ietfa.amsl.com>; Wed, 22 Jan 2014 22:56:21 -0800 (PST)
Received: from mail-wi0-x233.google.com (mail-wi0-x233.google.com [IPv6:2a00:1450:400c:c05::233]) by ietfa.amsl.com (Postfix) with ESMTP id 6FC8A1A0266 for <cfrg@irtf.org>; Wed, 22 Jan 2014 22:56:21 -0800 (PST)
Received: by mail-wi0-f179.google.com with SMTP id hr1so1426476wib.0 for <cfrg@irtf.org>; Wed, 22 Jan 2014 22:56:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=6PitWngtkiXH0fRjPSp3UsKdkTQHl4oJqvmeBoXqJBI=; b=yCmX+PUnvvlZBBy1twRnUmkbd47w83YuihA8b/kH6/yFE6UCxkGia9Vsp/Tlf936CP XQBXbkhwNLsCGANiHF0qAW1t5ojtlN0Bt8s+LbV4dC34k4u1Hrtzz7pfkEFeNNfm4lKy FU00nOkcB21Iri5wqr9SSTBkqkHwbOhAXwOgpUbhATDBxPOhxDBVfe11GG8Ua/5m/xCC mC4VJHC+hYhfJZFkT9Fb9kaZRCs+U8ueEyT/5TR9Kyr9Qzd1MxJzOO5fkQzHW4cuhyXE p3ELWi4HYBJjTOjbvhFajCJ17hZmcECD1lqKh2Y3VTNpqUjIuncZwCoDzmfkfS9Z7okt DTTw==
MIME-Version: 1.0
X-Received: by with SMTP id kv8mr5160561wjb.41.1390460180222; Wed, 22 Jan 2014 22:56:20 -0800 (PST)
Received: by with HTTP; Wed, 22 Jan 2014 22:56:20 -0800 (PST)
Date: Wed, 22 Jan 2014 22:56:20 -0800
Message-ID: <CACsn0cme1zn9ntHOOseF+be+LyvbwCRFu6Cbv2XmVmtN-k4cZQ@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: text/plain; charset=UTF-8
Subject: [Cfrg] Change of point formats
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2014 06:56:23 -0000

Dear all,
After thinking about it for a while, I discovered an argument that
changed my opinion about point formats. Robert Ransom's suggestion to
use a sign for an Edwards x and send the body of a Montgomery x is
much better then it looks like at first.

The argument is as follows: right now the proposed format forces a
protocol to decide whether a point will be used in addition or not.
For most applications this is perfectly fine, and the efficiency
considerations mitigate against Robert Ransom's proposal.

But there is one application for which this is not ideal: Tor. The Tor
developers would love to smuggle in a point that can be added in the
place where one that cannot lives. Add to it the possibility of using
one implementation for everything, and I see a lot of value in this

Supporting this proposal involves some dramatic changes to the draft.
For one thing Montgomery form with reciprocals of small integers will
have to be introduced. Several curves (and I don't know which yet)
will have to vanish because they are not amenable to this trick.

I'm also considering adding the Elligator map, given its usefulness
when uniform representations are required.

Anyway, several more days, possibly even a few weekends before the
next version comes out.

Watson Ladd