IETF Logo Mail Archive

Re: [Cfrg] Elliptic Curves - poll on specific curve around 256bit work factor (ends on February 23rd)

Alyssa Rowan <akr@akr.io> Fri, 20 February 2015 20:15 UTC

Return-Path: <akr@akr.io>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44F341A0053 for <cfrg@ietfa.amsl.com>; Fri, 20 Feb 2015 12:15:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.003
X-Spam-Level:
X-Spam-Status: No, score=-0.003 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NNg2y0EExzkt for <cfrg@ietfa.amsl.com>; Fri, 20 Feb 2015 12:15:21 -0800 (PST)
Received: from entima.net (entima.net [78.129.143.175]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0694A1A0006 for <cfrg@irtf.org>; Fri, 20 Feb 2015 12:15:21 -0800 (PST)
Message-ID: <54E795DA.3080502@akr.io>
Date: Fri, 20 Feb 2015 20:15:22 +0000
From: Alyssa Rowan <akr@akr.io>
MIME-Version: 1.0
To: "cfrg@irtf.org" <cfrg@irtf.org>
References: <54E46EA4.9010002@isode.com> <CAHOTMVKCD+DK6QbSuy8R63FVnu_WBNmwMvByqicx=sK6_k63HQ@mail.gmail.com> <D10CAF3B.3F266%kenny.paterson@rhul.ac.uk> <CAMm+Lwhj9H_NK22QbTB7=EFd7GBg0WprwRMN8RxH3+7r_buf7g@mail.gmail.com>
In-Reply-To: <CAMm+Lwhj9H_NK22QbTB7=EFd7GBg0WprwRMN8RxH3+7r_buf7g@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/2wu-qgmwTegTt-B_GdPGL9PG9kU>
Subject: Re: [Cfrg] Elliptic Curves - poll on specific curve around 256bit work factor (ends on February 23rd)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Feb 2015 20:15:23 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

> [TA] Have you considered doing a poll of what specific curves
> people actually want to use?

> [PHB] […] your poll […] rather undercuts the whole process.

Strongly agreed.

> [KP] Yes, we considered a number of different ways of narrowing
> down our choices. However, we settled on doing it this way. Please
> stick with us.

With the greatest respect, if upstream and external parties were
willing to tolerate undocumented decisions by editor/chair fiat,
they'd stick with the NIST curves, wouldn't they?

We were asked because publicly-documented technical consensus, not
guided by any one party, is very highly desirable.

We need that if our efforts are to be meaningful.

> [PHB] The way I would do this is as a Quaker poll asking people
> what their preferred outcome is and what they can live with on 448,
> 480, 512 and 521.

I agree - that process will probably work much better than these
forced-choice yes/no polls!

So: my preference votes on prime consensus for the record:

Just 2^255-19: Acceptable [no concerns; but CAs want extra-strength]
     2^379-19: No         [one 1 mod 4 is probably enough]
    2^384-317: No         [slow and awkward]
     2^389-21: Acceptable [seems fast, but not very well-explored]
     2^414-17: Acceptable [fast, but a slightly awkward size]
2^448-2^224-1: Preferred  [fast, strong, good size, plenty of margin]
2^480-2^240-1: Acceptable [fast, but only with 64-bit]
    2^512-569: No         [way too slow; awkward; would not implement]
      2^521-1: Acceptable [could live with it; slower than I'd like]

- -- 
/akr
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJU55XaAAoJEOyEjtkWi2t6jH4P/1F6iBWEt8i7Y1aLXKQo8Efm
FncsTL1Byh51vi0WHHjnrJ+9d8z/oNecFeklfjPVvu5+rdezpCR+m2MN/SwW8d25
WmYjse75bBN9ilz7YohD7T632fUi4wcG1ffRnyNGw40ngiZIJopPAJMA0SZ4N5Wl
OPaIUNssN/y+XoEcezFzAioIoUkO+C24r3589dc5Bozd7hZQfz4INmyajFHGhgBy
ctpzMAoOqD+lgY6dbpeWrprV8Nnr3ZMm5Hnq9lb5rFgSSDUU8KsU5yIMX9yTwK/p
JFPewlUyJK4nb6zdj3Wc42pPgJuezXfdfrif6I6YRwFxet0lRMN1QVFKANubdOtC
hIKjQjBdMWYKcQkpFQJhoAiHSbMKSFafO+3KeMimyn3aKYotIUyuRZ9bf89cMuzl
HjABTiPmZNU4hyXxOn/9eNd5vd5T+UIKRY+RfVxSPwo6S/dDphwJ7W/3dhiwCMWI
AC6Ix5PFCia/y/TFP9R+edsHpmjzUwL+5MgJ+/oSUCgwFDuW8mpuncAtfPLujVQA
dsDkzhcJZvlna1AiIh8bNiAj9TFnyiiWr3K33tNPmTaocuN6y7yC3BW2hMiGbzT+
7u5TU8krsfiq1tG/yPzriZBXdlYmnMhTl9LmGvBw9gEMqxtmChJTXDdz0XnI7uy0
4YgaokzGUjTwkn5PxI9X
=FXwL
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email