Re: [CFRG] Second RGLC on draft-irtf-cfrg-pairing-friendly-curves

Yumi Sakemi <yumi.sakemi@infours.co.jp> Fri, 17 September 2021 06:37 UTC

Return-Path: <yumi.sakemi@lepidum.co.jp>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 968C93A25D8 for <cfrg@ietfa.amsl.com>; Thu, 16 Sep 2021 23:37:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=infours-co-jp.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HI1BWIdDFoMA for <cfrg@ietfa.amsl.com>; Thu, 16 Sep 2021 23:36:55 -0700 (PDT)
Received: from mail-ot1-x32b.google.com (mail-ot1-x32b.google.com [IPv6:2607:f8b0:4864:20::32b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B5423A25D7 for <cfrg@irtf.org>; Thu, 16 Sep 2021 23:36:55 -0700 (PDT)
Received: by mail-ot1-x32b.google.com with SMTP id m7-20020a9d4c87000000b0051875f56b95so11589195otf.6 for <cfrg@irtf.org>; Thu, 16 Sep 2021 23:36:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infours-co-jp.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=tIBxqEK1IdQVX7j1WxsCbNd/7fxDzZ3GikfifBCqZRs=; b=ohBsYrZURC0suCCVVh6b9/dqJIOrSleyUMnxKWNr2/hTm63vpzehW1dB0luPoHuEjA 2ECz13GaNQ5UIDRc/65+oP74Dwkj5VkSZKoNb9PdAmLYtOvR73krp7rwXzfYIneztP1P eskWRgoVeXVuzrY/rQbVkxvoZX2ewNOXZ6vCUcBwIJSf9HDuGvfbseq/0bU16vniOF2c 4ca/yCIXKBLW0H8AC2cWU7mSgKXcTyz+7WedGzxFhbmA5xXZL0i2lStPQzHkpTqMRXSY MUCU+DqKDV2DfXIDYThyiY12sARIDCzqdB8VO3hAuUltnfLW+M7NmYN8jyf1i3DdXpFw x8Aw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=tIBxqEK1IdQVX7j1WxsCbNd/7fxDzZ3GikfifBCqZRs=; b=v2f0ziUsc04oG9m7dlY3ZpB9Kb3SLlxX9L+O3WVsVaDWPHo/nSVJfCxB158+vaGEGm NF/W/yuFLaTyb6VVPPV1MmPRScEc/kE3dSJJN79/TtyRB6sKMw+qyY6puGsFS/I82fhg KOMMw1UNln+QV97HG2G9I2KI4qLOx7phFbpprcNnz9UQZf7aH5KfztLJeHPYbVcxun0D sIRosJsH4FqGSKTFN8U2vgpKUua2uwhtoDey+og9ncppIJRl6oR7wbAi+oU3+vq8v9XX ofc/P+WTDiXimHXyKz4gl4AoOxdBQ7s6RprrpG4kJahPSs+OrxlB4KM6zLz0VorJ2ioO nj2w==
X-Gm-Message-State: AOAM533U3OCd66yD23wFdlDrDSEQd+WO4ZdDkgbqGWKnO8ApIQwDjzyl dDpVvnARtVBOwW+HctDLCMS6hb2Jd7b0hqp9/dOaiA==
X-Google-Smtp-Source: ABdhPJw1kFeIDnzlPgcZ67KxRhHwFlKWYM4+Izl2QRiPsTyl6BW/jqxB7MMknOgcBU9w45RvWawM5bmJgOaFpnCFNJw=
X-Received: by 2002:a9d:3e08:: with SMTP id a8mr8214721otd.155.1631860613936; Thu, 16 Sep 2021 23:36:53 -0700 (PDT)
MIME-Version: 1.0
References: <CAMr0u6kV-YsAuAMRh6OVArhZ6DftZSCumqYNOQQ5BWq0cgxW3Q@mail.gmail.com> <CACsn0ckkXdVk2maphAoOGm9K6pYkBUOQ+H8sNtpQ5X5Y1k4Yxw@mail.gmail.com> <CAA4D8KZ4=_1qv64MadxeBK85X-oqdwgraGVg2oe0byF2nHeYJQ@mail.gmail.com> <9F55A285-A4AC-4935-8A1D-D2B31FC031AA@ll.mit.edu>
In-Reply-To: <9F55A285-A4AC-4935-8A1D-D2B31FC031AA@ll.mit.edu>
From: Yumi Sakemi <yumi.sakemi@infours.co.jp>
Date: Fri, 17 Sep 2021 15:36:43 +0900
Message-ID: <CAA4D8KaHKN_8giWVMMJGFS9Je=0iLM6q06cCb7K0FLAi_+YZ6w@mail.gmail.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
Cc: CFRG <cfrg@irtf.org>, SAITO Tsunekazu <tsunekazu.saito.hg@hco.ntt.co.jp>, Tetsutaro Kobayashi <tetsutaro.kobayashi.dr@hco.ntt.co.jp>, "Riad S. Wahby" <rsw@cs.stanford.edu>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/3UUOhN0DNUqUL7Lf8SYuYIJYGt4>
Subject: Re: [CFRG] Second RGLC on draft-irtf-cfrg-pairing-friendly-curves
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Sep 2021 06:37:01 -0000

Dear Uri,

Thank you for your message.

I think that the assessment of quantum computing is different from the
purpose of our I-D.
I'm very sorry, but why not discuss it in another thread?

For reference, I would like to share the following URL.
https://mailarchive.ietf.org/arch/msg/cfrg/eLiK6YN4PxRHAlrAzvq4o7L1Lwc/

Best regards,
Yumi

2021年9月14日(火) 3:52 Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu>du>:
>
> Based on the current progress in the Quantum Computing research, I conjecture that crypto-threatening quantum computers will come to existence, possibly within a decade or two.
>
> Following that conjecture, the useful lifetime of any product that utilizes pairings is likely to be short: after all the time spent on standardizing and refining the standard, implementing it, deploying, getting consumer market to embrace the technology - I conjecture that the actual time of "safe usage" would be at most a few years. Is it worth it? My answer is "no".
>
> --
> Regards,
> Uri
>
>
> On 9/13/21, 14:44, "CFRG on behalf of Yumi Sakemi" <cfrg-bounces@irtf.org on behalf of yumi.sakemi@infours.co.jp> wrote:
>
>     Dear Rene and Watson
>
>     I'm so sorry for my late reply.
>     Thank you for your comments.
>     I checked and discussed with my co-authors about comments from Rene and Watson.
>     As a result, we came up with the idea that the position of our I-D
>     might be different from what Rene and Watson commented on our I-D.
>     Below are the stances we understand when making comments from Rene and
>     Watson and the positions/stances of our I-D.
>
>     - Rene's stance
>     It is the point of view that the I-D should be for educational
>     purposes regarding pairing.
>     For example, the quality of the I-D is inadequate for a textbook and
>     inappropriate for an IRTF draft.
>
>     - Watson's stance
>      Standardization of pairing implementation.
>      For example, there is a lack of detailed explanation of the
>     implementation method in the I-D.
>
>     To be clarified by Prof. Colin and Stanislav in the 2nd RGLC, the
>     stance of our activities is to make an informational RFC
>     about “secure parameters of pairing-friendly curves” promoting Secure
>     Pairing Cryptography on the Internet.
>
>     Kim's attack in 2016 led to a review of the security of pairing-friendly curves
>     no matter how there are still many implementations that contain
>     insecure parameters.
>     To solve this problem, we focus on providing an informative document
>     that implementers of
>     pairing-based cryptographies can refer to when selecting secure parameters.
>     Therefore, it is out of our scope in our I-D that a specific document
>     aimed at standardization and education of pairing algorithms.
>
>     We would appreciate it if you could reconfirm the stance and purpose of our I-D.
>
>     Best regards,
>     Yumi
>
>
>     <<FOR YOUR INFORMATION>>
>     In the following, I would like to explain the background and purpose
>     of our activities again for your reference.
>     As shown in our I-D, there are many kinds of types and parameters for
>     pairing-friendly curves, and it is difficult for implementers of
>     pairing-based cryptographies to select which parameter is secure.
>     For example, the parameters of pairing-friendly curves given in
>     standard specifications such as ISO and TCG have not been updated
>     since before Kim's attack in 2016, so implementers may refer to
>     insecure and inappropriate parameters when referring to these standard
>     specifications.
>     To address this issue, we propose to publish RFC for secure parameters
>     of pairing-friendly curves so that pairing implementors can safely
>     select secure parameters.
>
>     The proposed parameters in our I-D were selected based on the
>     selection policy of "security" and "widely used" after organizing the
>     security of parameters of pairing-friendly curves shown in standard
>     specifications, libraries, and applications.
>
>     On the other hand, again, we do not aim to standardize the method of
>     pairing implementation.
>     A pairing implementation consists of many arithmetic operations,
>     including operations on finite fields, twist techniques, operations on
>     elliptic curves, pairing operations, and applications of pairing.
>     Since many approaches to accelerate each type of operation have been
>     proposed, we don't want to limit the implementation methods in our
>     I-D.
>     Nevertheless, the existence of methods to improve the efficiency of
>     pairing computation is useful as references, so we have made
>     references to textbooks, papers, and other publications to present
>     carefully selected information.
>     Another way to look at it is that acceleration methods may have
>     patents against them, so we avoid such risks.
>
>     2021年9月10日(金) 7:43 Watson Ladd <watsonbladd@gmail.com>om>:
>     >
>     > On Fri, Aug 13, 2021 at 11:40 AM Stanislav V. Smyshlyaev
>     > <smyshsv@gmail.com> wrote:
>     > >
>     > > Dear CFRG participants,
>     > >
>     > > This message starts a second RGLC on "Pairing-Friendly Curves" (draft-irtf-cfrg-pairing-friendly-curves-10), that will end on September, 8th.
>     > >
>     > > See https://datatracker.ietf.org/doc/draft-irtf-cfrg-pairing-friendly-curves/ for the latest version of the draft.
>     > >
>     > > We are having the second RGLC since Yumi Sakemi has provided (see https://mailarchive.ietf.org/arch/msg/cfrg/-1nTbbVRlkP5wV2odEYFac-jK08/) updated replies for the questions raised after the first RGLC.
>     > >
>     > > Please send your comments, as well as expression of support to publish as an RFC (or possible reasons for not doing so) in reply to this message or directly to CFRG chairs.
>     >
>     > The timing of this WGLC was a bit unfortunate for me, and I apologize
>     > for my late submission.
>     >
>     > I think this draft has many issues. It doesn't limit the number of
>     > choices, it doesn't provide enough information to implementers, it's
>     > filled with extraneous information about history and applications and
>     > much useful information is in the appendices. I don't think this
>     > draft's publication will help authors who would like to point to a
>     > reference for BLS12 and how to implement it.
>     >
>     > Sincerely,
>     > Watson Ladd
>     >
>     > --
>     > Astra mortemque praestare gradatim
>     >
>     > _______________________________________________
>     > CFRG mailing list
>     > CFRG@irtf.org
>     > https://www.irtf.org/mailman/listinfo/cfrg
>
>
>
>     --
>     Yumi Sakemi, Ph. D.
>      Infours Inc.
>
>     E-Mail: yumi.sakemi@infours.co.jp
>
>     _______________________________________________
>     CFRG mailing list
>     CFRG@irtf.org
>     https://www.irtf.org/mailman/listinfo/cfrg



-- 
Yumi Sakemi, Ph. D.
 Infours Inc.

E-Mail: yumi.sakemi@infours.co.jp