IETF Logo Mail Archive

Re: [Cfrg] Summary of the poll: Elliptic Curves - signature scheme: friendliness to low memory implementations (ends on June 3rd)

Dan Brown <dbrown@certicom.com> Sat, 20 June 2015 00:38 UTC

Return-Path: <dbrown@certicom.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 169641B2BE6 for <cfrg@ietfa.amsl.com>; Fri, 19 Jun 2015 17:38:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i64xwspW6b1V for <cfrg@ietfa.amsl.com>; Fri, 19 Jun 2015 17:38:39 -0700 (PDT)
Received: from smtp-p02.blackberry.com (smtp-p02.blackberry.com [208.65.78.89]) by ietfa.amsl.com (Postfix) with ESMTP id 562881B2BE5 for <cfrg@irtf.org>; Fri, 19 Jun 2015 17:38:39 -0700 (PDT)
Received: from smtp-pop.rim.net (HELO XCT104CNC.rim.net) ([10.65.161.204]) by mhs214cnc.rim.net with ESMTP/TLS/AES128-SHA; 19 Jun 2015 20:38:37 -0400
Received: from XMB116CNC.rim.net ([fe80::45d:f4fe:6277:5d1b]) by XCT104CNC.rim.net ([::1]) with mapi id 14.03.0210.002; Fri, 19 Jun 2015 20:38:36 -0400
From: Dan Brown <dbrown@certicom.com>
To: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>, Tony Arcieri <bascule@gmail.com>, "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
Thread-Topic: [Cfrg] Summary of the poll: Elliptic Curves - signature scheme: friendliness to low memory implementations (ends on June 3rd)
Thread-Index: AQHQqlkRYGXquySeBEKBAd2iE13a+J20YfKAgAABKoCAAAQvgIAAIwoAgAAbmACAAAFIgP//5vtp
Date: Sat, 20 Jun 2015 00:38:35 +0000
Message-ID: <20150620003833.5333071.63818.3468@certicom.com>
References: <20150619062752.3506.qmail@cr.yp.to> <558458AF.6080301@akr.io> <D1A9D142.1AD1D%uri@ll.mit.edu> <CAHOTMVJC+TRYu1k6m3AAUo555c_WBCC1bFOUHpEW3x+ztDPzPw@mail.gmail.com> <D1A9F26E.1AD39%uri@ll.mit.edu> <CAHOTMVKLYjrh_50pisnmOQaf4LTHtg+N9xPMPoE_h09Nv8uw7Q@mail.gmail.com>, <D1AA50A4.4CC54%kenny.paterson@rhul.ac.uk>
In-Reply-To: <D1AA50A4.4CC54%kenny.paterson@rhul.ac.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="windows-1256"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/7EWUuPjDUhQ3QRu7RrcWFKrWUuk>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Summary of the poll: Elliptic Curves - signature scheme: friendliness to low memory implementations (ends on June 3rd)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Jun 2015 00:38:41 -0000

So, if we're stuck with deterministic + IUF, maybe we can do reverse Schnorr, with the point being suffixes to the message instead of prefixed, and then rely on wide pipe hash without any extension‎ properties, etc., which is slightly than a simple hash (or is it?).

Sent from my BlackBerry 10 smartphone on the Rogers network.
  Original Message
From: Paterson, Kenny
Sent: Friday, June 19, 2015 6:08 PM
To: Tony Arcieri; Blumenthal, Uri - 0553 - MITLL
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] Summary of the poll: Elliptic Curves - signature scheme: friendliness to low memory implementations (ends on June 3rd)


Folks,

I appreciate the input, but let's not rerun all the arguments we've
already had.

People were quite rightly asking the chairs to provide more clarity on the
result of the poll. We've now done that.

It was narrow, but option 1 had the most support.

Cheers

Kenny

On 19/06/2015 23:03, "Tony Arcieri" <bascule@gmail.com> wrote:

>On Fri, Jun 19, 2015 at 1:24 PM, Blumenthal, Uri - 0553 - MITLL
><uri@ll.mit.edu> wrote:
>
>
>Uhh, IMHO we are supposed to be practical even when paranoid. I find it
>certain that we all would be beyond caring by the time collisions are
>produced in SHA-3.
>
>
>
>
>
>
>
>
>
>
>
>
>
>As the expression goes "attacks always get better". I definitely care
>about having constructions that would survive SHA-3 collisions, and I
>also think they might pose a credible threat in the next two decades or
>so.
>
>
>I guess the counterargument is to swear off primitives with fewer sharp
>edges due to the constraints of devices that will be obsolete in a few
>years? I would prefer to have cryptographic primitives that stand the
>test of time.
>
>
>--
>Tony Arcieri
>
>
>

_______________________________________________
Cfrg mailing list
Cfrg@irtf.org
http://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email