Re: [Cfrg] RGLC on draft-irtf-cfrg-pairing-friendly-curves-07

Armando Faz <armfazh@cloudflare.com> Thu, 09 July 2020 20:45 UTC

Return-Path: <armfazh@cloudflare.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1DDF3A083D for <cfrg@ietfa.amsl.com>; Thu, 9 Jul 2020 13:45:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2nLvd2hZ5r_J for <cfrg@ietfa.amsl.com>; Thu, 9 Jul 2020 13:45:21 -0700 (PDT)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 104763A0842 for <cfrg@irtf.org>; Thu, 9 Jul 2020 13:45:20 -0700 (PDT)
Received: by mail-lf1-x12a.google.com with SMTP id g2so1968973lfb.0 for <cfrg@irtf.org>; Thu, 09 Jul 2020 13:45:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=aHglny5B124u+RzhFSeCw1GUrl0OyvI4nEVLuYd66jg=; b=r8cB0c4FfsRAYbWFTHJhVokSpYcFqs/2ogl8HgmieLsioaBuBiUuvgajKh3sPPKx5J DaZhSZ6iuI2Ge0kMUFrUbifR58oCmYQ+LhwJNWDJSzJSmjOE86oLtP1iTnyC8cnR8VFS kLksDlOnlk3roz3VqMdmxpW5iUWY7m2XcBNhw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aHglny5B124u+RzhFSeCw1GUrl0OyvI4nEVLuYd66jg=; b=m8foAAPTDmiMKWEUHFhFcMHDRXqr1lio1uUNCukUaBDxWbrAV9KDKEenXjDeJgAsML x1NAjSQ0brDUqYs+7gglfIIGSp5Unn6mJnDvhRp/Ug5vpCcSdapMBYv9CRdgIO2Hg5kk QhDwvCQqpoPHsF7n8xegR4GQ3s5d8gywVpXKi4hMTrYR6x7RdZXLlo4Z6HAURQaJtn7S joamRml5kDvspwSRCLNQjRSIY8ZW8d0uDuufHg2F/JOW21vQs3i4aFn7MwucgYQY3I4E a1WGdFsylLqYBuGYtUNlgznJNUd7cc0HiEMfnW0MZ+s9NCrsDxNrWyoePJsR4Htr4OUs QZQw==
X-Gm-Message-State: AOAM532Vo3RXOXd0r+9RbeX4agMo1NEjdiyXRS/8v+vjYOJ5wA+88k17 Y08ahrgN85vnjEkd27JWAygt6FBuKJuQPbZUExV59wLaM+Q=
X-Google-Smtp-Source: ABdhPJxCUF+ShREbgPVid3C3QoMd+UypdSy5ZTgjG0GC0fGqRx/L/N29k3y7dKwSoT13iNWerg9nO3U35HooaApr/NA=
X-Received: by 2002:a19:4a94:: with SMTP id x142mr41936483lfa.207.1594327519002; Thu, 09 Jul 2020 13:45:19 -0700 (PDT)
MIME-Version: 1.0
References: <CABZxKYmyYbOXG9Lo8vNZANn=x+DhZR0qztAg+JbYnLdoxVrsTQ@mail.gmail.com> <20200708215916.xbdvyak6etncqxwj@muon>
In-Reply-To: <20200708215916.xbdvyak6etncqxwj@muon>
From: Armando Faz <armfazh@cloudflare.com>
Date: Thu, 9 Jul 2020 13:45:07 -0700
Message-ID: <CABZxKYnnu6F0+zSZZ1NmmFgaNhf=J5f3CxMQRNXtBOiP6SpPMA@mail.gmail.com>
To: "Riad S. Wahby" <rsw@jfet.org>
Cc: cfrg@irtf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/7dmA50WHSAVE0WLD-7kwYCeftqw>
Subject: Re: [Cfrg] RGLC on draft-irtf-cfrg-pairing-friendly-curves-07
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jul 2020 20:45:23 -0000

On Wed, Jul 8, 2020 at 2:59 PM <rsw@jfet.org> wrote:
>
> Since neither hash-to-curve nor pairing-friendly-curves is finalized,
> it seems like these hash-to-curve suites could go in either document.

Additionally to the list the suites (in either document). The pairing
draft should mention somewhere that hash to G1 and G2 are common
operations in several cryptographic protocols. Obviously, it should
point to the hash_to_curve draft, and reinforce the security dangers
of the try-and-increment method, which was popularized in the
pairing-crypto community.

-- 
Armando Faz
Cloudflare Inc.