Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve25519function-00.txt
Robert Ransom <rransom.8774@gmail.com> Wed, 30 July 2014 18:49 UTC
Return-Path: <rransom.8774@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5173B1A02BD for <cfrg@ietfa.amsl.com>; Wed, 30 Jul 2014 11:49:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 84Lt3UAe6Mjv for <cfrg@ietfa.amsl.com>; Wed, 30 Jul 2014 11:49:29 -0700 (PDT)
Received: from mail-qg0-x22e.google.com (mail-qg0-x22e.google.com [IPv6:2607:f8b0:400d:c04::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3310A1A0179 for <cfrg@irtf.org>; Wed, 30 Jul 2014 11:49:29 -0700 (PDT)
Received: by mail-qg0-f46.google.com with SMTP id z60so2247680qgd.5 for <cfrg@irtf.org>; Wed, 30 Jul 2014 11:49:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=uIz6dfk5A7MnzqRql2ofLmjgFTl/xxq+6li+/GFoCEY=; b=KNnwBUupomH6o9Tj/pGQp8nATEM1/GfHrVZDZqD9Y+plsr8eTLAuwxFZdMk12WGtem hpNnSje95Qe0yVG75KONFkrG/kDl2zhogwr/4jJatJJyPrhM6egcxkMATovQDjO3ZRfA OHuOzV9jH5/QkHIFrNfq2ajuNEBRmA5EsnzKLDlXx4AYQv5vC294DkTiLKdxjj0sczOu f6AzFrlq98w+8wPOOBhB9D/WHxAZ63mxVZVc4wlQlim1fALQIV8xF41y/ztLmL5H51dO N7UIcB5bEYrbPuy+ZdNcy71epQF/PPgxfmSr2f7di5WlNHuaBEoBz37vd6UvD+v1msj2 khug==
MIME-Version: 1.0
X-Received: by 10.229.117.136 with SMTP id r8mr9822046qcq.17.1406746166079; Wed, 30 Jul 2014 11:49:26 -0700 (PDT)
Received: by 10.140.86.135 with HTTP; Wed, 30 Jul 2014 11:49:26 -0700 (PDT)
In-Reply-To: <0D69E8E1-336C-4884-A87F-7656432AEB15@ieca.com>
References: <20140729195926.2156.45746.idtracker@ietfa.amsl.com> <0D69E8E1-336C-4884-A87F-7656432AEB15@ieca.com>
Date: Wed, 30 Jul 2014 11:49:26 -0700
Message-ID: <CABqy+sroxMhZ=N1o26YG58e3JEj4qdw8=E_dL3D+o2rV-4D3bw@mail.gmail.com>
From: Robert Ransom <rransom.8774@gmail.com>
To: Sean Turner <TurnerS@ieca.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/87aYyJVobzOWHmPT3CVOMqrMScA
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve25519function-00.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jul 2014 18:49:30 -0000
On 7/29/14, Sean Turner <TurnerS@ieca.com> wrote: > At the interim CFRG meeting, I agreed to publish a draft of the curve 25519 > function with some help from Rich, Watson, and Tanja. That draft is now up. Some notes (this is not a thorough review): Section 3: * The draft correctly specifies that the high bit must be discarded, but does not mention that that differs from the specification in the Curve25519 paper, and does not explain the reasons for that difference (resistance to implementation fingerprinting, and forward compatibility with point formats which preserve the sign bit for use in other protocols). It should do both, so that the RFC won't be ‘corrected’ to match the paper when someone else notices that difference five or more years from now. * The draft correctly specifies that implementations must produce outputs less than the field order p, but does not explicitly state that implementations must accept inputs which are greater than or equal to p (and silently reduce them mod p). Section 4: * In the second paragraph, “All calculations are done over GF(p)” should be replaced with “All calculations are performed in GF(p)” -- “performed” is slightly more precise, and “in” is more correct than “over” when you're operating on field elements rather than e.g. polynomials with coefficients in the field (i.e. polynomials ‘over’ the field). Robert Ransom
- [Cfrg] Fwd: I-D Action: draft-turner-thecurve2551… Sean Turner
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Ilari Liusvaara
- Re: [Cfrg] I-D Action: draft-turner-thecurve25519… Sean Turner
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Randy Bush
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Phillip Hallam-Baker
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Salz, Rich
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Benjamin Black
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Robert Ransom
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Paul Lambert
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Randy Bush
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Salz, Rich
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Tanja Lange
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… James Cloos
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Stephen Farrell
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Watson Ladd
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Randy Bush