Re: [Cfrg] Poll: hash functions for Ed448 (ends on December 22nd)
Ilari Liusvaara <ilariliusvaara@welho.com> Wed, 09 December 2015 11:07 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E49641A1BAF for <cfrg@ietfa.amsl.com>; Wed, 9 Dec 2015 03:07:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.6
X-Spam-Level:
X-Spam-Status: No, score=-4.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_INVITATION=-2, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dqMUrwE_zcmJ for <cfrg@ietfa.amsl.com>; Wed, 9 Dec 2015 03:07:35 -0800 (PST)
Received: from filtteri1.pp.htv.fi (filtteri1.pp.htv.fi [213.243.153.184]) by ietfa.amsl.com (Postfix) with ESMTP id BD24F1A1BA5 for <cfrg@irtf.org>; Wed, 9 Dec 2015 03:07:35 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by filtteri1.pp.htv.fi (Postfix) with ESMTP id 0F60121BA2D; Wed, 9 Dec 2015 13:07:34 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from smtp5.welho.com ([213.243.153.39]) by localhost (filtteri1.pp.htv.fi [213.243.153.184]) (amavisd-new, port 10024) with ESMTP id aO9gObabvV0B; Wed, 9 Dec 2015 13:07:33 +0200 (EET)
Received: from LK-Perkele-V2 (87-92-35-116.bb.dnainternet.fi [87.92.35.116]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp5.welho.com (Postfix) with ESMTPSA id D7FEB5BC004; Wed, 9 Dec 2015 13:07:33 +0200 (EET)
Date: Wed, 09 Dec 2015 13:07:31 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Simon Josefsson <simon@josefsson.org>
Message-ID: <20151209110730.GA26555@LK-Perkele-V2.elisa-laajakaista.fi>
References: <5666F7A9.7020608@isode.com> <87mvtkngpj.fsf@latte.josefsson.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <87mvtkngpj.fsf@latte.josefsson.org>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: ilariliusvaara@welho.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/8drCS57bg2qqGFn21witcrm0yAU>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Poll: hash functions for Ed448 (ends on December 22nd)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Dec 2015 11:07:38 -0000
On Wed, Dec 09, 2015 at 09:56:08AM +0100, Simon Josefsson wrote: > > I have started to feel that the fact that we can have this poll with no > real-world feedback from experience with deployed Ed448 implementations > is a sign that standardizing Ed448 is premature. There simply appears > to be little interest from implementers, at least from what I can see > From my perspective. I suppose it may be too late to back down from > this tree though. Well, if we had deployed Ed448 implementations, this whole poll would likely have been unnecressary... That said, there doesn't appear to be that much disagreement on the main hash, just on prehash (which I think is more of invitation to misuse, anyway). That said, having written Python (reference) and C implementations for Ed448, I would consider following proposals above others in implementation annoyance (at least for modifying the present implementation): 1) Twoshakes-d: --------------- The contexts percollate all the way to the global API, and aren't supported on Ed25519 anyway. Hashes are now multi-input and there is now coupling between the prehash and primary. (Yes, my proposal while back did similar things, but the API I had in implementations was designed differently and cut in different place). 2) Ilari 2: ----------- Multi-input structure of HKDF is poor match for hash-function-like construct. Needs IUF in IKM for efficient operation (wonder how many ready-made implementations are capable of that?). ... Then there are non-implementation problems like speed problems (SHA3-512) and bad usecases (SHA-512 prehash). -Ilari
- [Cfrg] Poll: hash functions for Ed448 (ends on De… Alexey Melnikov
- Re: [Cfrg] Poll: hash functions for Ed448 (ends o… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Poll: hash functions for Ed448 (ends o… Tony Arcieri
- Re: [Cfrg] Poll: hash functions for Ed448 (ends o… Aaron Zauner
- Re: [Cfrg] Poll: hash functions for Ed448 (ends o… Damien Miller
- Re: [Cfrg] Poll: hash functions for Ed448 (ends o… Bryan Ford
- Re: [Cfrg] Poll: hash functions for Ed448 (ends o… Simon Josefsson
- Re: [Cfrg] Poll: hash functions for Ed448 (ends o… Ilari Liusvaara
- Re: [Cfrg] Poll: hash functions for Ed448 (ends o… Russ Housley
- Re: [Cfrg] Poll: hash functions for Ed448 (ends o… Phillip Hallam-Baker
- Re: [Cfrg] Poll: hash functions for Ed448 (ends o… Gilles Van Assche
- Re: [Cfrg] Poll: hash functions for Ed448 (ends o… Rene Struik
- Re: [Cfrg] Poll: hash functions for Ed448 (ends o… James Cloos
- Re: [Cfrg] Poll: hash functions for Ed448 (ends o… Alyssa Rowan
- Re: [Cfrg] Poll: hash functions for Ed448 (ends o… Mike Jones
- Re: [Cfrg] Poll: hash functions for Ed448 (ends o… Ruggero SUSELLA
- Re: [Cfrg] Poll: hash functions for Ed448 (ends o… Mike Hamburg
- Re: [Cfrg] Poll: hash functions for Ed448 (ends o… Ruggero SUSELLA
- [Cfrg] Poll Results: hash functions for Ed448 Alexey Melnikov
- Re: [Cfrg] Poll Results: hash functions for Ed448 Alexey Melnikov