[Cfrg] A draft merging rpgecc and thecurve25519function.
Adam Langley <agl@imperialviolet.org> Thu, 01 January 2015 22:00 UTC
Return-Path: <alangley@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 522121A1B00 for <cfrg@ietfa.amsl.com>; Thu, 1 Jan 2015 14:00:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.122
X-Spam-Level:
X-Spam-Status: No, score=0.122 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wK9_tVfzuujU for <cfrg@ietfa.amsl.com>; Thu, 1 Jan 2015 14:00:31 -0800 (PST)
Received: from mail-lb0-x230.google.com (mail-lb0-x230.google.com [IPv6:2a00:1450:4010:c04::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 629381A1ADB for <cfrg@irtf.org>; Thu, 1 Jan 2015 14:00:30 -0800 (PST)
Received: by mail-lb0-f176.google.com with SMTP id p9so14343146lbv.21 for <cfrg@irtf.org>; Thu, 01 Jan 2015 14:00:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=TrbYhFruNBf0e/+HF0wqLiFYu+IJH4X/ktKDU5ngFpo=; b=TPENw4Ac+HpvLwwHmuQUmqcoh2retnyovYFrSppHmty7WjB/q7PpVbKjN0IihGYlek GkUuyWFEQCiNphwhetzaQF5oDL+fzTqRJmVs2fKBhL6dXFFKFP69I3s1CgKMTv1PNtYU 6jfiV9ixCmepEoOExL5rmzoRu/br/Xu0WsmYXqisWEPAko5lmv0MLjBRxfinxFTRwnim RHY6+tbhm/4EGg84n7kCrraBq8K6sqPDhHOPQDkNYzp0whd2ibEuFFr/KykpIDj7Y4HJ NIL1CGe1PqHYWdPaokEtWT2L099xVfYxLhpwZN2lJ5+cIJ6nLOjIvFOjmtyA45DbZqOf XgdA==
MIME-Version: 1.0
X-Received: by 10.152.27.228 with SMTP id w4mr73190149lag.75.1420149628554; Thu, 01 Jan 2015 14:00:28 -0800 (PST)
Sender: alangley@gmail.com
Received: by 10.112.114.225 with HTTP; Thu, 1 Jan 2015 14:00:28 -0800 (PST)
Date: Thu, 01 Jan 2015 14:00:28 -0800
X-Google-Sender-Auth: vemlLrVPM5qgQC13tV05XZ9HHqQ
Message-ID: <CAMfhd9Vi=VJw2NW1CX1aE_qjXFmQ1Cmd1F4s7C9eEvuVog-f=Q@mail.gmail.com>
From: Adam Langley <agl@imperialviolet.org>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/8e2ujcxuRG0FawQiDF7xZ5ijXqQ
Subject: [Cfrg] A draft merging rpgecc and thecurve25519function.
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jan 2015 22:00:35 -0000
Since everyone is agreed to within an isogeny of curve25519 at ~128 bits, and since there's no performance reason to pick one isogeny over another (see my mail from yesterday), I've created an outline for what currently appears (to me) to be the only way that we might reach agreement. It takes the generation procedure from draft-black-rpgecc-01, generates the resulting curve with p=2^255-19 and then ends up with curve25519 by pointing out that there's no difference in security between isogenies and motivates it by compatibility with existing practice. Then it includes draft-turner-thecurve25519function in order to nail down the wire-format and describe how to perform ECDH. The resulting agglomeration is at https://cdn.rawgit.com/agl/cfrgcurve/master/cfrgcurve.xml (requires XSLT support in the browser) and https://github.com/agl/cfrgcurve. (Although, until there's clarity on whether the outline is viable, the details in the draft are unimportant.) I have not listed the authors of the two source documents as authors yet because that might suggest that they support the result. Instead I've made the sources clear in section 1. It does not suggest a signature scheme, despite several people suggesting that it would be required in recent days, because I don't think that we're at that point yet. Cheers AGL -- Adam Langley agl@imperialviolet.org https://www.imperialviolet.org
- [Cfrg] A draft merging rpgecc and thecurve25519fu… Adam Langley
- Re: [Cfrg] A draft merging rpgecc and thecurve255… Adam Langley
- Re: [Cfrg] A draft merging rpgecc and thecurve255… Watson Ladd
- Re: [Cfrg] A draft merging rpgecc and thecurve255… Adam Langley
- Re: [Cfrg] A draft merging rpgecc and thecurve255… Adam Langley
- [Cfrg] Wanting a signature scheme, not needing it… Paul Hoffman
- Re: [Cfrg] A draft merging rpgecc and thecurve255… Mike Hamburg
- Re: [Cfrg] A draft merging rpgecc and thecurve255… Brian Smith
- Re: [Cfrg] A draft merging rpgecc and thecurve255… David Rufino
- Re: [Cfrg] A draft merging rpgecc and thecurve255… Stephen Farrell
- Re: [Cfrg] A draft merging rpgecc and thecurve255… Tanja Lange
- Re: [Cfrg] A draft merging rpgecc and thecurve255… David Rufino
- Re: [Cfrg] A draft merging rpgecc and thecurve255… Alexey Melnikov