Re: [Cfrg] Meeting notes
"Derek Atkins" <derek@ihtfp.com> Fri, 27 March 2015 13:29 UTC
Return-Path: <derek@ihtfp.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AE051ACDE1 for <cfrg@ietfa.amsl.com>; Fri, 27 Mar 2015 06:29:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.289
X-Spam-Level:
X-Spam-Status: No, score=-1.289 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_ORG=0.611] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oLc_flOj6PWm for <cfrg@ietfa.amsl.com>; Fri, 27 Mar 2015 06:29:37 -0700 (PDT)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 836DF1ACDDB for <cfrg@irtf.org>; Fri, 27 Mar 2015 06:29:36 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 6B23CE2036; Fri, 27 Mar 2015 09:29:34 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 14997-03; Fri, 27 Mar 2015 09:29:32 -0400 (EDT)
Received: by mail2.ihtfp.org (Postfix, from userid 48) id 4B2EAE2038; Fri, 27 Mar 2015 09:29:32 -0400 (EDT)
Received: from 64.134.50.65 (SquirrelMail authenticated user warlord) by mail2.ihtfp.org with HTTP; Fri, 27 Mar 2015 09:29:32 -0400
Message-ID: <c65696d44c65b12478532bcb01fb2ef3.squirrel@mail2.ihtfp.org>
In-Reply-To: <0C65868C-1725-4B32-A562-62C9DF36A956@gmail.com>
References: <CAHOTMVKUyNsA7ux4epk8LwR0w0Eh7dh0G3xTXB3O9m8jQPS3EQ@mail.gmail.com> <0C65868C-1725-4B32-A562-62C9DF36A956@gmail.com>
Date: Fri, 27 Mar 2015 09:29:32 -0400
From: Derek Atkins <derek@ihtfp.com>
To: Yoav Nir <ynir.ietf@gmail.com>
User-Agent: SquirrelMail/1.4.22-14.fc20
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/9gt1rrXewzYmbxzOW5y-jVsnnU8>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Meeting notes
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Mar 2015 13:29:39 -0000
Yoav,
On Fri, March 27, 2015 8:49 am, Yoav Nir wrote:
[snip]
>
> === Fourth item: the Algebraic Eraser (Paul E Gunnels)
> Protocol for IoT things.
>
> Renee: what about sigs
> Atkins: a little different. fleshing
> Yoav: if it's good for IoT, why not for everything else?
> Derek Atkins: that's just our focus.
> Nico: Because this needs a trusted 3rd party that can break everything
> KP: need some more cryptanalysis to know that key search is the best
> attack.
> PEG: there are other attacks. One to recover the conjugator. Another to
> recover the matrix part or the private key. Those have been refuted -
> reduced to exhaustive search.
> AGL: have you tried an optimized implementation? Would it be 70x faster on
> a quality CPU?
> Derek: I have seen 50x. AE could benefit from larger tables on commodity
> CPU.
> Stephen Farrell: trusted third party - what does it need to do
> Derek: the trusted 3rd party is needed for the curve parameters.
> AGL: on a large scale you would need... (OK, I didn't understand the
> trusted 3rd party issue...)
AE has a set of public parameters that you use to generate keypairs that
can communicate (the equivalent of an ECC Curve or DH Prime). The issue
is that you need random data to generate those public parameters, and that
random data needs to be kept secret. Once the parameters are generated
you don't need access to the random data ever again, but the issue, as I
understand it, is "how do you know that that random data wasn't
compromised during the parameter generation process?"
Hopefully this better explains the issue?
Thanks,
-derek
--
Derek Atkins 617-623-3745
derek@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
- [Cfrg] Meeting notes Tony Arcieri
- Re: [Cfrg] Meeting notes Yoav Nir
- Re: [Cfrg] Meeting notes Derek Atkins
- Re: [Cfrg] Meeting notes Yoav Nir
- Re: [Cfrg] Meeting notes Derek Atkins
- Re: [Cfrg] Meeting notes Watson Ladd
- Re: [Cfrg] Meeting notes Daniel Kahn Gillmor
- Re: [Cfrg] Meeting notes Johannes Merkle
- Re: [Cfrg] Meeting notes Yoav Nir
- Re: [Cfrg] Meeting notes Ilari Liusvaara
- [Cfrg] (on Algebraic Eraser) Re: Meeting notes Rene Struik
- Re: [Cfrg] (on Algebraic Eraser) Re: Meeting notes Derek Atkins
- Re: [Cfrg] (on Algebraic Eraser) Re: Meeting notes Nico Williams
- Re: [Cfrg] Meeting notes Nico Williams
- Re: [Cfrg] (on Algebraic Eraser) Re: Meeting notes Rene Struik
- Re: [Cfrg] (on Algebraic Eraser) Re: Meeting notes Nico Williams
- Re: [Cfrg] Meeting notes Derek Atkins
- Re: [Cfrg] Meeting notes Alexey Melnikov