Re: [Cfrg] Goldilocks (was Re: EC - next steps to get draft-irtf-cfrg-curves done)
Alyssa Rowan <akr@akr.io> Wed, 11 February 2015 06:56 UTC
Return-Path: <akr@akr.io>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 627C01A03FF for <cfrg@ietfa.amsl.com>; Tue, 10 Feb 2015 22:56:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.502
X-Spam-Level:
X-Spam-Status: No, score=-0.502 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EXYUux5_ghOV for <cfrg@ietfa.amsl.com>; Tue, 10 Feb 2015 22:56:29 -0800 (PST)
Received: from entima.net (entima.net [78.129.143.175]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BEEB1A1B7E for <cfrg@irtf.org>; Tue, 10 Feb 2015 22:56:29 -0800 (PST)
Message-ID: <54DAFD1C.4060805@akr.io>
Date: Wed, 11 Feb 2015 06:56:28 +0000
From: Alyssa Rowan <akr@akr.io>
MIME-Version: 1.0
To: "cfrg@irtf.org" <cfrg@irtf.org>
References: <CACsn0cmfyRqQrVRnbroYV++8axVxWm-1BtTXUOjGYa-30GdW9A@mail.gmail.com>
In-Reply-To: <CACsn0cmfyRqQrVRnbroYV++8axVxWm-1BtTXUOjGYa-30GdW9A@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/AVnFmQi5ozL8MfaQXVh13pQ2zbM>
Subject: Re: [Cfrg] Goldilocks (was Re: EC - next steps to get draft-irtf-cfrg-curves done)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Feb 2015 06:56:35 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 11/02/2015 02:04, Watson Ladd wrote: >> Yes, we are ruling out 2^448-2^224-1 and focussing on primes >> yielding curves at or near the 192 and 256 bit security levels. >> There was a long discussion on this on the list a while back, no >> clear consensus emerged on whether we should "stick" to the >> 192-bit and/or 256-bit security levels or go for "intermediate" >> values, and the chairs are now making a decision on this. Um, what. Chairs: No! I assumed that when you were asking these questions you were including all of the 383<n<511 primes in the "192-bit" category, because you _explicitly_ mentioned that choice of primes would take place _afterwards_ - but instead, you've arbitarily eliminated most of the leading candidates for an extra-strength curve?! Does this also affect 41417? Let me guess: Was your next question going to be, depending on the choice, 2^384-317/2^389-21 and/or 2^512-569/2^521-1? > This strikes me as extremely premature. […] I concur. There was no consensus earlier because we didn't have the performance data to make any decisions on technical grounds. The performance data we have now looks pretty good for Goldilocks, as I was tabulating… For the chairs here to start making arbitrary choices may be externally inappropriate and suggests the process has simply failed. (Do we still have an NSA co-chair? ¬_¬) This unexpected development changes my answer to a firm [No, No]. And inspires me to suggest that instead, perhaps an individual draft for Goldilocks is the way to go here? It's a leading candidate and an excellent compromise. It's a pretty good choice for a high-performance, extra-strength, rigid curve if we were going to recommend 2 curves. Your arbitrary decision changes nothing with that. I think it may be more likely to reach consensus than this ill-conceived guided choice ballot. - -- /akr -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJU2v0cAAoJEOyEjtkWi2t6A9IP/jca62wUoaGl2Y447MTRv8xl 1qg5XRQ6L1ysBMZz3LVaNKcTmqZl6L4881X2f3BB6Og/YCB2iwFRRUugmiTKBhxa RM3sdmyYHE7d2EDAvjChltUMorOWC+FocDX4GsMOc5wn3z+rnN5cvM0YOYKxa/sp A7GXL6efpQnIi+uee12V+D1Qw/IpbxOLQUQIQRMONhsMggfydLyRvm0Kuc490KBD iWHCqPrSawAiXUaWfwXQi2yOkUPKlYgfwkEYzf/fd5wO4koi+q0/8Eqkz6xbR36S KpqHHQMymf7HVLyTOMj8KXRozc3RFvMateAUAD2v9ODCJtGvcK4lyUiYJLM5/RFY 7LjbQ0X/9iDQz9bxh2yAT5RorzcMAFIOMF4VSNXn9xg6dHFLhlOxURFO4ibN1E9a 0Jrz5in1DwiZh3bWUeXgkVELVXMmtXoM6squSSvmwX86hWa/GH323R9XPwkOrBeV ej7qJQHUSdwOnih595hZk7tcUVel4L9JqHoFXL8YdyrxYazzuxun0vzGTkPpZMf7 XZ2pgV4mgHC+nt609Iy3GVP4Yw1blkCCLH0+KGaH+PqXFM52hk/vxHw3Xnu1iSTd EkcnuObp5nGqW/NDB8J0Z/4kKBbaNh+iN/bP7Afx0G6iiHUt4GgMawsjxMYQ9+p9 U5qccirwc3XQ3jC3Wqqy =1Nsn -----END PGP SIGNATURE-----
- [Cfrg] Goldilocks (was Re: EC - next steps to get… Watson Ladd
- Re: [Cfrg] Goldilocks (was Re: EC - next steps to… Alyssa Rowan
- Re: [Cfrg] Goldilocks (was Re: EC - next steps to… Damien Miller
- Re: [Cfrg] Goldilocks (was Re: EC - next steps to… Paterson, Kenny