Re: [Cfrg] Not the same thread -> was Re: Rerun: Elliptic Curves - preferred curves around 256bit work factor (ends on March 3rd)
Michael Hamburg <mike@shiftleft.org> Wed, 25 February 2015 20:06 UTC
Return-Path: <mike@shiftleft.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C3FF1A87D7 for <cfrg@ietfa.amsl.com>; Wed, 25 Feb 2015 12:06:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.555
X-Spam-Level: *
X-Spam-Status: No, score=1.555 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.982, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qLy_Marvsdmn for <cfrg@ietfa.amsl.com>; Wed, 25 Feb 2015 12:06:17 -0800 (PST)
Received: from aspartame.shiftleft.org (199-116-74-168-v301.PUBLIC.monkeybrains.net [199.116.74.168]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1BA31A87B3 for <cfrg@irtf.org>; Wed, 25 Feb 2015 12:06:17 -0800 (PST)
Received: from [10.184.148.249] (unknown [209.36.6.242]) by aspartame.shiftleft.org (Postfix) with ESMTPSA id 1C81CF210A; Wed, 25 Feb 2015 12:04:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=shiftleft.org; s=sldo; t=1424894663; bh=0d2WwBJC5FPsi1ZxdqNe+pJRapugZEO5RtdNWbYAf6o=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=b1c0Pm+Ij/W+kw9EXWBIjEOiS87owcyjVnSig4ugnTP93Xd9MQgpqCTi+X2Xa7ZzJ hvojPHoqmOUa0/OFAHmwO9RCCiSVHxSAV4pHFBxXvXt0ioJsLIrJWRl3334Dnz5jJg gHCoCC76qSW9cIjRUkfmyuQdctIxPtOOtrViSVVY=
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
From: Michael Hamburg <mike@shiftleft.org>
In-Reply-To: <20150225195756.GA12823@LK-Perkele-VII>
Date: Wed, 25 Feb 2015 12:06:14 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <44DC84A6-4FF9-4CC8-8B24-69FDFE6D81B6@shiftleft.org>
References: <D1133BAF.5C3D2%paul@marvell.com> <54EE0D4D.2080009@shiftleft.org> <20150225195756.GA12823@LK-Perkele-VII>
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/BpOmZwcaKHoPqfy9_QReTHzneDg>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Not the same thread -> was Re: Rerun: Elliptic Curves - preferred curves around 256bit work factor (ends on March 3rd)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Feb 2015 20:06:18 -0000
> On Feb 25, 2015, at 11:57 AM, Ilari Liusvaara <ilari.liusvaara@elisanet.fi> wrote: > > On Wed, Feb 25, 2015 at 09:58:37AM -0800, Mike Hamburg wrote: >> Thanks, Paul. >> >> On 3.6GHz Haswell with OpenSSL 1.0.1f: >> RSA-2048: sign 1028us, verify 31us >> Ed448: sign 51us, verify 163us, dh 148us >> Ed480: sign 55us, verify 183us, dh 170us >> E-521: sign 79us, verify 256us, dh 241us >> >> On 1GHz Cortex A8 with OpenSSL 1.0.1f: >> RSA-2048: sign 39.8ms, verify 1.2ms >> Ed448: sign 0.7ms, verify 1.9ms, dh 1.9ms > > What is DH (Diffie-Hellman) in that? > > Compressed edwards scalarmult? Uncompressed Edwards scalarmult? > Montgomery ladder? Does it include key generation time (for not > reusing keys)? > > > -Ilari Montgomery ladder scalarmult with a few cheap bells and whistles: unified point compression which includes a correctly computed sign, rejecting points on the twist, and hashing the output with the input public keys to make a session key. It doesn’t include key generation time. Key generation takes about as long as signing. — Mike
- [Cfrg] Not the same thread -> was Re: Rerun: Elli… Paul Lambert
- Re: [Cfrg] Not the same thread -> was Re: Rerun: … Mike Hamburg
- Re: [Cfrg] Not the same thread -> was Re: Rerun: … Phillip Hallam-Baker
- Re: [Cfrg] Not the same thread -> was Re: Rerun: … Phillip Hallam-Baker
- Re: [Cfrg] Not the same thread -> was Re: Rerun: … Ilari Liusvaara
- Re: [Cfrg] Not the same thread -> was Re: Rerun: … Michael Hamburg
- Re: [Cfrg] Not the same thread -> was Re: Rerun: … Derek Atkins
- Re: [Cfrg] Not the same thread -> was Re: Rerun: … Phillip Hallam-Baker
- Re: [Cfrg] Not the same thread -> was Re: Rerun: … Watson Ladd
- Re: [Cfrg] Not the same thread -> was Re: Rerun: … Derek Atkins
- Re: [Cfrg] Not the same thread -> was Re: Rerun: … Phillip Hallam-Baker