IETF Logo Mail Archive

Re: [Cfrg] RGLC on draft-irtf-cfrg-pairing-friendly-curves-07

Marek Jankowski <mjankowski309@gmail.com> Fri, 17 July 2020 06:54 UTC

Return-Path: <mjankowski309@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CCB53A0E1F for <cfrg@ietfa.amsl.com>; Thu, 16 Jul 2020 23:54:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.847
X-Spam-Level:
X-Spam-Status: No, score=-1.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eIbZY2btuMqr for <cfrg@ietfa.amsl.com>; Thu, 16 Jul 2020 23:54:18 -0700 (PDT)
Received: from mail-il1-x133.google.com (mail-il1-x133.google.com [IPv6:2607:f8b0:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8F413A0DE1 for <cfrg@irtf.org>; Thu, 16 Jul 2020 23:54:18 -0700 (PDT)
Received: by mail-il1-x133.google.com with SMTP id t18so6496652ilh.2 for <cfrg@irtf.org>; Thu, 16 Jul 2020 23:54:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=C52rm1ZHe+jZkXmH5y8erEUJ8t4qEOz3p5htnn+zA6A=; b=HG2ORfQryjVaZ4Jke1KPC6ZupJq85l66Wajd5dBcVnThL2rIWnXvXHiAM3m/L8582C BlaeUd1Xv+OpvP5co++KSsG+lLYT5F+a34m+22YgoTvE9pTWdEztXgo03123u8Mbx85C YH189GfGAx2tMOGJ08abDTRSHcg7BMnfUyid42rsCanHU3B8j+zzrPSUF5F9ctjdSNWx WAvZ12ddViXQzjXYmBxZD7A9drRmisPyJ5jq8154oYQnoi9y4Tj6/V2QbO3TBJ0B2LbJ fzDfjjToXXWdawZfZQ8ku2HGu84JLuatykmWtHZEezYIoOaANotWq4SUl9agyd+hUd0x gEIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=C52rm1ZHe+jZkXmH5y8erEUJ8t4qEOz3p5htnn+zA6A=; b=Cod1l4Bh/22S2hcpom8xIxFEVbJK9IKcARxjYeuNGaQw7+8dLQ1pc+0TvIaU4cWzcl uQxFilqoiqAS+DXTksCWTVYMnJXyzZ0mdG2cq1fXw+jPJKeCiIGb0CqYu47xzLhqLN5i YJcc0kauJLh5Tcc93S8OuY76NYFB8oscpgZOgKDOkWC5u3c9V74cgS1Mzdfam/G3RGhb vMKFQlpx4O1mK4Zj22TiEtUyNwRt2HiWdgjjH9Fe/z++ac8yr2hv2aKGZaCF2olStx9i zZ/fZ+oCsdZs8tvAGN/lXaIsP4p+wjb+Phbo91Adm0AqgsUwRcfFquOkz1ig3dFczwb1 LNqw==
X-Gm-Message-State: AOAM531Tr/7TKApa8/MBh3Jgow4I4HVBqxNcYjztGPYG6cENDTNrDpAN PHzD+h3OZ5RIeAWAS0tU0n7Pe7AHxaGcDKGfTQg=
X-Google-Smtp-Source: ABdhPJzGUZpARKp1+kf9/EH3an16RiIaIMxltzRHpI9cADcjlJr10VFWtW+dUBlymnh6pjBl4PBscw3TR8XcLpgg0Eo=
X-Received: by 2002:a92:5bdd:: with SMTP id c90mr7640121ilg.154.1594968858096; Thu, 16 Jul 2020 23:54:18 -0700 (PDT)
MIME-Version: 1.0
References: <CABZxKYmyYbOXG9Lo8vNZANn=x+DhZR0qztAg+JbYnLdoxVrsTQ@mail.gmail.com> <20200708215916.xbdvyak6etncqxwj@muon> <CABZxKYnnu6F0+zSZZ1NmmFgaNhf=J5f3CxMQRNXtBOiP6SpPMA@mail.gmail.com>
In-Reply-To: <CABZxKYnnu6F0+zSZZ1NmmFgaNhf=J5f3CxMQRNXtBOiP6SpPMA@mail.gmail.com>
From: Marek Jankowski <mjankowski309@gmail.com>
Date: Fri, 17 Jul 2020 08:53:53 +0200
Message-ID: <CAMCcN7RMQKzjdGZQAnxr2a0=0y5D9AXqsNbnLwMwd-GtGSMzwA@mail.gmail.com>
To: Armando Faz <armfazh=40cloudflare.com@dmarc.ietf.org>
Cc: "Riad S. Wahby" <rsw@jfet.org>, CFRG <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="00000000000036fc8705aa9da078"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Bs65Gy8r2qyTCMqCeuDpRpYkmoo>
Subject: Re: [Cfrg] RGLC on draft-irtf-cfrg-pairing-friendly-curves-07
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jul 2020 06:54:20 -0000

I agree with Armando.
It seems to me that hash-to-curve's main use case is pairings, so defining
it in the pairings draft does not make much sense.
So the best practice would be to suggest suites and refer to the
hash-to-curve draft for more information.
As Armando says it is important to refer to the draft mainly to prevent
naive use of rejection sampling.

Other than that, I think it is a great draft and I support its adoption.

Marek

On Thu, Jul 9, 2020 at 10:46 PM Armando Faz <armfazh=
40cloudflare.com@dmarc.ietf.org> wrote:

> On Wed, Jul 8, 2020 at 2:59 PM <rsw@jfet.org> wrote:
> >
> > Since neither hash-to-curve nor pairing-friendly-curves is finalized,
> > it seems like these hash-to-curve suites could go in either document.
>
> Additionally to the list the suites (in either document). The pairing
> draft should mention somewhere that hash to G1 and G2 are common
> operations in several cryptographic protocols. Obviously, it should
> point to the hash_to_curve draft, and reinforce the security dangers
> of the try-and-increment method, which was popularized in the
> pairing-crypto community.
>
> --
> Armando Faz
> Cloudflare Inc.
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>

v2.23.0 | Report a Bug | By Email