Re: [Cfrg] Elliptic Curves - poll on specific curve around 256bit work factor (ends on February 23rd)
"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Sat, 21 February 2015 13:46 UTC
Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 961EF1A6FEC for <cfrg@ietfa.amsl.com>; Sat, 21 Feb 2015 05:46:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wYN21MiBeOZl for <cfrg@ietfa.amsl.com>; Sat, 21 Feb 2015 05:46:02 -0800 (PST)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0622.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::622]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D250B1A19F6 for <cfrg@irtf.org>; Sat, 21 Feb 2015 05:46:01 -0800 (PST)
Received: from DBXPR03MB383.eurprd03.prod.outlook.com (10.141.10.15) by DBXPR03MB384.eurprd03.prod.outlook.com (10.141.10.20) with Microsoft SMTP Server (TLS) id 15.1.87.18; Sat, 21 Feb 2015 13:40:53 +0000
Received: from DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) by DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) with mapi id 15.01.0087.013; Sat, 21 Feb 2015 13:40:53 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Alyssa Rowan <akr@akr.io>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] Elliptic Curves - poll on specific curve around 256bit work factor (ends on February 23rd)
Thread-Index: AQHQS2jkNrWH3jDLOk2dqVH4gyhmX5z5HPGAgAAsfACAAILyAIAAMLcAgAEkFIA=
Date: Sat, 21 Feb 2015 13:40:53 +0000
Message-ID: <D10E3729.3F869%kenny.paterson@rhul.ac.uk>
References: <54E46EA4.9010002@isode.com> <CAHOTMVKCD+DK6QbSuy8R63FVnu_WBNmwMvByqicx=sK6_k63HQ@mail.gmail.com> <D10CAF3B.3F266%kenny.paterson@rhul.ac.uk> <CAMm+Lwhj9H_NK22QbTB7=EFd7GBg0WprwRMN8RxH3+7r_buf7g@mail.gmail.com> <54E795DA.3080502@akr.io>
In-Reply-To: <54E795DA.3080502@akr.io>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.7.141117
x-originating-ip: [78.146.73.200]
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Kenny.Paterson@rhul.ac.uk;
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:DBXPR03MB384;
x-microsoft-antispam-prvs: <DBXPR03MB38411EEEEEBA1DE7E7A7CACD92B0@DBXPR03MB384.eurprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:;SRVR:DBXPR03MB384;
x-forefront-prvs: 049486C505
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(189002)(24454002)(199003)(54524002)(479174004)(51444003)(51704005)(164054003)(102836002)(74482002)(76176999)(46102003)(93886004)(92566002)(15975445007)(54356999)(2501002)(50986999)(77096005)(68736005)(40100003)(2900100001)(2950100001)(19580395003)(19580405001)(97736003)(87936001)(83506001)(2656002)(36756003)(107886001)(106356001)(62966003)(106116001)(77156002)(1720100001)(105586002)(66066001)(122556002)(68196006)(101416001)(575784001)(86362001)(64706001)(44824005); DIR:OUT; SFP:1101; SCL:1; SRVR:DBXPR03MB384; H:DBXPR03MB383.eurprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: rhul.ac.uk does not designate permitted sender hosts)
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <3882CDAD8F19174FBFFC802FDA26E8D9@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Feb 2015 13:40:53.1417 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBXPR03MB384
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/BsqRojFJuS32mhPNlh0B7ND7AAU>
Subject: Re: [Cfrg] Elliptic Curves - poll on specific curve around 256bit work factor (ends on February 23rd)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Feb 2015 13:46:04 -0000
Hi Alyssa, On 20/02/2015 20:15, "Alyssa Rowan" <akr@akr.io> wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA512 > >> [TA] Have you considered doing a poll of what specific curves >> people actually want to use? > >> [PHB] [Š] your poll [Š] rather undercuts the whole process. > >Strongly agreed. > >> [KP] Yes, we considered a number of different ways of narrowing >> down our choices. However, we settled on doing it this way. Please >> stick with us. > >With the greatest respect, if upstream and external parties were >willing to tolerate undocumented decisions by editor/chair fiat, >they'd stick with the NIST curves, wouldn't they? I think you have to give the chairs some room to make decisions in order to help move things forward. We've been rightly criticised for not doing that in recent months, and now we are trying to do better. So cut us some slack, please. Yes, we could have first run a "meta poll" to ask the group what kinds of questions they wanted to be asked, or what the topics of the questions should be, but I think that would only have led to dismayed comments from other participants saying we were not providing enough direction or leadership (but Alexey and I are by now well aware that chairs cannot please all of the people any of the time, and some of the time we do not please anyone; for us, it goes with the territory). >We were asked because publicly-documented technical consensus, not >guided by any one party, is very highly desirable. But then what to do if there is no consensus? This appeared to be the case on the specific question of whether we should stick to "traditional powers of 2" security levels or not. I explained this in an earlier response to one of your messages here: http://www.ietf.org/mail-archive/web/cfrg/current/msg06183.html. So now it seems to me that we are just rehashing. Let's try to avoid that, please. Now, all of this said: we can come back to other security levels later on, if we have sufficient time and energy. But right now, we're focussing on a question about the 256-bit security level. Thanks, Kenny > >We need that if our efforts are to be meaningful. > >> [PHB] The way I would do this is as a Quaker poll asking people >> what their preferred outcome is and what they can live with on 448, >> 480, 512 and 521. > >I agree - that process will probably work much better than these >forced-choice yes/no polls! > >So: my preference votes on prime consensus for the record: > >Just 2^255-19: Acceptable [no concerns; but CAs want extra-strength] > 2^379-19: No [one 1 mod 4 is probably enough] > 2^384-317: No [slow and awkward] > 2^389-21: Acceptable [seems fast, but not very well-explored] > 2^414-17: Acceptable [fast, but a slightly awkward size] >2^448-2^224-1: Preferred [fast, strong, good size, plenty of margin] >2^480-2^240-1: Acceptable [fast, but only with 64-bit] > 2^512-569: No [way too slow; awkward; would not implement] > 2^521-1: Acceptable [could live with it; slower than I'd like] > >- -- >/akr >-----BEGIN PGP SIGNATURE----- > >iQIcBAEBCgAGBQJU55XaAAoJEOyEjtkWi2t6jH4P/1F6iBWEt8i7Y1aLXKQo8Efm >FncsTL1Byh51vi0WHHjnrJ+9d8z/oNecFeklfjPVvu5+rdezpCR+m2MN/SwW8d25 >WmYjse75bBN9ilz7YohD7T632fUi4wcG1ffRnyNGw40ngiZIJopPAJMA0SZ4N5Wl >OPaIUNssN/y+XoEcezFzAioIoUkO+C24r3589dc5Bozd7hZQfz4INmyajFHGhgBy >ctpzMAoOqD+lgY6dbpeWrprV8Nnr3ZMm5Hnq9lb5rFgSSDUU8KsU5yIMX9yTwK/p >JFPewlUyJK4nb6zdj3Wc42pPgJuezXfdfrif6I6YRwFxet0lRMN1QVFKANubdOtC >hIKjQjBdMWYKcQkpFQJhoAiHSbMKSFafO+3KeMimyn3aKYotIUyuRZ9bf89cMuzl >HjABTiPmZNU4hyXxOn/9eNd5vd5T+UIKRY+RfVxSPwo6S/dDphwJ7W/3dhiwCMWI >AC6Ix5PFCia/y/TFP9R+edsHpmjzUwL+5MgJ+/oSUCgwFDuW8mpuncAtfPLujVQA >dsDkzhcJZvlna1AiIh8bNiAj9TFnyiiWr3K33tNPmTaocuN6y7yC3BW2hMiGbzT+ >7u5TU8krsfiq1tG/yPzriZBXdlYmnMhTl9LmGvBw9gEMqxtmChJTXDdz0XnI7uy0 >4YgaokzGUjTwkn5PxI9X >=FXwL >-----END PGP SIGNATURE----- > >_______________________________________________ >Cfrg mailing list >Cfrg@irtf.org >http://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] Elliptic Curves - poll on specific curve a… Alexey Melnikov
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Ilari Liusvaara
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Alyssa Rowan
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Aaron Zauner
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Dan Harkins
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Tony Arcieri
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Stephen Farrell
- Re: [Cfrg] Elliptic Curves - poll on specific cur… James Cloos
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Jon Callas
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Mike Hamburg
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Adam Langley
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Jon Callas
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Russ Housley
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Watson Ladd
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Tony Arcieri
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Ilari Liusvaara
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Paterson, Kenny
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Watson Ladd
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Alyssa Rowan
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Tony Arcieri
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Tony Arcieri
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Jon Callas
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Damien Miller
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Damien Miller
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Tony Arcieri
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Watson Ladd
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Michael Scott
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Paterson, Kenny
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Paterson, Kenny
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Torsten Schuetze
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Alyssa Rowan
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Aaron Zauner
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Kurt Roeckx
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Ilari Liusvaara
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Andrey Jivsov
- [Cfrg] network traffic D. J. Bernstein
- Re: [Cfrg] network traffic Kurt Roeckx
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Simon Josefsson
- Re: [Cfrg] network traffic RONDEPIERRE Franck
- Re: [Cfrg] network traffic David Jacobson
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Damien Miller
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - poll on specific cur… Michael Hamburg
- Re: [Cfrg] network traffic Kurt Roeckx
- Re: [Cfrg] Elliptic Curves - poll on specific cur… _MiW