Re: [Cfrg] [TLS] FW: New Version Notification for draft-black-numscurves-00.txt
Brian LaMacchia <bal@microsoft.com> Tue, 01 July 2014 20:37 UTC
Return-Path: <bal@microsoft.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 418201A03EB; Tue, 1 Jul 2014 13:37:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f5agYVb_6dx7; Tue, 1 Jul 2014 13:37:40 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1lp0141.outbound.protection.outlook.com [207.46.163.141]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47C5A1A03AE; Tue, 1 Jul 2014 13:37:40 -0700 (PDT)
Received: from BL2PR03MB242.namprd03.prod.outlook.com (10.255.231.18) by BL2PR03MB242.namprd03.prod.outlook.com (10.255.231.18) with Microsoft SMTP Server (TLS) id 15.0.980.8; Tue, 1 Jul 2014 20:37:38 +0000
Received: from BL2PR03MB242.namprd03.prod.outlook.com ([169.254.8.229]) by BL2PR03MB242.namprd03.prod.outlook.com ([169.254.8.229]) with mapi id 15.00.0980.000; Tue, 1 Jul 2014 20:37:38 +0000
From: Brian LaMacchia <bal@microsoft.com>
To: Watson Ladd <watsonbladd@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] [Cfrg] FW: New Version Notification for draft-black-numscurves-00.txt
Thread-Index: AQHPlPQS8iucwSAq3kaIp2YBJZ3TZ5uLaySggAAANrCAABlkgIAAKERQ
Date: Tue, 01 Jul 2014 20:37:37 +0000
Message-ID: <ca794e5508c34485b09210797fa21de0@BL2PR03MB242.namprd03.prod.outlook.com>
References: <20140701061655.10456.83525.idtracker@ietfa.amsl.com> <85fa7c63d21043fdb438d959479f56a4@BL2PR03MB482.namprd03.prod.outlook.com> <f34ffe700bee42c59c36aa4a8bc32bf4@BL2PR03MB242.namprd03.prod.outlook.com> <CACsn0cm84uxzXYz6-Q1Z8ZjKFvP1jSuSibvc9Y4uGDyev+mBWg@mail.gmail.com>
In-Reply-To: <CACsn0cm84uxzXYz6-Q1Z8ZjKFvP1jSuSibvc9Y4uGDyev+mBWg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:ee31::2]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:
x-forefront-prvs: 02596AB7DA
x-forefront-antispam-report: SFV:NSPM; SFS:(6009001)(377454003)(51704005)(199002)(189002)(83322001)(81342001)(19580395003)(19580405001)(77096002)(2656002)(105586002)(87936001)(95666004)(99286002)(76576001)(81542001)(85306003)(4396001)(93886003)(74316001)(85852003)(83072002)(106356001)(54356999)(64706001)(77982001)(76176999)(50986999)(79102001)(80022001)(106116001)(86612001)(76482001)(86362001)(92566001)(33646001)(20776003)(101416001)(107046002)(99396002)(31966008)(74662001)(21056001)(74502001)(46102001)(108616002)(42262001)(3826002)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:BL2PR03MB242; H:BL2PR03MB242.namprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; LANG:en;
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/CAT55oESF9cgFLaXEz1czBHQcEE
Cc: "cfrg@ietf.org" <cfrg@ietf.org>
Subject: Re: [Cfrg] [TLS] FW: New Version Notification for draft-black-numscurves-00.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Jul 2014 20:37:42 -0000
>From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Watson Ladd >Sent: Tuesday, July 01, 2014 11:08 AM >To: tls@ietf.org >Subject: Re: [TLS] [Cfrg] FW: New Version Notification for draft-black-numscurves-00.txt > >Is there any technical difference between 19 and 189 other then a slight change in square root calculations? Yes, there is. For the NUMS curve, for each security level we started with the largest prime smaller than 2^(security level) congruent to 3 mod 4, which is why we use p = 2^256 - 189. As you point out, choosing a prime congruent to 3 mod 4 simplifies the square root calculations, but it also means that for the twisted Edwards curves we can find optimal cofactors of (4,4) for the curve and its twist. We do not expect to see significant performance differences between modular operations implemented with p = 2^256 -189 and p = 2^255 - 19 (the prime for Curve25519). An advantage of the NUMS construction approach is that we are able to deterministically choose both a short Weierstrass and a twisted Edwards curve over the same prime for the same security level. It seems to me that one of the questions the CFRG needs to consider is the relative merits of the two curve types. It's not clear to me whether the performance improvements possible using twisted Edwards curves outweigh the additional complexity of moving existing codebases from short Weierstrass curves. --bal
- [Cfrg] FW: New Version Notification for draft-bla… Brian LaMacchia
- Re: [Cfrg] [TLS] FW: New Version Notification for… Brian LaMacchia