Re: [Cfrg] I-D Action: draft-irtf-cfrg-hash-to-curve-07.txt

Björn Haase <bjoern.m.haase@web.de> Tue, 28 April 2020 15:14 UTC

Return-Path: <bjoern.m.haase@web.de>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 625BC3A172B for <cfrg@ietfa.amsl.com>; Tue, 28 Apr 2020 08:14:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=web.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FnoStu4OYzXo for <cfrg@ietfa.amsl.com>; Tue, 28 Apr 2020 08:14:03 -0700 (PDT)
Received: from mout.web.de (mout.web.de [217.72.192.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3D003A1728 for <cfrg@irtf.org>; Tue, 28 Apr 2020 08:14:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1588086839; bh=Flc1VHe7ApvNYLrTicnKTc1y5j+upCXgTBp/hFNev58=; h=X-UI-Sender-Class:Subject:To:References:From:Date:In-Reply-To; b=OVrnxUY9GO5/FfmXlQWiMx5Fdq59fyXoF2zEJOcPDLjsylnM4oh7og4Ka3FpBM+rF nRqMvXRrWXU+iGbcMJxQl2Hd17/5OUp7QDpnS1rCUmv0ih/FfBavEz04W0tRZz7kQA ucPRbHH9HCwFtkR7GdVXfsZD4PrhpRrDQs6lM2OI=
X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9
Received: from [192.168.2.133] ([178.2.122.134]) by smtp.web.de (mrweb103 [213.165.67.124]) with ESMTPSA (Nemesis) id 0MN4Oy-1jVer11TmC-006iAO for <cfrg@irtf.org>; Tue, 28 Apr 2020 17:13:59 +0200
To: cfrg@irtf.org
References: <158800880970.26618.7101783350063977264@ietfa.amsl.com>
From: Björn Haase <bjoern.m.haase@web.de>
Message-ID: <ab4265a0-bbb6-bf79-3561-c8225659b7f7@web.de>
Date: Tue, 28 Apr 2020 17:13:52 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0
MIME-Version: 1.0
In-Reply-To: <158800880970.26618.7101783350063977264@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:kQHf3qdLbbUDdN6vkGU3SeT+xzH/FZ8o2mFmIPRehgAgBDUJ9T4 HWnxZTlC/AiipBglthJpJa3fWlpNlY/9Ms3qHweoifNWiGOnP6bDlJ65I6g7VlVuBANhLVv NTU/AzVuc7ZiRGXlPvINiUpqhQwp5WhW5w+B3VO4U3D+3n/m4OSSQi5+5nzwKQMgo1/pZOL h2NBwiuTIytL/5zup2ekw==
X-UI-Out-Filterresults: notjunk:1;V03:K0:XiaxK4w7cGA=:7UVvndBEDR6WUQ7tuLFJJ+ ESOpraVGFTlU1msYd5dwVWJU++vzw5ECNbKgKZ4oBSLk5hkcrUAliP6lst9mP4o3F5Y+diuId XuDu7pfXOLURx+sZ+RMAwnanGSnbke475ZFm5BdNoD3LkTAN+s0+KaMBSoHrw7VeWB0mExRQn S0N1s7DmtpMDIE1mnpZZJFm+XsjlgxEPpx3e9JuDtvEA04CE2vzTxjq8I7qwoKUqvAVwFC0Hh iP5QH6JpC+D6U6zGLxk74kdrDybDCembYGSx8n5OALaBrOtuO3GI2lsxOQVmMommk7XXnmcB2 zfmU5pD6nT0XRfrU6tKr6rGkXQTDffCyOXziUoO/jY9arccsAHfpGox+OlPmZzXBx5aLWuHd0 HflhzPhDd3f/uPkdImqDPxGzwpU5QvokaZKrD6zseJW+f5unw8sN4EKc19gbB0yeJVDKHvaKi gGJhuv5u6dM3P6qVtwCEaspfybrOPDKBNvfXZ4OzMqwZEE4i2fFxDqReX5xsIxmaqNqRn/fRG imrXzjBMxE8bk6B0P5sWFszU28QEHOt98b0RqhnbV6ZpVC7nBlwtqvKhU7L9emO5W/JePuuwJ qVkIBJi91cPoAiO+7YF3bYYlkKTv/IB5n7nyaY+SJpDEt19/CGIcdh9nHTrs+3kblSJmcB3lp Auhaj1l6F35YX38ozmm1uI2cdGxda0Mr19++jU6c3UQUhZZJx5mykhSQow9qrHOBbsWlNmCnJ farr9LCXJVOJd2dQKzfLPdFUGZGkrf8vVkFhCTNpuePHFGfzwy6NY4QlL66wwnv14O8xPzzpK OHBag6QANdPDBcCFqmZ58hKsM0RQ/aDLWkNmN70+n+JfA58U1Y087z/JzUKGW+ehYvuQson85 GMmiuI57SThTBO30FGDDor9oBugiBpyV2vdOW8mQRDl4jC9T8AsyAzL4a0TzMYzPxTL8qa3bw Or/3qVBvCcaOvsEGpQnC33Q47EgVIlOyEoHbcgziAzy5GI8PalOTfJIHuyt6PBV3KAy8fNG17 hrrNVWQrwdO1vz93uGUa1Uq+peuBbHMu6jAudRTNe5/U5aJepnv/5eK6RJX2bfVWUUk6sC3cw scsfBRgmsdSDqVGARlZ9G4foa5f0U5OsOYdlhNGt8eHQvmlY230mzW8IxCQbiHuAAL1KNppqX pptRQgl00sROv5AwAKEqLCgOjdXq24r7GEt35So5RA7vG3WUgm/v3VV9CGEM908AOWc/+fBur Q33s2ISsEPg6ARrK7
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/D3XkCNLX0sYPWligP0rYDePojK4>
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-hash-to-curve-07.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Apr 2020 15:14:06 -0000

Hi H2C team,

I just had a short look at the draft. The first thing I have looked at
more closely is the expand_message_xmd function. There is something
which I don't understand in this construction regarding the Z_pad string
which is  prepended in the hash invocation for b_0.

Iwould understand a zero-padding that would first insert some
information that should be maintained confidential and a Z_pad string
that fills up the remaining rest of the input block of the hash function
with zeros. However, I did not get the point, why filling the first
block with zeros should provide any advantage.

Could somebody explain the reasoning?

Yours,

Björn