IETF Logo Mail Archive

Re: [Cfrg] Consensus and a way forward

Joppe Bos <joppe.bos@nxp.com> Thu, 27 November 2014 06:18 UTC

Return-Path: <joppe.bos@nxp.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 956B51A212A for <cfrg@ietfa.amsl.com>; Wed, 26 Nov 2014 22:18:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.595
X-Spam-Level:
X-Spam-Status: No, score=-0.595 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, TRACKER_ID=1.306] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ii9prLfDcHyl for <cfrg@ietfa.amsl.com>; Wed, 26 Nov 2014 22:17:57 -0800 (PST)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0644.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::644]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBDBA1A8880 for <cfrg@irtf.org>; Wed, 26 Nov 2014 22:17:56 -0800 (PST)
Received: from AMSPR04MB518.eurprd04.prod.outlook.com (10.242.20.156) by AMSPR04MB520.eurprd04.prod.outlook.com (10.242.20.28) with Microsoft SMTP Server (TLS) id 15.1.26.15; Thu, 27 Nov 2014 06:17:32 +0000
Received: from AMSPR04MB518.eurprd04.prod.outlook.com ([10.242.20.156]) by AMSPR04MB518.eurprd04.prod.outlook.com ([10.242.20.156]) with mapi id 15.01.0026.003; Thu, 27 Nov 2014 06:17:32 +0000
From: Joppe Bos <joppe.bos@nxp.com>
To: "b@b3k.us" <b@b3k.us>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] Consensus and a way forward
Thread-Index: AQHQCfpBFBzMOkjI/UKu+7NFaZwcV5xz+owA
Date: Thu, 27 Nov 2014 06:17:32 +0000
Message-ID: <AMSPR04MB518798182EA8BE512AD75C4E3710@AMSPR04MB518.eurprd04.prod.outlook.com>
References: <CA+Vbu7xvvfRWyqyE9sqU7VbjzNQZp+DwRWjaV3Lw0hjLr8ye1A@mail.gmail.com>
In-Reply-To: <CA+Vbu7xvvfRWyqyE9sqU7VbjzNQZp+DwRWjaV3Lw0hjLr8ye1A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [2a02:1811:288b:9000:f9c9:602d:3054:7244]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:AMSPR04MB520;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:;SRVR:AMSPR04MB520;
x-forefront-prvs: 040866B734
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(377454003)(189002)(199003)(46102003)(2501002)(97736003)(87936001)(106356001)(2656002)(107046002)(107886001)(19617315012)(15975445006)(105586002)(106116001)(19300405004)(4396001)(95666004)(99936001)(54606007)(54206007)(122556002)(77156002)(54356999)(62966003)(99396003)(120916001)(33656002)(101416001)(561944003)(19625215002)(31966008)(16236675004)(575784001)(19580405001)(64706001)(86362001)(92726001)(50986999)(74316001)(76176999)(19580395003)(76576001)(40100003)(20776003)(92566001)(15202345003)(21056001)(781001)(3826002); DIR:OUT; SFP:1101; SCL:1; SRVR:AMSPR04MB520; H:AMSPR04MB518.eurprd04.prod.outlook.com; FPR:; SPF:None; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_00A3_01D00A12.31E2F170"
MIME-Version: 1.0
X-OriginatorOrg: nxp.com
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/EBqA2KqoNi5U7lmyyV_z46pIdmA
Subject: Re: [Cfrg] Consensus and a way forward
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Nov 2014 06:18:00 -0000

This draft presents algorithms to “generate domain parameters at any security level for modern (twisted) Edwards curves” given as input prime. In the Test Vectors section curves defined over primes of a special shape are given. Please note that one can also use this draft to select curves which are defined over primes which do not have a special shape: something which has been requested by different people on this list. I hope that we will use this draft to (also) select curves over primes which do not have a special shape to accommodate all the needs in the cryptographic (and wider security) community. 

Best regards,

Joppe

 

From: Cfrg [mailto:cfrg-bounces@irtf.org] On Behalf Of Benjamin Black
Sent: Thursday, November 27, 2014 5:25 AM
To: cfrg@irtf.org
Subject: [Cfrg] Consensus and a way forward

 

All,

 

Over the past couple of weeks we have been working with Adam Langley to see if we could find a compromise with which we could all live. I'm pleased to say we have been successful in accommodating our respective performance and trustworthy generation concerns, and I hope the resulting proposal will be attractive to others, as well. The generation procedure is document in a draft I've just posted that can be found at http://www.ietf.org/id/draft-black-rpgecc-00.txt .

 

The simplest summary is that we have combined the prime preferred by Adam and others at the 128-bit security level with the rigid parameter generation we view as essential for producing the most trustworthy curves. We have used the generation procedure to produce a new twisted Edwards curve based on 2^255 - 19 and a new Edwards curve based on 2^384 - 317. These new curves are given as test vectors in the draft, and are also given below.

 

These 2 curves are sufficient for meeting the request from TLS. However, if there is strong interest in a 3rd curve for the 256-bit security level, the generation procedure​​ gives the same curve with p =2^521 - 1 as several teams produced.

 

 

b

 

--

 

2^255 - 19

 

   p = 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

         FFFFFFFFFFED

   d = 0x15E93

   r = 0x2000000000000000000000000000000016241E6093B2CE59B6B9

         8FD8849FAF35

x(P) = 0x3B7C1D83A0EF56F1355A0B5471E42537C26115EDE4C948391714

         C0F582AA22E2

y(P) = 0x775BE0DEC362A16E78EFFE0FF4E35DA7E17B31DC1611475CB4BE

         1DA9A3E5A819

   h = 0x4

 

 

2^384 - 317

 

     p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

           FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEC3

     d = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

           FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD19F

     r = 0x3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE2471A1

           CB46BE1CF61E4555AAB35C87920B9DCC4E6A3897D

  x(P) = 0x61B111FB45A9266CC0B6A2129AE55DB5B30BF446E5BE4C005763FFA

           8F33163406FF292B16545941350D540E46C206BDE

  y(P) = 0x82983E67B9A6EEB08738B1A423B10DD716AD8274F1425F56830F98F

           7F645964B0072B0F946EC48DC9D8D03E1F0729392

     h = 0x4

v2.23.0 | Report a Bug | By Email