Re: [Cfrg] Safecurves draft

Watson Ladd <watsonbladd@gmail.com> Wed, 08 January 2014 21:08 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 260411AE1C3 for <cfrg@ietfa.amsl.com>; Wed, 8 Jan 2014 13:08:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UARtZv39CftH for <cfrg@ietfa.amsl.com>; Wed, 8 Jan 2014 13:08:55 -0800 (PST)
Received: from mail-wg0-x230.google.com (mail-wg0-x230.google.com [IPv6:2a00:1450:400c:c00::230]) by ietfa.amsl.com (Postfix) with ESMTP id EFF091AE5EA for <cfrg@irtf.org>; Wed, 8 Jan 2014 13:08:51 -0800 (PST)
Received: by mail-wg0-f48.google.com with SMTP id x13so1959148wgg.3 for <cfrg@irtf.org>; Wed, 08 Jan 2014 13:08:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=6t+0wXwjPEpERn5/TpRswd1CCyxCstUIniwY2mb0GfE=; b=HB5sN9MK2M1PQSWeIhvVVUDQnh08qjBgoD603BiB8amSF/cJtHFkGL4sV5Q8p9RatC dg9aQYa4yHyX65tS0icrznURbDaqyZ/ShlDqsAP2PtDIea34pXvnKK0+czzw6xcMpgFS W2QGOvI3ZfFfzJQk6wkvXznPrXv1fd+3MmWtI5aLXpydd3xCu4DZnnCwRU17f78pQEq0 67qr45ci2GZZazWjOYNH3eVV5wB4k+lB4Y/9ahYvC/MiGTDD0Tqnsm8F+SCaKZEX319+ qJwulYGC4PbqdAd/Msz0pmYUDpDWHt/SWYQswfKY/hCwyHe9lTjFaETUY8kMwl27VwQs B/Ow==
MIME-Version: 1.0
X-Received: by 10.180.95.162 with SMTP id dl2mr6506wib.17.1389215322247; Wed, 08 Jan 2014 13:08:42 -0800 (PST)
Received: by 10.194.242.131 with HTTP; Wed, 8 Jan 2014 13:08:42 -0800 (PST)
In-Reply-To: <7BAC95F5A7E67643AAFB2C31BEE662D018B7ED6F89@SC-VEXCH2.marvell.com>
References: <CACsn0cmPj-=bfwCLJXvHSbOS_U5AfZH2vTWfrVsXwOXF4Y9hcg@mail.gmail.com> <52CD8931.9050909@cs.tcd.ie> <CACsn0ck8Vh1t1CKCYy06X0ifW2HYZzB3RXEaQ8f1hF5JhSXFfQ@mail.gmail.com> <e36cdd6ad77b7fcdd7ede78142abf004.squirrel@www.trepanning.net> <7BAC95F5A7E67643AAFB2C31BEE662D018B7ED6F89@SC-VEXCH2.marvell.com>
Date: Wed, 8 Jan 2014 13:08:42 -0800
Message-ID: <CACsn0ckY0-k2ajX5W+pesVuBSTDoBcfOB2M-Rp2cZvStbU8MbA@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Paul Lambert <paul@marvell.com>
Content-Type: text/plain; charset=UTF-8
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Safecurves draft
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jan 2014 21:08:57 -0000

On Wed, Jan 8, 2014 at 12:50 PM, Paul Lambert <paul@marvell.com> wrote:
>
>
>> -----Original Message-----
>> From: Cfrg [mailto:cfrg-bounces@irtf.org] On Behalf Of Dan Harkins
> ...
>> On Wed, January 8, 2014 9:58 am, Watson Ladd wrote:
>> > On Wed, Jan 8, 2014 at 9:21 AM, Stephen Farrell
>> > <stephen.farrell@cs.tcd.ie> wrote:
>> >>
>> >>
>> >> On 01/08/2014 05:11 PM, Watson Ladd wrote:
>> >>> Dear all,
>> >>> draft-ladd-safecurves contains the Safecurves with orders
>> >>> 2^255+\epsilon and higher.
>> >>> I forgot to update the TOC, but that shouldn't stop the substantive
>> >>> conversation.
>> >>>
>> >>> Does anyone object to these curves being approved for IETF standard
>> >>> body use/typos/general nastiness?
>> >>
>> >> No objection, but there's maybe some checking to be done before
>> we're
>> >> ready to push the button.
>> >
>> > Absolutely! Please double check I didn't make any typos, and if you
>> > have MAGMA access, redo the verifications. This goes for everyone.
>> The
>> > more eyeballs on this, the less chance we make a bad mistake.
>> > safecurves.cr.yp.to comes with a script to redo everything.
>> >
>> > Also, if anyone knows something that DJB and Tanja Lange do not,
>> > please tell us!
>> >
>> >>
>> >> One thing though is that rfc 3526 [1] is standards track so if
>> >> there's a reason for that (and there may or may not
>> >> be;-) then we might want these to be the same which'd mean not doing
>> >> 'em in cfrg. That can be figured out later though.
>> >
>> > I have no opinions about how this gets to from draft to RFC.
>>
>>   Which is good because the process from draft to RFC is already well-
>> defined. It's on the IETF web site, check it out!
>>
>> > I understand there are many channels, and someone will have to pick
>> > one.
>>
>>   And that someone would be you!
>>
>>   While it's certainly useful to get these curves defined in an IETF
>> document, getting them used by any protocol will require some more work
>> from you. You should get OIDs defined for each of them if they don't
>> exist already. You should write up separate drafts for inclusion of
>> these curves into the protocols' various IANA-managed repositories--
>> yes, sadly there are many. And for protocols which allow for in-line
>> passing of complete domain parameter sets (like TLS) you'll need to
>> modify the data structure used (doesn't look like these could be used
>> with the "explicit_prime" ECCurveType, for instance).
>>
>>   On the plus side, for the most part you can just follow the path
>> blazed by the brainpool folks, just follow what they did.
> You should also look at: RFC 6090
> The math for Small Wierstrass curves is defined well - you need the equivalent of
> 6090 for Edwards curves.  Do note the authors of this excellent RFC
> Include both chairs of this list.

First, is this advising me on next steps, or is it an objection to the draft?
The group is [l]Jac(E(F_q)). There, done. In fact, this is in the introduction.
The equivalent to RFC 6090 is the Bernstein paper on addition on
Edwards (and twisted Edwards curves).
It's readily available. If you want to reformat it as an I-D, go right ahead.

Is it really that bad to have the EFD get cited for the formulas, or
to advise implementers
to read Handbook of Elliptic and Hyperelliptic Curve Cryptography?
>
>
>>
>>   Welcome to the tedious world of sausage making, don't mind the blood
>> on your hands, you get used to it.
>>
>>   Dan.
>>
>>
>>
>> _______________________________________________
>> Cfrg mailing list
>> Cfrg@irtf.org
>> http://www.irtf.org/mailman/listinfo/cfrg



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin