Re: [Cfrg] Point format endian (was: Adoption of draft-ladd-spake2 as a RG document)
Mike Hamburg <mike@shiftleft.org> Sun, 25 January 2015 18:26 UTC
Return-Path: <mike@shiftleft.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B76FC1A0358 for <cfrg@ietfa.amsl.com>; Sun, 25 Jan 2015 10:26:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.555
X-Spam-Level: *
X-Spam-Status: No, score=1.555 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.982, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vU_a34gax36N for <cfrg@ietfa.amsl.com>; Sun, 25 Jan 2015 10:26:13 -0800 (PST)
Received: from aspartame.shiftleft.org (199-116-74-168-v301.PUBLIC.monkeybrains.net [199.116.74.168]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28B7D1A034F for <cfrg@irtf.org>; Sun, 25 Jan 2015 10:26:13 -0800 (PST)
Received: from [192.168.1.102] (unknown [192.168.1.1]) by aspartame.shiftleft.org (Postfix) with ESMTPSA id B0F113AA0F; Sun, 25 Jan 2015 10:25:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=shiftleft.org; s=sldo; t=1422210352; bh=e2cPnp3SZ5o9AwEOuJZ7MA8aJDzUpcQGKBKMRFb172c=; h=Date:From:To:Subject:References:In-Reply-To:From; b=Vj0oLonsz6gnfX8G+Vv2wn0rJ3sUDpBl7SeRVbjeiPYuML8VlbUGZDdXDFc7YlBY9 QuYRoFY+w6BFXln4RYwBmMcEV7jakYfoY+R6xzcx7OZzGrxuZ3KY6FCRPO3Z1vo1GA 4SQZGzZIAWaeAe7tr9tenHUEKN4nl6rPiUP9sEwg=
Message-ID: <54C53542.60904@shiftleft.org>
Date: Sun, 25 Jan 2015 10:26:10 -0800
From: Mike Hamburg <mike@shiftleft.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Dan Harkins <dharkins@lounge.org>, cfrg@irtf.org
References: <20150125083018.10434.qmail@cr.yp.to> <93c73db0ce2b40c90324e89ce404abc1.squirrel@www.trepanning.net>
In-Reply-To: <93c73db0ce2b40c90324e89ce404abc1.squirrel@www.trepanning.net>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/EcWrTHDEZuCO2tuFXT4ev0dGknk>
Subject: Re: [Cfrg] Point format endian (was: Adoption of draft-ladd-spake2 as a RG document)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Jan 2015 18:26:15 -0000
I think that this is actually an interesting question, so maybewe can put aside religion and mockery thereof for little bit... Does anyone know of existing code which processes cryptography over multiple fields using a generic bignums package (hopefully with fixed-size bignums for timing resistance), and would be complicated by inconsistent endian practices in a new curve? If so, it might be worth considering a consistent endian. Otherwise, I don't see why it really matters. Feel free to try to convince me, but make sure you compose your post using Emacs and not vi. However! I think it's very strongly preferable that point formats and signatures should contain a fixed number of bytes on a given curve. (Perhaps allowing different sizes for compressed points, but leading zeros *should not be stripped*.) That way points and signatures can go into structs instead of using some awful ASN.1 TLV format. Cheers, -- Mike On 01/25/2015 09:48 AM, Dan Harkins wrote: > > On Sun, January 25, 2015 12:30 am, D. J. Bernstein wrote: >>> a long-standing tradition of the on-the-wire format >> Just to make sure that I understand, after reviewing a ton of tcpdump >> output: You're referring to the HTTP tradition of variable-length ASCII >> decimal encodings for integers on the wire (cache times, data lengths, >> version numbers, etc.)? Does this mean that IETF pushed this HTTP >> tradition into AES-GCM's internal integer encodings before deploying >> AES-GCM, and plans to do the same for other cryptographic systems? > No, you could not be more wrong in that assumption. > >>> better looking and more maintainable code >> You're absolutely right: being able to reuse existing variable-length >> ASCII decimal integer encoders and decoders has always been a critical >> part, I daresay the most important part, of implementing, reading, >> auditing, and maintaining cryptographic software. RFC 1321 (MD5) got >> this totally wrong---the integers are _backwards_ and _non-decimal_ and >> _non-ASCII_---and we all know what happened to MD5 as a result. >> >> Now that you've reminded me of what really matters for cryptographic >> code complexity and security, I would love to put together an ASCII >> decimal version of Curve25519, but I have to admit that I'm not >> _completely_ clear on the details of the HTTP tradition that you're >> talking about. For example, are leading zeros allowed? This would allow >> simpler integer encoding for some embedded systems, but it would cause >> trouble for existing parsers that switch to octal for a leading 0, such >> as base-0 strtol(). Also, can the integers exceed 2147483647? > Do you want to be taken seriously when you respond like this? > > Dan. > > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] Adoption of draft-ladd-spake2 as a RG docu… Alexey Melnikov
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Rene Struik
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Watson Ladd
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Watson Ladd
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … David Leon Gil
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Alexey Melnikov
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Yoav Nir
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Alexey Melnikov
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Stephen Farrell
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Michael Hamburg
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Dan Harkins
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Watson Ladd
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Dan Harkins
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Derek Atkins
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Dan Harkins
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Andy Lutomirski
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Paul Lambert
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Watson Ladd
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Alexey Melnikov
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Alexey Melnikov
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Dan Harkins
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Paul Lambert
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Tom Yu
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Andy Lutomirski
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Dearlove, Christopher (UK)
- Re: [Cfrg] Point format endian (was: Adoption of … Alyssa Rowan
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Alexey Melnikov
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Adam Langley
- Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG … Paul Lambert
- [Cfrg] On the topic of the SPAKE2 draft Paul Lambert
- Re: [Cfrg] Point format endian (was: Adoption of … Dan Harkins
- Re: [Cfrg] Point format endian (was: Adoption of … Watson Ladd
- Re: [Cfrg] Point format endian (was: Adoption of … Salz, Rich
- Re: [Cfrg] Point format endian (was: Adoption of … Dan Harkins
- Re: [Cfrg] Point format endian (was: Adoption of … Watson Ladd
- Re: [Cfrg] Point format endian (was: Adoption of … D. J. Bernstein
- Re: [Cfrg] Point format endian (was: Adoption of … Dan Harkins
- Re: [Cfrg] Point format endian (was: Adoption of … Mike Hamburg
- Re: [Cfrg] Point format endian (was: Adoption of … Salz, Rich
- Re: [Cfrg] Point format endian (was: Adoption of … Watson Ladd
- Re: [Cfrg] Point format endian (was: Adoption of … Andrey Jivsov
- Re: [Cfrg] Point format endian Alyssa Rowan
- Re: [Cfrg] Point format endian (was: Adoption of … Salz, Rich
- Re: [Cfrg] Point format endian (was: Adoption of … Damien Miller
- Re: [Cfrg] Point format endian (was: Adoption of … Dan Harkins
- Re: [Cfrg] Point format endian (was: Adoption of … Mike Hamburg
- Re: [Cfrg] Point format endian (was: Adoption of … Watson Ladd
- Re: [Cfrg] Point format endian (was: Adoption of … Yoav Nir
- Re: [Cfrg] Point format endian Michael Clark