Re: [Cfrg] patent situation regarding hash2curve as used in some PAKE nominations
Björn Haase <bjoern.m.haase@web.de> Mon, 21 October 2019 17:57 UTC
Return-Path: <bjoern.m.haase@web.de>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18E9A1200F7 for <cfrg@ietfa.amsl.com>; Mon, 21 Oct 2019 10:57:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=web.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5jT_kgHF7f_P for <cfrg@ietfa.amsl.com>; Mon, 21 Oct 2019 10:57:34 -0700 (PDT)
Received: from mout.web.de (mout.web.de [212.227.15.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AC381200E0 for <cfrg@irtf.org>; Mon, 21 Oct 2019 10:57:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1571680648; bh=Wnt2qq6eXkjziKEz337RYuImmFzc/1oZ0JHOmOe7y/Y=; h=X-UI-Sender-Class:Subject:To:References:From:Date:In-Reply-To; b=iaV3zfawkYv6Q3FueBXkJovV4MEas2RkEYe/XS3FL0zIn8mImy9Ot1we/haH9cXEh w6/sOjyshcyPyNbREwxDOj/aF1AqvRCg9+rIua0yF4mE5zOezQ6ucynwn+kehOTg4A mVbdiaQCnEu0O6Rq7+Y9nkzBZp2iT5zt1Xbby5x0=
X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9
Received: from [192.168.2.161] ([94.218.67.41]) by smtp.web.de (mrweb001 [213.165.67.108]) with ESMTPSA (Nemesis) id 0Lzate-1i0uGL3QyQ-014jKw; Mon, 21 Oct 2019 19:57:28 +0200
To: "Riad S. Wahby" <rsw@jfet.org>, cfrg@irtf.org
References: <5e1610c6-2038-31ce-6bb8-a6e18f40434d@web.de> <ac0ed5bf-cc4b-14e6-59c6-f24c7cb43f1a@web.de> <20191016202223.lbuavuery4yj6qib@positron.jfet.org> <trinity-77782fb3-2939-452c-85d8-95592c7829b8-1571301291317@3c-app-webde-bs25> <VI1PR0501MB22556D3FA849989AAFFFD1FA836D0@VI1PR0501MB2255.eurprd05.prod.outlook.com> <VI1PR0501MB22555DA1CD400E64259EA39D836D0@VI1PR0501MB2255.eurprd05.prod.outlook.com> <VI1PR0501MB2255C90CDB1AA88516A1CFDC836D0@VI1PR0501MB2255.eurprd05.prod.outlook.com> <20191020214602.veecj2ft2v6czjye@positron.jfet.org> <trinity-549479d5-9427-41ad-987b-e35871e9cfeb-1571639953515@3c-app-webde-bap26> <20191021155535.ochgmoti5cgwdopp@positron.jfet.org>
From: Björn Haase <bjoern.m.haase@web.de>
Message-ID: <381d4491-6357-1cb9-a210-9d26ce4c79c4@web.de>
Date: Mon, 21 Oct 2019 19:57:21 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <20191021155535.ochgmoti5cgwdopp@positron.jfet.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:XPadZjPZXLfamzVNYE8E6FhZRTxVtPa0BNVygxArONtdFxbIQR1 LSHcKH8F8QXEko+wZYOq6heJnL6OIYsNJDL1s0jW0OOV4QFCee6AWLoGImHDi4UmFGGIL5X iAuPQ2Y2RKCTuLUuqe5XdKO2R8x9c9ms4yI9Nhhe2dUZIu5BCIIyWaWND1KFtdZ03annWD5 bHSjjo5lHy/ezMwjmXG2g==
X-UI-Out-Filterresults: notjunk:1;V03:K0:jDHswTAuscg=:7s4Tqdh5wC/4ZkGGrI5Mrc CWF36LQFSIjRkuFL5xGWWo8Fkni60bCMWenMQQ1zGX535yogJvbcemoyvRbfgfJjj+9z4SgPf +am0nQ08FqN85kSW6zVmZVYxLrxjXQa+HUZ3f3ZjTIIL65JnihNS+2RftktMb36vs448a01ZM nQlaDM/2vjQ+ElhsPZuUDemjH4NXwuaZ7XFdxxJAN6aNJSfAtnCRlxLAfDeqe2t7QpqCvsSgJ 5tiufzndOu3RQtknCITZ8G7hvNZYgy4NSJa3/yCNdEL3xRrPzkwuB+aUUXGwIX5goImtse0Mx KkC7YSyeMGa1kpVTwyixmlvuUt+WFTjUaZmVGE2Tyl1l5dpUbLwOVe3eoSUBhQ8KCVeO5iCNL BFsmjrnZMcMwbDei7JZFwYIBfWGb9dJ9QD8G6IQY/1vBmyqLNiDN/2IJBCB7k+qzak2Fm2RiE CVD8EamhpfbkOJPRWRnn2SBi7fIyCRCWam3nCKLvqeulv3pSwhorDXJyC8/tSXoCL3IZOQ5zD vtX12+OtCFgOoqNU5kzhQTs8SlZb0HPhAwnMiNMjcys6i2LGw2fYSLyPkrP5MVKodCMFEso+n qFVomY0W32aBnrbIgQiTW1r732HimJzdspke7ttxvOWRmDekr0+2AqEYXJgBR+P309RRmWpwr 7MkOICxlXAIQWZgxMECUX6fESx7wQtOV/NbQyiOYEdUl4r9yFVDVWgjFOcA8Fx6GgIM9HmxNd HZf30txVsk0OTs+pSXcs69m1+sLEElHDlzQ1zKMEyX94wVEqUHcDgzBqa2OhOs7LJXW4gzu2D CncnZlVYwuFzPvyL/stlgoEINICS9njkaL+3vztirMl1dGE/uRhNdaj+KvIvMGwwgoXacklQr OvrVqCbPGTbO7Fa1xd8KenP1dgqglBIOF6FVXHXO3+uUOWtppgbH8OXW5Jm8iuQ+FxihIO+ZO SBw4kdum/4YwHmJ4U4rtScv5NN+lhXvo/qfPAuAY37JVRo9nmVYQ3TjutnGaCkOVlv5mC4LVG pmROjbCrCe23LI8srF/Fk4DTMwMLDSwOI6rvkv9dJ8Zzx1JWPTreZUe0pSNetvnHskoaNln30 8A7fR0WudiRmL7Oh0xHWhoeHkHlujBi5k9ny+4Y4sBkZv6SGApGGxwCHnkU4NjBk/Arsmh2zc NqSAm5njUAchwYsqENOovYGQe0QPjO2oloIdyRn2E8w9j8SXsVPMc9R/XTbw/6uawI09hSYXW PWWHJB7wNicagbiMB293KG/HU5p+xSr80rBKeiNxyxzTKErZj4S4Z7datL2A=
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/F2Z-k9VZ0cBigd3KKSjD91KOg9U>
Subject: Re: [Cfrg] patent situation regarding hash2curve as used in some PAKE nominations
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2019 17:57:36 -0000
Helly Riad, yes I now agree with you. The point would also be that the modified method does not at all refer to Skalba's equality. And in this case, plain SWU is indeed something not to include in the hash2curve draft. Also this would also avoid the annoying restriction for avoiding use of the y-coordinate! I'll look more closely at it this weekend. Yours, Björn Am 21.10.2019 um 17:55 schrieb Riad S. Wahby: > Hello Bjorn, > > As I pointed out off-list, and to be completely explicit: X3(t)=Z is > not a counter-argument to my prior message since Skalba's inequality > requires a polynomial X3(t) such that > > f(X1(t)) * f(X2(t)) * f(X3(t)) == U(t)^2 > > and the point of choosing Z as we have is that there does not exist > any polynomial X3(t) such that f(X3(t)) == Z. > > "\"Björn Haase\"" <Bjoern.M.Haase@web.de> wrote: >> - We might be better still including "plain" SWU as an option for mapping >> in the hash2curve draft. > As I've said in the past, there is no reason to ever use "plain" SWU. > The map of Shallue and van de Woestijne has exactly the same cost and > is strictly more general. (We will certainly include the S-vdW map.) > > Regards, > > -=rsw >
- [Cfrg] patent situation regarding hash2curve as u… Björn Haase
- Re: [Cfrg] patent situation regarding hash2curve … Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] patent situation regarding hash2curve … Björn Haase
- Re: [Cfrg] patent situation regarding hash2curve … Riad S. Wahby
- Re: [Cfrg] patent situation regarding hash2curve … Björn Haase
- Re: [Cfrg] patent situation regarding hash2curve … Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] patent situation regarding hash2curve … Riad S. Wahby
- Re: [Cfrg] patent situation regarding hash2curve … Björn Haase
- Re: [Cfrg] patent situation regarding hash2curve … Riad S. Wahby
- Re: [Cfrg] patent situation regarding hash2curve … Björn Haase