Re: [Cfrg] What constitutes a curve with a 256-bit security level?
Tony Arcieri <bascule@gmail.com> Wed, 18 February 2015 22:48 UTC
Return-Path: <bascule@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A712F1A1B60 for <cfrg@ietfa.amsl.com>; Wed, 18 Feb 2015 14:48:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n4cHXXKfegoa for <cfrg@ietfa.amsl.com>; Wed, 18 Feb 2015 14:48:05 -0800 (PST)
Received: from mail-ob0-x22c.google.com (mail-ob0-x22c.google.com [IPv6:2607:f8b0:4003:c01::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE6D31A1AF4 for <cfrg@irtf.org>; Wed, 18 Feb 2015 14:48:04 -0800 (PST)
Received: by mail-ob0-f172.google.com with SMTP id nt9so8137134obb.3 for <cfrg@irtf.org>; Wed, 18 Feb 2015 14:48:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=kFgG3O/WrtWD7A/iGG9KU4YZ8HdY1kAGioVOFmTlgBY=; b=ft8msiPmozvcg/AqxDxIb01RMoprR8kk0T24BXjiCbcwkq/VCiCiXWQ8uL94+9KX2o vqRI1KwYvhVGsVn9l6a9177am+PToNtAyZjCBX4FfP9+WwxrDtB7qDPICWZD0ehD70hA gRFb5dujJJbcUSL7VAcngFYuRRrN2ipBuN2ODJDlhGe7GxOLYyPxBdELxX+fndCaM0/4 L3gTfF7Wo51stSaSHSQ9k/4lFjea1aFw9aITrZbIoiSFmuQpE54Yil0W+RaMpkRrCmjk pa+FybSsbGfTvNdds8yNGB9aZAFmUPq9W4Ai82C+0hrvKKDTKzUOKaJuI0Yj8I9F2Bsz 4dkA==
X-Received: by 10.182.68.12 with SMTP id r12mr1075697obt.84.1424299684224; Wed, 18 Feb 2015 14:48:04 -0800 (PST)
MIME-Version: 1.0
Received: by 10.202.224.66 with HTTP; Wed, 18 Feb 2015 14:47:43 -0800 (PST)
In-Reply-To: <CACsn0cmpntED6T9X+Fh=8OwdcwXPnckeGh3dPJZmvuusdDNazQ@mail.gmail.com>
References: <CAHOTMVJKqMcddZ0DEdgh7gVedFR5TPfZHZaVNVmMMUnvTfpLzA@mail.gmail.com> <E64DFFE5-92AE-40EF-8B9D-BD8DA57F0D31@shiftleft.org> <CAHOTMVKSQHSP_=_VreCbXhdE+jkLBq8qJ9S_hquwQEoofB5c4g@mail.gmail.com> <A5B5FC81-DBA3-4FC1-9DFB-FA3D5AD575BD@shiftleft.org> <CAHOTMVJiOT2+jytVkw626VZUjpbuN76Qgf5J5B61L8uXtAY0-w@mail.gmail.com> <CACsn0cmpntED6T9X+Fh=8OwdcwXPnckeGh3dPJZmvuusdDNazQ@mail.gmail.com>
From: Tony Arcieri <bascule@gmail.com>
Date: Wed, 18 Feb 2015 14:47:43 -0800
Message-ID: <CAHOTMV+2kR6Lu8=Fg1T2NCJJqOPdPyG39UCxaAS+aFWvBwOwng@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary="e89a8fb1f338bb61f0050f649c9e"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/FY05GoyE1xdXiMQTByqA2J3-TGQ>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] What constitutes a curve with a 256-bit security level?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Feb 2015 22:48:06 -0000
On Wed, Feb 18, 2015 at 2:45 PM, Watson Ladd <watsonbladd@gmail.com> wrote: > Not really. While the naïve approach if using a single hash function > output of double length for deterministic signing won't work, hashing an > incrementing counter with the message and private key, or some other > variant will. > Okay, seems I was confused. Thanks for clearing that up. That said... On Wed, Feb 18, 2015 at 11:21 AM, Michael Hamburg <mike@shiftleft.org> wrote: > ...curves must be voted off the island in order to make progress. Though > I am curious — is the same also true of Ed480-Ridinghood? > +1 on curiosity about whether Ridinghood is still a candidate if Goldilocks is out. -- Tony Arcieri
- [Cfrg] What constitutes a curve with a 256-bit se… Tony Arcieri
- Re: [Cfrg] What constitutes a curve with a 256-bi… Michael Hamburg
- Re: [Cfrg] What constitutes a curve with a 256-bi… Tony Arcieri
- Re: [Cfrg] What constitutes a curve with a 256-bi… Michael Hamburg
- Re: [Cfrg] What constitutes a curve with a 256-bi… Tony Arcieri
- Re: [Cfrg] What constitutes a curve with a 256-bi… Watson Ladd
- Re: [Cfrg] What constitutes a curve with a 256-bi… Tony Arcieri
- Re: [Cfrg] What constitutes a curve with a 256-bi… David Jacobson
- Re: [Cfrg] What constitutes a curve with a 256-bi… Mike Hamburg