Re: [Cfrg] Signatures: curves, algorithms, etc

Watson Ladd <watsonbladd@gmail.com> Fri, 30 January 2015 03:45 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D36C61A1B62 for <cfrg@ietfa.amsl.com>; Thu, 29 Jan 2015 19:45:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.1
X-Spam-Level:
X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zyzd7sBgU1fE for <cfrg@ietfa.amsl.com>; Thu, 29 Jan 2015 19:45:17 -0800 (PST)
Received: from mail-yk0-x231.google.com (mail-yk0-x231.google.com [IPv6:2607:f8b0:4002:c07::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A16121A1A9B for <cfrg@irtf.org>; Thu, 29 Jan 2015 19:45:17 -0800 (PST)
Received: by mail-yk0-f177.google.com with SMTP id 19so16214411ykq.8 for <cfrg@irtf.org>; Thu, 29 Jan 2015 19:45:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=kZV1XiW1kZ9kW5KWZKO7jP1nDVVIF+saihhBhMZymE8=; b=lUm3+aK0F4p3srGuOefsI2fVK5nJGzgb4LmJJhJpp+sp1cJ9MCQGl55iD2ceSPtJbK yZVyrcVKWzb4g3FOO85AfwVSoqaI9kOhP6EyeBn3DeQNslBhfv68/JtAuetXFE1RzhHH 8iCib/bXQKv9+V4DscKkQ/Z0jRzUxcc1aNnUtqJ7TLamY6hsXS8R2Vgo8UqfSz0Dh54k VP6rLHZdX2BJ42FarxUSC+kyF8K984bfZKCLEx1QIuW92vU6YKpZhNdsy5v8NqSCas2I TvSfPfh24opvQeHtXGXiK/UInI7xw4YD3cCYDKaeJ1WtE/GChQc/Fp3JkTT7j8Fp02lK KBuQ==
MIME-Version: 1.0
X-Received: by 10.236.7.70 with SMTP id 46mr1765224yho.138.1422589516794; Thu, 29 Jan 2015 19:45:16 -0800 (PST)
Received: by 10.170.115.77 with HTTP; Thu, 29 Jan 2015 19:45:16 -0800 (PST)
In-Reply-To: <CAHOTMVLZ3Hu2iAzAduu2A9kRgu36uVmMhYnEvAm786QyyUQigQ@mail.gmail.com>
References: <CAHOTMVLZ3Hu2iAzAduu2A9kRgu36uVmMhYnEvAm786QyyUQigQ@mail.gmail.com>
Date: Thu, 29 Jan 2015 19:45:16 -0800
Message-ID: <CACsn0c=xhuTg+1gx5ZNWbR-sRzuAsz+Nxoos555HwQQqf_xxJw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Tony Arcieri <bascule@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/Fj-qlppk1uNbk6EPvhfLzUlp6Hk>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Signatures: curves, algorithms, etc
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jan 2015 03:45:19 -0000

On Tue, Jan 27, 2015 at 1:33 PM, Tony Arcieri <bascule@gmail.com> wrote:
> I would like to hear the opinions of the chairs and other CFRG participants
> on the following:
>
> - Ed25519 and EdDSA
> - FrankenECDSA (ECDSA in Edwards)
> - ECDSA with Edwards keys on the wire (converted to Weierstrass to do ECDSA)
> - Other interesting thoughts on digital signatures

Batch verification is potentially a real win for performance in common
uses of X509.3. This isn't possible with ECDSA. Of course, it requires
issuing the root, intermediate, and end-party cert with the same exact
curve. I can imagine where we use a short-lived (1 year or so)
intermediate with Ed25519, and cache it to enable batch verification
without the concerns with roots with Ed25519.

On the other hand the security issues of existing software are less
significant for signing.

I think we will need to parameterize over hash functions, potentially
with output smaller than liked.
Sincerely,
Watson Ladd

>
>
> --
> Tony Arcieri
>
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg
>



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin