Re: [Cfrg] Signatures: curves, algorithms, etc
Watson Ladd <watsonbladd@gmail.com> Fri, 30 January 2015 03:45 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D36C61A1B62 for <cfrg@ietfa.amsl.com>; Thu, 29 Jan 2015 19:45:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.1
X-Spam-Level:
X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zyzd7sBgU1fE for <cfrg@ietfa.amsl.com>; Thu, 29 Jan 2015 19:45:17 -0800 (PST)
Received: from mail-yk0-x231.google.com (mail-yk0-x231.google.com [IPv6:2607:f8b0:4002:c07::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A16121A1A9B for <cfrg@irtf.org>; Thu, 29 Jan 2015 19:45:17 -0800 (PST)
Received: by mail-yk0-f177.google.com with SMTP id 19so16214411ykq.8 for <cfrg@irtf.org>; Thu, 29 Jan 2015 19:45:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=kZV1XiW1kZ9kW5KWZKO7jP1nDVVIF+saihhBhMZymE8=; b=lUm3+aK0F4p3srGuOefsI2fVK5nJGzgb4LmJJhJpp+sp1cJ9MCQGl55iD2ceSPtJbK yZVyrcVKWzb4g3FOO85AfwVSoqaI9kOhP6EyeBn3DeQNslBhfv68/JtAuetXFE1RzhHH 8iCib/bXQKv9+V4DscKkQ/Z0jRzUxcc1aNnUtqJ7TLamY6hsXS8R2Vgo8UqfSz0Dh54k VP6rLHZdX2BJ42FarxUSC+kyF8K984bfZKCLEx1QIuW92vU6YKpZhNdsy5v8NqSCas2I TvSfPfh24opvQeHtXGXiK/UInI7xw4YD3cCYDKaeJ1WtE/GChQc/Fp3JkTT7j8Fp02lK KBuQ==
MIME-Version: 1.0
X-Received: by 10.236.7.70 with SMTP id 46mr1765224yho.138.1422589516794; Thu, 29 Jan 2015 19:45:16 -0800 (PST)
Received: by 10.170.115.77 with HTTP; Thu, 29 Jan 2015 19:45:16 -0800 (PST)
In-Reply-To: <CAHOTMVLZ3Hu2iAzAduu2A9kRgu36uVmMhYnEvAm786QyyUQigQ@mail.gmail.com>
References: <CAHOTMVLZ3Hu2iAzAduu2A9kRgu36uVmMhYnEvAm786QyyUQigQ@mail.gmail.com>
Date: Thu, 29 Jan 2015 19:45:16 -0800
Message-ID: <CACsn0c=xhuTg+1gx5ZNWbR-sRzuAsz+Nxoos555HwQQqf_xxJw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Tony Arcieri <bascule@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/Fj-qlppk1uNbk6EPvhfLzUlp6Hk>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Signatures: curves, algorithms, etc
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jan 2015 03:45:19 -0000
On Tue, Jan 27, 2015 at 1:33 PM, Tony Arcieri <bascule@gmail.com> wrote: > I would like to hear the opinions of the chairs and other CFRG participants > on the following: > > - Ed25519 and EdDSA > - FrankenECDSA (ECDSA in Edwards) > - ECDSA with Edwards keys on the wire (converted to Weierstrass to do ECDSA) > - Other interesting thoughts on digital signatures Batch verification is potentially a real win for performance in common uses of X509.3. This isn't possible with ECDSA. Of course, it requires issuing the root, intermediate, and end-party cert with the same exact curve. I can imagine where we use a short-lived (1 year or so) intermediate with Ed25519, and cache it to enable batch verification without the concerns with roots with Ed25519. On the other hand the security issues of existing software are less significant for signing. I think we will need to parameterize over hash functions, potentially with output smaller than liked. Sincerely, Watson Ladd > > > -- > Tony Arcieri > > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg > -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
- [Cfrg] Signatures: curves, algorithms, etc Tony Arcieri
- Re: [Cfrg] Signatures: curves, algorithms, etc Alyssa Rowan
- Re: [Cfrg] Signatures: curves, algorithms, etc Ilari Liusvaara
- Re: [Cfrg] Signatures: curves, algorithms, etc Mike Hamburg
- Re: [Cfrg] Signatures: curves, algorithms, etc Watson Ladd
- Re: [Cfrg] Signatures: curves, algorithms, etc Damien Miller
- Re: [Cfrg] Signatures: curves, algorithms, etc David Leon Gil
- Re: [Cfrg] Signatures: curves, algorithms, etc Mike Hamburg