Re: [Cfrg] Consensus and a way forward
"Lochter, Manfred" <manfred.lochter@bsi.bund.de> Mon, 01 December 2014 16:28 UTC
Return-Path: <manfred.lochter@bsi.bund.de>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBD0B1A6F27 for <cfrg@ietfa.amsl.com>; Mon, 1 Dec 2014 08:28:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.859
X-Spam-Level:
X-Spam-Status: No, score=-3.859 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8rfYKXUUDaZ2 for <cfrg@ietfa.amsl.com>; Mon, 1 Dec 2014 08:27:57 -0800 (PST)
Received: from m2-bn.bund.de (m2-bn.bund.de [77.87.228.74]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA3AC1A6F0A for <cfrg@irtf.org>; Mon, 1 Dec 2014 08:27:56 -0800 (PST)
Received: from m2.mfw.bn.ivbb.bund.de (localhost.mfw.bn.ivbb.bund.de [127.0.0.1]) by m2-bn.bund.de (8.14.5/8.14.5) with ESMTP id sB1GRsjE020526 for <cfrg@irtf.org>; Mon, 1 Dec 2014 17:27:54 +0100 (CET)
Received: (from localhost) by m2.mfw.bn.ivbb.bund.de (MSCAN) id 5/m2.mfw.bn.ivbb.bund.de/smtp-gw/mscan; Mon Dec 1 17:27:54 2014
X-P350-Id: 23e4b8124446b1fa
X-Virus-Scanned: by amavisd-new at bsi.bund.de
From: "Lochter, Manfred" <manfred.lochter@bsi.bund.de>
Organization: BSI Bonn
To: cfrg@irtf.org
Date: Mon, 01 Dec 2014 17:27:29 +0100
User-Agent: KMail/1.9.10 (enterprise35 20140205.23bb19c)
References: <CA+Vbu7xvvfRWyqyE9sqU7VbjzNQZp+DwRWjaV3Lw0hjLr8ye1A@mail.gmail.com> <AMSPR04MB518798182EA8BE512AD75C4E3710@AMSPR04MB518.eurprd04.prod.outlook.com>
In-Reply-To: <AMSPR04MB518798182EA8BE512AD75C4E3710@AMSPR04MB518.eurprd04.prod.outlook.com>
X-KMail-QuotePrefix: >
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-ID: <201412011727.30281.manfred.lochter@bsi.bund.de>
X-AntiVirus: checked by Avira MailGate (version: 3.2.1.26; AVE: 8.3.26.26; VDF: 7.11.189.194; host: sgasmtp2.bsi.de); id=28712-mt1C7s
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/G5djG4gA90tkv9JSE8-M2VBpjqY
Subject: Re: [Cfrg] Consensus and a way forward
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Dec 2014 16:28:00 -0000
+1 __________ ursprüngliche Nachricht __________ Von: Joppe Bos <joppe.bos@nxp.com> Datum: Donnerstag, 27. November 2014, 07:17:32 An: "b@b3k.us" <b@b3k.us>, "cfrg@irtf.org" <cfrg@irtf.org> Kopie: Betr.: Re: [Cfrg] Consensus and a way forward > This draft presents algorithms to “generate domain parameters at any > security level for modern (twisted) Edwards curves” given as input prime. > In the Test Vectors section curves defined over primes of a special shape > are given. Please note that one can also use this draft to select curves > which are defined over primes which do not have a special shape: something > which has been requested by different people on this list. I hope that we > will use this draft to (also) select curves over primes which do not have a > special shape to accommodate all the needs in the cryptographic (and wider > security) community. > > Best regards, > > Joppe > > > > From: Cfrg [mailto:cfrg-bounces@irtf.org] On Behalf Of Benjamin Black > Sent: Thursday, November 27, 2014 5:25 AM > To: cfrg@irtf.org > Subject: [Cfrg] Consensus and a way forward > > > > All, > > > > Over the past couple of weeks we have been working with Adam Langley to see > if we could find a compromise with which we could all live. I'm pleased to > say we have been successful in accommodating our respective performance and > trustworthy generation concerns, and I hope the resulting proposal will be > attractive to others, as well. The generation procedure is document in a > draft I've just posted that can be found at > http://www.ietf.org/id/draft-black-rpgecc-00.txt . > > > > The simplest summary is that we have combined the prime preferred by Adam > and others at the 128-bit security level with the rigid parameter > generation we view as essential for producing the most trustworthy curves. > We have used the generation procedure to produce a new twisted Edwards > curve based on 2^255 - 19 and a new Edwards curve based on 2^384 - 317. > These new curves are given as test vectors in the draft, and are also given > below. > > > > These 2 curves are sufficient for meeting the request from TLS. However, if > there is strong interest in a 3rd curve for the 256-bit security level, the > generation procedure gives the same curve with p =2^521 - 1 as several > teams produced. > > > > > > b > > > > -- > > > > 2^255 - 19 > > > > p = 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > > FFFFFFFFFFED > > d = 0x15E93 > > r = 0x2000000000000000000000000000000016241E6093B2CE59B6B9 > > 8FD8849FAF35 > > x(P) = 0x3B7C1D83A0EF56F1355A0B5471E42537C26115EDE4C948391714 > > C0F582AA22E2 > > y(P) = 0x775BE0DEC362A16E78EFFE0FF4E35DA7E17B31DC1611475CB4BE > > 1DA9A3E5A819 > > h = 0x4 > > > > > > 2^384 - 317 > > > > p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > > FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEC3 > > d = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > > FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD19F > > r = 0x3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE2471A1 > > CB46BE1CF61E4555AAB35C87920B9DCC4E6A3897D > > x(P) = 0x61B111FB45A9266CC0B6A2129AE55DB5B30BF446E5BE4C005763FFA > > 8F33163406FF292B16545941350D540E46C206BDE > > y(P) = 0x82983E67B9A6EEB08738B1A423B10DD716AD8274F1425F56830F98F > > 7F645964B0072B0F946EC48DC9D8D03E1F0729392 > > h = 0x4 -- Lochter, Manfred -------------------------------------------- Bundesamt für Sicherheit in der Informationstechnik (BSI) Referat K21 Godesberger Allee 185 -189 53175 Bonn Postfach 20 03 63 53133 Bonn Telefon: +49 (0)228 99 9582 5643 Telefax: +49 (0)228 99 10 9582 5643 E-Mail: manfred.lochter@bsi.bund.de Internet: www.bsi.bund.de www.bsi-fuer-buerger.de
- [Cfrg] Consensus and a way forward Benjamin Black
- Re: [Cfrg] Consensus and a way forward Watson Ladd
- Re: [Cfrg] Consensus and a way forward Joppe Bos
- Re: [Cfrg] Consensus and a way forward Hannes Tschofenig
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Alyssa Rowan
- Re: [Cfrg] Consensus and a way forward Ilari Liusvaara
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Adam Langley
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Alyssa Rowan
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Mike Hamburg
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Alyssa Rowan
- Re: [Cfrg] Consensus and a way forward Paterson, Kenny
- Re: [Cfrg] Consensus and a way forward Paterson, Kenny
- Re: [Cfrg] Consensus and a way forward Paterson, Kenny
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Benjamin Black
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Alexey Melnikov
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Michael Hamburg
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Benjamin Black
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Alyssa Rowan
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Robert Ransom
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Adam Langley
- Re: [Cfrg] Consensus and a way forward Lochter, Manfred
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Ilari Liusvaara
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Robert Ransom
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Benjamin Black
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Watson Ladd
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Tony Arcieri
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Benjamin Black
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Alyssa Rowan
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… D. J. Bernstein
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Robert Ransom
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Benjamin Black
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Watson Ladd
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Paterson, Kenny
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Alyssa Rowan
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Watson Ladd
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Benjamin Black
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Robert Ransom
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Paul Hoffman
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Alexey Melnikov
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Paterson, Kenny
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Alexey Melnikov
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Watson Ladd
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Paterson, Kenny
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Harry Halpin
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Paul Hoffman
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Watson Ladd
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Tanja Lange
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Salz, Rich
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Tony Arcieri
- Re: [Cfrg] Mishandling twist attacks D. J. Bernstein
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Paterson, Kenny
- Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Conse… Tanja Lange
- Re: [Cfrg] Mishandling twist attacks Paterson, Kenny
- Re: [Cfrg] Mishandling twist attacks D. J. Bernstein
- Re: [Cfrg] Mishandling twist attacks Salz, Rich
- Re: [Cfrg] Mishandling twist attacks Stephen Farrell
- Re: [Cfrg] Mishandling twist attacks Adam Back