Re: [Cfrg] Consensus and a way forward

"Lochter, Manfred" <manfred.lochter@bsi.bund.de> Mon, 01 December 2014 16:28 UTC

Return-Path: <manfred.lochter@bsi.bund.de>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBD0B1A6F27 for <cfrg@ietfa.amsl.com>; Mon, 1 Dec 2014 08:28:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.859
X-Spam-Level:
X-Spam-Status: No, score=-3.859 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8rfYKXUUDaZ2 for <cfrg@ietfa.amsl.com>; Mon, 1 Dec 2014 08:27:57 -0800 (PST)
Received: from m2-bn.bund.de (m2-bn.bund.de [77.87.228.74]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA3AC1A6F0A for <cfrg@irtf.org>; Mon, 1 Dec 2014 08:27:56 -0800 (PST)
Received: from m2.mfw.bn.ivbb.bund.de (localhost.mfw.bn.ivbb.bund.de [127.0.0.1]) by m2-bn.bund.de (8.14.5/8.14.5) with ESMTP id sB1GRsjE020526 for <cfrg@irtf.org>; Mon, 1 Dec 2014 17:27:54 +0100 (CET)
Received: (from localhost) by m2.mfw.bn.ivbb.bund.de (MSCAN) id 5/m2.mfw.bn.ivbb.bund.de/smtp-gw/mscan; Mon Dec 1 17:27:54 2014
X-P350-Id: 23e4b8124446b1fa
X-Virus-Scanned: by amavisd-new at bsi.bund.de
From: "Lochter, Manfred" <manfred.lochter@bsi.bund.de>
Organization: BSI Bonn
To: cfrg@irtf.org
Date: Mon, 1 Dec 2014 17:27:29 +0100
User-Agent: KMail/1.9.10 (enterprise35 20140205.23bb19c)
References: <CA+Vbu7xvvfRWyqyE9sqU7VbjzNQZp+DwRWjaV3Lw0hjLr8ye1A@mail.gmail.com> <AMSPR04MB518798182EA8BE512AD75C4E3710@AMSPR04MB518.eurprd04.prod.outlook.com>
In-Reply-To: <AMSPR04MB518798182EA8BE512AD75C4E3710@AMSPR04MB518.eurprd04.prod.outlook.com>
X-KMail-QuotePrefix: >
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-ID: <201412011727.30281.manfred.lochter@bsi.bund.de>
X-AntiVirus: checked by Avira MailGate (version: 3.2.1.26; AVE: 8.3.26.26; VDF: 7.11.189.194; host: sgasmtp2.bsi.de); id=28712-mt1C7s
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/G5djG4gA90tkv9JSE8-M2VBpjqY
Subject: Re: [Cfrg] Consensus and a way forward
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Dec 2014 16:28:00 -0000

+1



__________ ursprüngliche Nachricht __________

Von:		Joppe Bos <joppe.bos@nxp.com>;
Datum:	Donnerstag, 27. November 2014, 07:17:32
An:		"b@b3k.us"; <b@b3k.us>;, "cfrg@irtf.org"; <cfrg@irtf.org>;
Kopie:	
Betr.:	Re: [Cfrg] Consensus and a way forward

> This draft presents algorithms to “generate domain parameters at any
> security level for modern (twisted) Edwards curves” given as input prime.
> In the Test Vectors section curves defined over primes of a special shape
> are given. Please note that one can also use this draft to select curves
> which are defined over primes which do not have a special shape: something
> which has been requested by different people on this list. I hope that we
> will use this draft to (also) select curves over primes which do not have a
> special shape to accommodate all the needs in the cryptographic (and wider
> security) community.
>
> Best regards,
>
> Joppe
>
>
>
> From: Cfrg [mailto:cfrg-bounces@irtf.org] On Behalf Of Benjamin Black
> Sent: Thursday, November 27, 2014 5:25 AM
> To: cfrg@irtf.org
> Subject: [Cfrg] Consensus and a way forward
>
>
>
> All,
>
>
>
> Over the past couple of weeks we have been working with Adam Langley to see
> if we could find a compromise with which we could all live. I'm pleased to
> say we have been successful in accommodating our respective performance and
> trustworthy generation concerns, and I hope the resulting proposal will be
> attractive to others, as well. The generation procedure is document in a
> draft I've just posted that can be found at
> http://www.ietf.org/id/draft-black-rpgecc-00.txt .
>
>
>
> The simplest summary is that we have combined the prime preferred by Adam
> and others at the 128-bit security level with the rigid parameter
> generation we view as essential for producing the most trustworthy curves.
> We have used the generation procedure to produce a new twisted Edwards
> curve based on 2^255 - 19 and a new Edwards curve based on 2^384 - 317.
> These new curves are given as test vectors in the draft, and are also given
> below.
>
>
>
> These 2 curves are sufficient for meeting the request from TLS. However, if
> there is strong interest in a 3rd curve for the 256-bit security level, the
> generation procedure​​ gives the same curve with p =2^521 - 1 as several
> teams produced.
>
>
>
>
>
> b
>
>
>
> --
>
>
>
> 2^255 - 19
>
>
>
>    p = 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>
>          FFFFFFFFFFED
>
>    d = 0x15E93
>
>    r = 0x2000000000000000000000000000000016241E6093B2CE59B6B9
>
>          8FD8849FAF35
>
> x(P) = 0x3B7C1D83A0EF56F1355A0B5471E42537C26115EDE4C948391714
>
>          C0F582AA22E2
>
> y(P) = 0x775BE0DEC362A16E78EFFE0FF4E35DA7E17B31DC1611475CB4BE
>
>          1DA9A3E5A819
>
>    h = 0x4
>
>
>
>
>
> 2^384 - 317
>
>
>
>      p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>
>            FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEC3
>
>      d = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>
>            FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD19F
>
>      r = 0x3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE2471A1
>
>            CB46BE1CF61E4555AAB35C87920B9DCC4E6A3897D
>
>   x(P) = 0x61B111FB45A9266CC0B6A2129AE55DB5B30BF446E5BE4C005763FFA
>
>            8F33163406FF292B16545941350D540E46C206BDE
>
>   y(P) = 0x82983E67B9A6EEB08738B1A423B10DD716AD8274F1425F56830F98F
>
>            7F645964B0072B0F946EC48DC9D8D03E1F0729392
>
>      h = 0x4

-- 
Lochter, Manfred
--------------------------------------------
Bundesamt für Sicherheit in der Informationstechnik (BSI)
Referat K21
Godesberger Allee 185 -189
53175 Bonn

Postfach 20 03 63
53133 Bonn

Telefon: +49 (0)228 99 9582 5643
Telefax: +49 (0)228 99 10 9582 5643
E-Mail: manfred.lochter@bsi.bund.de
Internet:
www.bsi.bund.de
www.bsi-fuer-buerger.de