Re: [Cfrg] Elliptic Curves - curve form and coordinate systems (ends on March 12th)
Watson Ladd <watsonbladd@gmail.com> Thu, 05 March 2015 23:42 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A96C1A9073 for <cfrg@ietfa.amsl.com>; Thu, 5 Mar 2015 15:42:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O2JncwvU2H09 for <cfrg@ietfa.amsl.com>; Thu, 5 Mar 2015 15:42:25 -0800 (PST)
Received: from mail-yk0-x22d.google.com (mail-yk0-x22d.google.com [IPv6:2607:f8b0:4002:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDD751A9084 for <cfrg@irtf.org>; Thu, 5 Mar 2015 15:42:25 -0800 (PST)
Received: by ykp131 with SMTP id 131so4483955ykp.6 for <cfrg@irtf.org>; Thu, 05 Mar 2015 15:42:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=horOdQfGA072loNB4kGJeFKG/pS/I4GDPyeMkpLv8Tc=; b=fmMh/fOyOov1Y+JbUPDQAwOl2j6RjVcWPtsAdpoWIKAmlkA2+Py5rDvyIEbSv1rLIR 9w1n2pgoMHH80bedaO+b4kxrD42PFwnV8S0kvfbIP3SYZM97zxdWIlUy/eWDACge9slN cXA2usfP1y76fRnLIE13wT5v03mtizBKvwnb2uykKiXdqx8jmvjZAL7OJw0OF8maI3Wg 3sia/pZRdyzbQ3YC/0yKkmmpeRsShNiQC2sBKlziomfXoISrnJ3tInMV9LQQ1eByn4TE xUSM340TbR9Z6XLqtc21t6eCwtSxkeqUCqnjGcyT20qjs9En27j6ePa7+sUlmSBpyxoX grsg==
MIME-Version: 1.0
X-Received: by 10.170.187.5 with SMTP id d5mr9140821yke.20.1425598945130; Thu, 05 Mar 2015 15:42:25 -0800 (PST)
Received: by 10.170.58.198 with HTTP; Thu, 5 Mar 2015 15:42:25 -0800 (PST)
Received: by 10.170.58.198 with HTTP; Thu, 5 Mar 2015 15:42:25 -0800 (PST)
In-Reply-To: <54F8E735.2010202@isode.com>
References: <54F8E735.2010202@isode.com>
Date: Thu, 05 Mar 2015 15:42:25 -0800
Message-ID: <CACsn0ck_+JLys4ChkiwrBvDLOOb85wz4G-VYCfvA9rgyP1o2zQ@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Content-Type: multipart/alternative; boundary="001a113a6786b77dbe0510931ee4"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/H7UEj7pumUjGZ5_IeVWHpmV0c0s>
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] Elliptic Curves - curve form and coordinate systems (ends on March 12th)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2015 23:42:28 -0000
On Mar 5, 2015 3:31 PM, "Alexey Melnikov" <alexey.melnikov@isode.com> wrote: > > CFRG chairs are starting discussion of the next topic: > > Q4: draft-irtf-cfrg-curves-01 currently contains curves in both Montgomery form and Edwards form. The scalar multiplication routine is specified using Montgomery form (and is specific to Curve25519, which will need to be changed given our decision to include a higher security level curve). Its input is a scalar and the u-coordinate of a point on a Montgomery-form curve; its output is the u-coordinate of a point on a Montgomery-form curve. The DH function builds on this routine. Do we want to stay with specifying the inputs and outputs in Montgomery form for these routines? Or do we want to switch to an alternative curve form and coordinate system for defining the routines? If so, which form and coordinate system? > > > [Chairs are aware that it is possible to switch back and forward between different curve forms and coordinate systems, with associated costs, no matter which form is specified for the inputs and outputs of the routines. But we now have to decide *which* form we want to use for inputs and outputs, so as to ensure interoperability between Alice and Bob. Chairs did not want to implicitly force the choice of Montgomery form/coordinates without polling the group first.] > > > > Once this issues is settled, we will be discussing (in no particular order. Chairs reserve the right to add additional questions) wire format, byte order and signature schemes. Please don't discuss any of these future topics at this time. If we specify the input as Montgomery form, how do we specify the wire format separately? Sincerely, Watson Ladd > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Viktor Dukhovni
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Rene Struik
- Re: [Cfrg] Elliptic Curves - curve form and coord… Rene Struik
- Re: [Cfrg] Elliptic Curves - curve form and coord… D. J. Bernstein
- Re: [Cfrg] Elliptic Curves - curve form and coord… Rene Struik
- Re: [Cfrg] Elliptic Curves - curve form and coord… Ilari Liusvaara
- Re: [Cfrg] Elliptic Curves - curve form and coord… Alyssa Rowan
- Re: [Cfrg] Elliptic Curves - curve form and coord… Alyssa Rowan
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Ilari Liusvaara
- [Cfrg] (flaws with Curve25519 DH function, if one… Rene Struik
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Ilari Liusvaara
- Re: [Cfrg] Elliptic Curves - curve form and coord… Viktor Dukhovni
- Re: [Cfrg] Elliptic Curves - curve form and coord… Watson Ladd
- [Cfrg] (flaws with Curve25519 DH function, if one… Rene Struik
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Watson Ladd
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Nico Williams
- Re: [Cfrg] (flaws with Curve25519 DH function, if… David Leon Gil
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Viktor Dukhovni
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Nico Williams
- Re: [Cfrg] (flaws with Curve25519 DH function, if… CodesInChaos
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Salz, Rich
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Watson Ladd
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Ilari Liusvaara
- Re: [Cfrg] (flaws with Curve25519 DH function, if… CodesInChaos
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Watson Ladd
- Re: [Cfrg] Elliptic Curves - curve form and coord… Alexey Melnikov
- [Cfrg] Elliptic Curves - curve form and coordinat… Alexey Melnikov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Watson Ladd
- Re: [Cfrg] Elliptic Curves - curve form and coord… Dan Brown
- Re: [Cfrg] Elliptic Curves - curve form and coord… Alyssa Rowan
- Re: [Cfrg] Elliptic Curves - curve form and coord… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - curve form and coord… Tony Arcieri
- Re: [Cfrg] Elliptic Curves - curve form and coord… Ilari Liusvaara
- Re: [Cfrg] Elliptic Curves - curve form and coord… Mike Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Nadim Kobeissi
- Re: [Cfrg] Elliptic Curves - curve form and coord… Adam Langley
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Adam Langley
- Re: [Cfrg] Elliptic Curves - curve form and coord… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - curve form and coord… Paul Lambert
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Salz, Rich
- Re: [Cfrg] Elliptic Curves - curve form and coord… Adam Langley
- Re: [Cfrg] Elliptic Curves - curve form and coord… Nico Williams
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Dan Brown
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Paterson, Kenny
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Jakob Breier
- Re: [Cfrg] Elliptic Curves - curve form and coord… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - curve form and coord… Rene Struik
- Re: [Cfrg] Elliptic Curves - curve form and coord… Watson Ladd
- Re: [Cfrg] Elliptic Curves - curve form and coord… Rene Struik
- Re: [Cfrg] Elliptic Curves - curve form and coord… Nico Williams
- Re: [Cfrg] Elliptic Curves - curve form and coord… Watson Ladd
- Re: [Cfrg] Elliptic Curves - curve form and coord… Rene Struik
- Re: [Cfrg] Elliptic Curves - curve form and coord… Jakob Breier
- Re: [Cfrg] Elliptic Curves - curve form and coord… Ilari Liusvaara
- Re: [Cfrg] Elliptic Curves - curve form and coord… Watson Ladd
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Rene Struik
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Salz, Rich
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg