IETF Logo Mail Archive

Re: [Cfrg] draft-ladd-safecurves-02

Manuel Pégourié-Gonnard <mpg@elzevir.fr> Sat, 11 January 2014 15:58 UTC

Return-Path: <mpg@elzevir.fr>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB8121ADFF2 for <cfrg@ietfa.amsl.com>; Sat, 11 Jan 2014 07:58:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.994
X-Spam-Level:
X-Spam-Status: No, score=0.994 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FH_RELAY_NODNS=1.451, HELO_EQ_FR=0.35, MIME_8BIT_HEADER=0.3, RDNS_NONE=0.793] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id soICk5GBgBKT for <cfrg@ietfa.amsl.com>; Sat, 11 Jan 2014 07:58:08 -0800 (PST)
Received: from mordell.elzevir.fr (unknown [IPv6:2001:4b98:dc0:41:216:3eff:feeb:c406]) by ietfa.amsl.com (Postfix) with ESMTP id 180061ADFEF for <cfrg@irtf.org>; Sat, 11 Jan 2014 07:58:08 -0800 (PST)
Received: from thue.elzevir.fr (thue.elzevir.fr [88.165.216.11]) by mordell.elzevir.fr (Postfix) with ESMTPS id 535FB161C1; Sat, 11 Jan 2014 16:57:56 +0100 (CET)
Received: from [192.168.0.124] (unknown [192.168.0.254]) by thue.elzevir.fr (Postfix) with ESMTPSA id 976F02986F; Sat, 11 Jan 2014 16:57:54 +0100 (CET)
Message-ID: <52D16A00.8070204@elzevir.fr>
Date: Sat, 11 Jan 2014 16:57:52 +0100
From: Manuel Pégourié-Gonnard <mpg@elzevir.fr>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.1.1
MIME-Version: 1.0
To: Dan Brown <dbrown@certicom.com>, Watson Ladd <watsonbladd@gmail.com>, Alyssa Rowan <akr@akr.io>
References: <20140111003703.6111382.10153.8425@certicom.com>
In-Reply-To: <20140111003703.6111382.10153.8425@certicom.com>
X-Enigmail-Version: 1.6
OpenPGP: id=98EED379; url=https://elzevir.fr/gpg/mpg.asc
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] draft-ladd-safecurves-02
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jan 2014 15:58:10 -0000

On 11/01/2014 01:37, Dan Brown wrote:
> I'm going to try to write up to CFRG my disagreements soon.
> 
I'm looking forward to reading them.

FWIW, I don't agree with every argument as stated on the site (eg, I don't
believe it's fair to quote "no data-dependant branches or memory access
patterns" as properties of the curves), but I still think those curves are an
interesting addition to the current set of curves mainly for the following reasons:

* no unexplained constants as opposed to the NIST "random" prime curves (and
better performance than the Brainpool curves). Even if NIST curves turn out not
to be weak, we currently don't know, and doubt is an issue in itself.
* ease of (correct) implementation
* performance.

> Maybe I'm old school, but I'd expect references to be stable and dated.
> 
Agreed.

Manuel.

v2.23.0 | Report a Bug | By Email