Re: [Cfrg] A draft merging rpgecc and thecurve25519function.
Mike Hamburg <mike@shiftleft.org> Fri, 02 January 2015 03:12 UTC
Return-Path: <mike@shiftleft.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B14521A1B23 for <cfrg@ietfa.amsl.com>; Thu, 1 Jan 2015 19:12:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.502
X-Spam-Level: ***
X-Spam-Status: No, score=3.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_FUTURE_06_12=1.947, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.982, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SSdA6i4-CgQI for <cfrg@ietfa.amsl.com>; Thu, 1 Jan 2015 19:12:29 -0800 (PST)
Received: from aspartame.shiftleft.org (199-116-74-168-v301.PUBLIC.monkeybrains.net [199.116.74.168]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3FEA1A1B22 for <cfrg@irtf.org>; Thu, 1 Jan 2015 19:12:29 -0800 (PST)
Received: from [192.168.1.102] (unknown [192.168.1.1]) by aspartame.shiftleft.org (Postfix) with ESMTPSA id 6D9223AA43; Thu, 1 Jan 2015 19:10:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=shiftleft.org; s=sldo; t=1420168213; bh=1hxFGxLTfUYtn1d7DCC0HTzVWJaDdSKTMvsmrWnFxso=; h=Date:From:To:CC:Subject:References:In-Reply-To:From; b=E/jKXQ+2C5dNgw9A8MLjcflFgujVt7Va42hEPA+Ic/Awz7Jf/pnAokJBb6NVHFeGh 7n83V7/uor2UjfJYk1nNm4BjRhrKRWV1daN6RI8SZwEWoe+dkdXMemOaaHDJfZg+y6 kRsFL/6A+pTp7GYrkKv3YiQk2xiwqVBVv/23wiFE=
Message-ID: <54A67D1B.50804@shiftleft.org>
Date: Fri, 02 Jan 2015 03:12:27 -0800
From: Mike Hamburg <mike@shiftleft.org>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: Adam Langley <agl@imperialviolet.org>, Watson Ladd <watsonbladd@gmail.com>
References: <CAMfhd9Vi=VJw2NW1CX1aE_qjXFmQ1Cmd1F4s7C9eEvuVog-f=Q@mail.gmail.com> <CAMfhd9UAkNBXvof3SgJLQ4Ld6=jNdvLnpCUrMsJFUCepGZytqA@mail.gmail.com> <CACsn0c=GVLh3vYm=dxW=FKKx3Zd=5L6qdh8m_xzjZpb+mk9+0w@mail.gmail.com> <CAMfhd9XJiatX7KoXmYbgoMPkyEV=kprEhZGW33wGZHZ4XbUX7w@mail.gmail.com>
In-Reply-To: <CAMfhd9XJiatX7KoXmYbgoMPkyEV=kprEhZGW33wGZHZ4XbUX7w@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/IEfIPvuyVLScEZ4TxrDyNpYbWvs
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] A draft merging rpgecc and thecurve25519function.
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jan 2015 03:12:30 -0000
On 1/1/2015 4:51 PM, Adam Langley wrote:
> (As an aside: does the existing algorithm output Curve41417,
> Goldilocks or E-521 when given the corresponding prime? I suspect not
> for Curve41417 since the curve/twist cofactors are {8,8} not {4,4}.
> Goldilocks might work though.)
I believe that Goldilocks and E-521 come out of this procedure; the
twist of Ridinghood comes out (because I restricted my parameters to #E
< #E'); and Curve41417 does not come out because it has cofactor 8.
These all have different generators from the Safecurves site, but that
doesn't really matter because nobody has deployed implementations AFAIK.
Section 6.1 is fine in terms of "let's be clear that this is the
simplest safe thing". But you may want to switch the conditions for
clarity/simplicity/speed. In particular, I think only negative d can
come out of 6.1. Also cofactor 4 and twist cofactor 4 imply d nonsquare
and 1-d nonsquare, so you can remove the one condition or add the other
if you want.
Happy 2015,
-- Mike
- [Cfrg] A draft merging rpgecc and thecurve25519fu… Adam Langley
- Re: [Cfrg] A draft merging rpgecc and thecurve255… Adam Langley
- Re: [Cfrg] A draft merging rpgecc and thecurve255… Watson Ladd
- Re: [Cfrg] A draft merging rpgecc and thecurve255… Adam Langley
- Re: [Cfrg] A draft merging rpgecc and thecurve255… Adam Langley
- [Cfrg] Wanting a signature scheme, not needing it… Paul Hoffman
- Re: [Cfrg] A draft merging rpgecc and thecurve255… Mike Hamburg
- Re: [Cfrg] A draft merging rpgecc and thecurve255… Brian Smith
- Re: [Cfrg] A draft merging rpgecc and thecurve255… David Rufino
- Re: [Cfrg] A draft merging rpgecc and thecurve255… Stephen Farrell
- Re: [Cfrg] A draft merging rpgecc and thecurve255… Tanja Lange
- Re: [Cfrg] A draft merging rpgecc and thecurve255… David Rufino
- Re: [Cfrg] A draft merging rpgecc and thecurve255… Alexey Melnikov