Re: [CFRG] Comment on draft-irtf-cfrg-hash-to-curve-10

"Riad S. Wahby" <rsw@cs.stanford.edu> Fri, 23 April 2021 19:30 UTC

Return-Path: <rswatjfet.org@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69E913A1B03 for <cfrg@ietfa.amsl.com>; Fri, 23 Apr 2021 12:30:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.402
X-Spam-Level:
X-Spam-Status: No, score=-1.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i9vWsfdNdEdY for <cfrg@ietfa.amsl.com>; Fri, 23 Apr 2021 12:30:40 -0700 (PDT)
Received: from mail-qk1-f181.google.com (mail-qk1-f181.google.com [209.85.222.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F1373A1B01 for <cfrg@ietf.org>; Fri, 23 Apr 2021 12:30:40 -0700 (PDT)
Received: by mail-qk1-f181.google.com with SMTP id x11so50679959qkp.11 for <cfrg@ietf.org>; Fri, 23 Apr 2021 12:30:40 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=Z3ZUtVpHuSquXUikmW2UpqDucypBzDTXK2Zic8lidFQ=; b=lBxIPb4UTcjrazKWUFS4/U5/2cpspgFhZ/fFrxnqa5cbWbs5F8y1eqiJFwrPqmRUnI Dll1BOPfhI7iu2hawO6pNtsS7kV3YjuLJt+wtCoYuJ5de4hyne+VgCaAdQ6/2nYzce0b cadmOVKXjT2uy/dptBhm3qzLcacUu1I3Rcn5Lj6/guka5Gf6C7p4Fp6sqt/6WhudxSvO zW+ZCSagZi7QVNnbB6q7cayxPhOHxc9qpUAC5lAAdZeDtMnXTCwUyvf3OhIYOKruK3ca dOM/q0r/WH8p8UEfmHWVABoS1Eqvzlqr+x6EmdfTqdZATYXZM3GwWWEaJLumEO1XjWA7 TUQQ==
X-Gm-Message-State: AOAM530WROhB1DzN47luFWgOP0cVylECH2i+WoOsn43J6AhyNFePoOrw ZP1i88B6kSCeLN7mAtaHKxAH9VgiWW4=
X-Google-Smtp-Source: ABdhPJyLQ/3CDbw0acpZcNr28B92quN6zTLgn78P+4OdfsJpgXoreLzAf5+WLUpJTpCDSs70hvP3Mw==
X-Received: by 2002:a05:620a:2285:: with SMTP id o5mr5609760qkh.407.1619206239211; Fri, 23 Apr 2021 12:30:39 -0700 (PDT)
Received: from localhost (mobile-166-170-222-227.mycingular.net. [166.170.222.227]) by smtp.gmail.com with ESMTPSA id f24sm4933598qto.45.2021.04.23.12.30.37 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 23 Apr 2021 12:30:38 -0700 (PDT)
Date: Fri, 23 Apr 2021 15:30:36 -0400
From: "Riad S. Wahby" <rsw@cs.stanford.edu>
To: Daira Hopwood <daira@jacaranda.org>
Cc: cfrg@ietf.org
Message-ID: <20210423193036.szrrpvg7zbtplkor@muon>
References: <e270e62d-941d-0a87-7dc9-cf80f73b5aeb@jacaranda.org> <108aae2c-576d-ba68-34b8-c539d3fb945d@jacaranda.org> <d2f89438-faeb-47db-97f9-c7ebb394f348@www.fastmail.com> <8c736a71-8ef0-dd8e-1b5a-47cccf1af410@jacaranda.org> <20210422164424.5qwe5msxueqz6rrk@muon> <3360a3c2-9afc-332b-c3c7-6c8c512f8c1b@jacaranda.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3360a3c2-9afc-332b-c3c7-6c8c512f8c1b@jacaranda.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/ITqtLQEEbKUpLoi73gw9lrkMuXA>
Subject: Re: [CFRG] Comment on draft-irtf-cfrg-hash-to-curve-10
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Apr 2021 19:30:42 -0000

Hello Daira,

Thanks for clarifying your feedback.

I remain concerned about mixing implementation detail with high-level
description. Here I am referring to using divsqrt in place of natural
field arithmetic operations (sqrt, inversion, etc.) in the body text.
Describing the algorithm independent of the implementation details is
a way of specifying the mathematical properties of the algorithm, and
having this specification explicit in the document has value, from my
perspective.

But as I said in my prior email, it seems like refactoring Appx. G to
use divsqrt and adding a few implementations of that function for the
relevant cases (3 mod 4, 5 mod 8, 9 mod 16, and general, perhaps?) is
a nice way of cleaning things up. And it seems like the same refactor
applied to SvdW and Elligator in Appx. G would help, too.

This isn't something I can do in the near term, but I'm very happy to
spend time on this once I've got some! I'm hopeful that's about three
weeks from now, but I've been called an optimist before.

Thanks again for the feedback and best regards,

-=rsw