IETF Logo Mail Archive

Re: [Cfrg] Comments regarding draft-sullivan-cfrg-hash-to-curve

Christopher Wood <christopherwood07@gmail.com> Mon, 09 April 2018 04:30 UTC

Return-Path: <christopherwood07@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B03121252BA for <cfrg@ietfa.amsl.com>; Sun, 8 Apr 2018 21:30:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rVOoCn77SibI for <cfrg@ietfa.amsl.com>; Sun, 8 Apr 2018 21:30:14 -0700 (PDT)
Received: from mail-yw0-x22d.google.com (mail-yw0-x22d.google.com [IPv6:2607:f8b0:4002:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CD36126C2F for <cfrg@irtf.org>; Sun, 8 Apr 2018 21:30:14 -0700 (PDT)
Received: by mail-yw0-x22d.google.com with SMTP id z21so2375098ywg.11 for <cfrg@irtf.org>; Sun, 08 Apr 2018 21:30:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=c5bJHxrXHgNuL9sqmQ34D6KQI0TDVkZz722YtDb4+uE=; b=X7VlgqtRAYmvR6ZOAo5fITCB1LBCDd/3gQyea+CvqJQut2W2xpuir0c7EVrdCdH8+z 24cG7ik9hELhbBv4duoVB6ZqfLBgwyaSfSTP6PGdywDqfn0R+Oa+H747FE8/QfzyZMtE cxqkCBiKlozB+XkU/GQXg8iqIjxeepQ0BdJWyVgKd4KFRC6rbtRf2WZU8LxX6cLHoW2Z THXN73g8/tfwmFVKRhz1a+2NoX0m3KbJlonGpa5VzAIrPF+Jjj9FjbCUaldp7v+GTU2p cHyJ4w8LtDgIZKJZ8lVc9/03LbN96gfC2pXG6wuP9yp7EdRWKA7xUpOAPmpV8TiVffXk cVLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=c5bJHxrXHgNuL9sqmQ34D6KQI0TDVkZz722YtDb4+uE=; b=KViCBoq5fKXMEl0XXF1cpDsEmdLkPbiqCSPWRMVsT5xiazJQJBOUGAZdlvJ135jeDn vB0oji/i5x0zHL5GZsL9YG0Zd7f2svHcCPwG7voKEQBDzcw6VcJFIv2BtaKd8d1ygdnh 6rXqhOg8XUy6ipS60H/j6h7BlG/jSPH9KMR90kCwy3ouJq9E4dKpt543a2//InNUWxof pO99xnqCxbnVZDMrf4cjJ8AWY3T1izctv09gSo0+GPAttIvENzPfAlVgUrGYIA5YbXo9 6SM3fG3Bp0HxMiXvdCG+4fXf3X3mOGmfcsmjwNOdod0u/wBqDnq4iye1Qze5LfVWftWn 1tUQ==
X-Gm-Message-State: ALQs6tDWKXs4VNHg+eV9ld0ZvNE6Ehzb0XytcfH9Vh2Y07kMSPaCudnk wZFDhTB8YVVUB32jcsNZGG/cow+1Bjo/+/pYpv4=
X-Google-Smtp-Source: AIpwx4/2FIawIU6OPeGyisJvakFeunRMB8s0PAyQ83LPot34jymRugOSUnI2g0Bzq3lLGkxZ+wGyOYvcQNrzwPCrnA0=
X-Received: by 10.13.208.199 with SMTP id s190mr10674511ywd.33.1523248213304; Sun, 08 Apr 2018 21:30:13 -0700 (PDT)
MIME-Version: 1.0
References: <OF6FFC9F11.340C9F5B-ON00258255.0080017E-00258256.0002E0C9@notes.na.collabserv.com> <CAO8oSXnxS4Ea89A3Yq46sPk2f8iYqiEsFwNALqAfb+2951NBsA@mail.gmail.com> <OF55990F4E.F8FD96E4-ON00258265.0015BD38-00258265.00193EC1@notes.na.collabserv.com>
In-Reply-To: <OF55990F4E.F8FD96E4-ON00258265.0015BD38-00258265.00193EC1@notes.na.collabserv.com>
From: Christopher Wood <christopherwood07@gmail.com>
Date: Mon, 09 Apr 2018 04:30:02 +0000
Message-ID: <CAO8oSX=Pc3_pOZjre_p_0Z-RiY8ykt7EsF_4f1Dc4mHtSqTNBg@mail.gmail.com>
To: jresch@us.ibm.com
Cc: cfrg@irtf.org
Content-Type: multipart/alternative; boundary="001a114daa30a8aa11056962dc31"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/JSfHrEJVMzpjUWHawXCUoyb7ZWs>
Subject: Re: [Cfrg] Comments regarding draft-sullivan-cfrg-hash-to-curve
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Apr 2018 04:30:17 -0000

Hi Jason,

Please see inline below.

On Tue, Apr 3, 2018 at 9:36 PM Jason Resch <jresch@us.ibm.com> wrote:

>
> I recently wrote some reference implementations of my suggestion below for
> implementing HashToBase() for any given input string and curve.  It uses
> the left-most bits of HKDF applied to the input, where the number of total
> bits selected is determined by the size of the prime field.  I have ensured
> consistency via some test vectors I defined and are included in this sample
> code.  I tested both NIST P-256, and NIST P-521. Note that these examples
> only implement "Simplified SWU", but this can be easily extended to support
> the other algorithms.
>
> I have attached the Python and Java implementations to this e-mail, the
> python one is a bit more concise and is self contained in one file, while
> the Java one is implemented across several files (in the zip file), but
> both produce consistent results as far as I have been able to test.
>

Thanks for sharing the code. We're currently working to port all the
algorithms to hacspec. This routine will certainly be part of that effort.
When the time comes, I will use it to test against our own implementation.


>
> Also, I found something interesting in regards to supporting Koblitz
> curves, or other curves where a = 0 (such as BN-254).  By accident, I
> discovered that it didn't seem to matter whether I used "(-b / a)" or any
> other number.  The Simplified SWU algorithm appeared to always map to a
> valid point.  Does this make sense?  Is there a special motivation for
> using (-b / a) as opposed to some other constant?
>

Interesting. I don't know off hand. I'll have to investigate and get back
to you.

Best,
Chris

v2.23.0 | Report a Bug | By Email