Re: [CFRG] compact representation and HPKE
Mike Hamburg <mike@shiftleft.org> Fri, 12 February 2021 22:36 UTC
Return-Path: <mike@shiftleft.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63D513A101C for <cfrg@ietfa.amsl.com>; Fri, 12 Feb 2021 14:36:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.305
X-Spam-Level:
X-Spam-Status: No, score=-1.305 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=shiftleft.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VMf6LTpmZupw for <cfrg@ietfa.amsl.com>; Fri, 12 Feb 2021 14:35:59 -0800 (PST)
Received: from astral.shiftleft.org (unknown [54.219.126.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBDFE3A1022 for <cfrg@irtf.org>; Fri, 12 Feb 2021 14:35:59 -0800 (PST)
Received: from [192.168.7.53] (unknown [198.207.18.242]) (Authenticated sender: mike) by astral.shiftleft.org (Postfix) with ESMTPSA id 7102FBB808; Fri, 12 Feb 2021 22:35:56 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shiftleft.org; s=sldo; t=1613169356; bh=/2y25FBDecBtI2eK876hfzk8Fc1CGzcP812Z7Psh29E=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From; b=EiuTS96KwhTkFZstCWcsNiE6my1vgniDEmbZhNFwC6DRr9TaG+9jOBse0JmPZPYHb E6kKgpb6+C2CRC4+DP7jqPHnUZsDZePqr2l6fmvmFtHgEEju9fzk9NbDG32oV+aiq4 2GGnhlfPd20maRqgYV2I0pYZScXMEMiMThg0mx1I=
From: Mike Hamburg <mike@shiftleft.org>
Message-Id: <8B7FF80F-B7C6-4B96-8629-355F0E248C2D@shiftleft.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_22A82534-CEDE-4300-827A-FF0436D5261D"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
Date: Fri, 12 Feb 2021 18:35:54 -0400
In-Reply-To: <5435F742-A8FD-433D-BE27-F9781293BBA8@shiftleft.org>
Cc: CFRG <cfrg@irtf.org>
To: Paul Hoffman <paul.hoffman@vpnc.org>
References: <0fcfb0ed-249b-7cd3-09ba-ed1c73122383@lounge.org> <CABcZeBMGJQ7sAKovy3japXVVLWRB8ydpsDzZxhijvFCtXptsZQ@mail.gmail.com> <e19e3ca1-e209-40c6-82e3-24c6d330bff8@www.fastmail.com> <0FFF0D59-DB9E-4291-A835-A0188964D2D1@vpnc.org> <5435F742-A8FD-433D-BE27-F9781293BBA8@shiftleft.org>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/JZusCDZv9tDfpkPfzPaiWswPIEQ>
Subject: Re: [CFRG] compact representation and HPKE
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2021 22:36:01 -0000
> On Feb 12, 2021, at 6:32 PM, Mike Hamburg <mike@shiftleft.org> wrote: > It’s worth mentioning, on the subject of “but what about the patents”: the fastest set of x-only formulas I’m aware of, 11M/bit as described in https://eprint.iacr.org/2020/437.pdf <https://eprint.iacr.org/2020/437.pdf>, are patented by my employer (not my choice to make). On the second-fastest set I’m aware of, 12M/bit as described in https://ches.2017.rump.cr.yp.to/a1933e522beb16591d9dc8e373ad7079.pdf <https://ches.2017.rump.cr.yp.to/a1933e522beb16591d9dc8e373ad7079.pdf>, I’m not aware of any patents. To clarify, “fastest” here is restricted to general short-Weierstrass curves over large-characteristic fields, without endomorphisms, etc. The classic Montgomery ladder on Montgomery curves is of course faster. — Mike
- [CFRG] compact representation and HPKE Dan Harkins
- Re: [CFRG] compact representation and HPKE John Mattsson
- Re: [CFRG] compact representation and HPKE Richard Barnes
- Re: [CFRG] compact representation and HPKE Mike Hamburg
- Re: [CFRG] compact representation and HPKE Dan Harkins
- Re: [CFRG] compact representation and HPKE Dan Harkins
- Re: [CFRG] compact representation and HPKE John Mattsson
- Re: [CFRG] compact representation and HPKE Michael Scott
- Re: [CFRG] compact representation and HPKE Michael Scott
- Re: [CFRG] compact representation and HPKE Dan Harkins
- Re: [CFRG] compact representation and HPKE Benjamin Beurdouche
- Re: [CFRG] compact representation and HPKE Dan Harkins
- Re: [CFRG] compact representation and HPKE Loup Vaillant-David
- Re: [CFRG] compact representation and HPKE Eric Rescorla
- Re: [CFRG] compact representation and HPKE Christopher Wood
- Re: [CFRG] compact representation and HPKE Paul Hoffman
- Re: [CFRG] compact representation and HPKE Dan Harkins
- Re: [CFRG] compact representation and HPKE Stephen Farrell
- Re: [CFRG] compact representation and HPKE Eric Rescorla
- Re: [CFRG] compact representation and HPKE Stephen Farrell
- Re: [CFRG] compact representation and HPKE Andrey Jivsov
- Re: [CFRG] compact representation and HPKE Mike Hamburg
- Re: [CFRG] compact representation and HPKE Mike Hamburg
- Re: [CFRG] compact representation and HPKE Loup Vaillant-David
- Re: [CFRG] compact representation and HPKE Salz, Rich
- Re: [CFRG] compact representation and HPKE Mike Hamburg
- Re: [CFRG] compact representation and HPKE Stephen Farrell
- Re: [CFRG] compact representation and HPKE Peter Gutmann
- Re: [CFRG] compact representation and HPKE John Mattsson
- Re: [CFRG] compact representation and HPKE Benjamin Lipp
- Re: [CFRG] compact representation and HPKE John Mattsson
- Re: [CFRG] compact representation and HPKE Mike Hamburg
- Re: [CFRG] compact representation and HPKE Salz, Rich
- Re: [CFRG] compact representation and HPKE Dan Harkins
- Re: [CFRG] compact representation and HPKE Karthik Bhargavan
- Re: [CFRG] compact representation and HPKE Richard Barnes
- Re: [CFRG] compact representation and HPKE Eric Rescorla
- Re: [CFRG] compact representation and HPKE Benjamin Beurdouche
- Re: [CFRG] compact representation and HPKE Dan Harkins
- Re: [CFRG] compact representation and HPKE Billy Brumley
- Re: [CFRG] compact representation and HPKE Stanislav V. Smyshlyaev
- Re: [CFRG] compact representation and HPKE Dan Harkins
- Re: [CFRG] compact representation and HPKE Stanislav V. Smyshlyaev
- Re: [CFRG] compact representation and HPKE John Mattsson
- Re: [CFRG] compact representation and HPKE denis bider