[CFRG] Re: I-D Action: draft-irtf-cfrg-pairing-friendly-curves-12.txt
John Mattsson <john.mattsson@ericsson.com> Tue, 18 November 2025 13:47 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cfrg@mail2.ietf.org
Delivered-To: cfrg@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 3FADA8BBAAB3 for <cfrg@mail2.ietf.org>; Tue, 18 Nov 2025 05:47:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y_bXnl8IM6kR for <cfrg@mail2.ietf.org>; Tue, 18 Nov 2025 05:47:17 -0800 (PST)
Received: from AM0PR83CU005.outbound.protection.outlook.com (mail-westeuropeazon11010033.outbound.protection.outlook.com [52.101.69.33]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 7AF918BBAAAC for <cfrg@ietf.org>; Tue, 18 Nov 2025 05:47:17 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=FjedBwPFnA0VesytnjNUf3XPdG0e0pDAiqluhySoVKhiMJ3XgTfcSBnQiqoBk3sPUVfkwKAz0OOLw3ZvJRee+hxHogVQF4VjRAQPhvZ+Yqk9HALT/Y0kntF4Ewm+X4Nl8ISBmeVkdOXfBhzO35Kx17L2PI20LsLlMdnVnLuT/1985iIqwh+PTlGKeNL0XHVGqWgNSoZozJ7nmIiTWbOWQZGmD8IxxYeNgwnCjd9L2tfZVm5O5RQYXwzEEyN45k4uTDQlClTxT7thT8YFRNowAzTTT/JhJzzgd1tbj5DldjtwFuGa00kyTGknUCepQd8aw4tpCJfUPVTavboy5fFK2A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LfYYlcqaTchUfNTn7A2pNv4msG9yRy16Ag7mhs7xBYA=; b=Kc+2Uzf1eSLatNUlLK8ihS9Zl+ta3OI7b6ufQNq5wZv2R8A5EZbNitkVbGawv5+pyBM/79Z6Run4eA+aLzuebltiIDlV2X8DrVE1YBNNDug3Y6ClKiTdDwiblMLbGIUUSjw6OT/lbO6WL4R/g/7hEzv6AIIh7wzFKlzHNhRQuIAoiM0Tr+Dot8naWmoB3FAhezeQS84YHXGYZThUdCEkACbPFwP1vQD92UyPkDHRghLI0jHuC/apVHEmeIylnpN3vpI9qx/iwhwVs2monpunApv+Zad4bYQF4GtIawNi4DyrG8hz0J+mE/pHR16Va1VW6kazVRQwk2hSdmc6o1nBvw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LfYYlcqaTchUfNTn7A2pNv4msG9yRy16Ag7mhs7xBYA=; b=cHoIldAgBkm+H0E/M5sdNe1so0hixKJsMA//sc4zIo0cEOn6/AinqYSP0+vuSaIoYV6UnlN3MB8Bk/qMJDh97nl53FBxB1wMrONR+5r5u5OHsYtbWkuUsw0/vFaOsx7eTdgSJ17lFjDtFVsEoHaa4UrJNE9geAxJmvL5w371FzUsOcpuHemKydU+B8FUrr6v7emBI5JYSuWXq4D2JYYwWd38z9LcfbxBdc/FtNCoiO7kVU4rkV4i4i/QkiojV7PXn6og6anzWA58SJoxLaY3kYkR3iwvtLDUE516o1gZs2gMNQpJJ4Uc2uFEaQsjltb4r6Iv1uVVS6IXbltk0mbQnw==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by AS5PR07MB9913.eurprd07.prod.outlook.com (2603:10a6:20b:67e::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9320.21; Tue, 18 Nov 2025 13:47:09 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8%3]) with mapi id 15.20.9343.009; Tue, 18 Nov 2025 13:47:09 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "cfrg@ietf.org" <cfrg@ietf.org>
Thread-Topic: [CFRG] I-D Action: draft-irtf-cfrg-pairing-friendly-curves-12.txt
Thread-Index: AQHcVBAjME4tHfFumku2/jZETkqp4g==
Date: Tue, 18 Nov 2025 13:47:09 +0000
Message-ID: <GVXPR07MB9678D745F5D1F4BC6532EE2689CCA@GVXPR07MB9678.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|AS5PR07MB9913:EE_
x-ms-office365-filtering-correlation-id: 6c9253d4-61cd-4ad4-170f-08de26a8f843
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|1800799024|38070700021|8096899003|13003099007;
x-microsoft-antispam-message-info: /xFO9Q4JaxvQQnqIH5JunB2g1vv4EC73iuMeTej1Oytf4B3LdAEjFG6WBKENVeL2rPAEDGbwuEmF0kOpolPfnExIB6e7QxMK4goGzgS8dvddmtd2B26xjYnEmb8e7w9lUDcHYVgsm8w8PFZi+FUDxWrWK1QphoZOuCPR33P+HcABSmHJBLpT5sZ2tYADSsiNG1F8dwnTx9ZAua3+nrsWVgjfA027wK5BDTv7y11X05S2CrbC4kpDkjRJUqIz2eQbgqPiIKvUYvcxNmyWp3XxlmxQW6JOWJYc/NeXElPNMxaoSNXS1rWRTQSke4llxBOdTAK3ohJe0EP0ybDXWGERbV+b9WxnaxafxJBuoGBQfUFHFaPPhHNwTbIf6rpGQT1qkZQ4GBlhNkgKMH9U6Te94WLhH4fgXF+ZNDjQU55pu5uE2U51X9r68VUg6eDpyD/cEvYn3MAF19s8kv/MquULlT+upyTeatttX4PcXRhWqqongj29QbL3p6js4bHUdWVnnuSiuhRHti5btViPmg41qIEcM5Zfhu6gF4k+lhSyD+KOlhjuJl077sK64iwLts+rfaS+LJBTH5oo1alXOwGg7zFH8snxd8nbnO1C5DDZ3TxAI7yp+0m935GFNhwSGpklF0zqgfS1hrTzWy+uf0AZykolwJrt27ZUv0PLnklkh4iSo8mxMppXKUmp7bEJ/ROrp8UquKinB1DIjEGK92wJR+r0mkGhv10j9L2thNuh3tBS9ihzNKM3mjW9cYLm0UkoM04xQAFRVUL7TZzDqePWWW+PWw1uexmYbbxzVHj82SJN3s8oD8bs5DGmZGKOSjmEywBz4nsKHFQ1HXVcYX1Qgl9qDNoCcOBGR6TZoYIJWraMtcHA5hzeU88kQMPEhTXP0dkclAIXcyaaM1WK6q8Q6KWWjt0u5lHneBv6R8OKojRXr19I4MBiLjpEol9jJHG7TNefeA5ifQNhJXEsJ7DQsTja/DoBowb7tvOBcCVnEo3eY8IoRt0Lu//Wnlbi3LymrszA+sVnXLl2EL/b5ro+fuueeofliJN4kyb2+WoZS6WN59KoPz0vitICN9Gi8uiqzT2FVliFujOWriPOc7L3ZgTXBOr5QOvoJOHzvf56Y0iThyzKZpDlLMi4S3xX1HdudIWejYItZL8rewGJ2T3+TtglEeVONJ+gughd6PK+S469aBmpkqXoNeS9tdPDB9F/seshwvThl1QAfGsgayI3112ObT8zJtJ/bA2MDJe4aTFJjNtg0wmWj74rPKO2kK4THIVgZ9iZbqAwp8Psx7XDwM08tfrd+kQOG9PzMooI57YqDfTGj6jlDBq2YSc1wAoCBS3/SfFAVyce9Cr4FiVp2QUkcoeZFU1WpkGSjz/earXoCMWiSIMJLtMZKlGWX2tf6beZQiyRquCGxBzF+Q7okjLKEzrmz3DLSGcIx1wmu+iRSDyXwXG8Gvru3/V+z4r4ptO6dP6QgtQ4zMW3f1GUXA==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GVXPR07MB9678.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(38070700021)(8096899003)(13003099007);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: txT6wx01d/B5vAljFHj1ec+WF1xIn8d8fWV49/uWHhu8ui4VTYGH9gJQps1+LSm+BSfrxVmR8DXZe7cXTl1LJK1PqKRf8qCCncSZTBID8dzEC9zPe/fdeYW18QJ+Ue+PcTnj4nrPKwuOPcjmIMCXtLpLV6iQOpxO+IwWFSFOjvELJBGHs7mxgu/dahlhe9PbKw2yO5A7xOLEMabXmyVhA1xd5cQLTzaNQIzgNTjqVb/E5rqs0CIBVX+6BaTpnCrfAY2d+LbJqoiFHtD3aNGUl7lNSyt608MzIZEeiR1tgRve6GueJJ9vSNLrLhV13LbJWcXCO3sr/+NMkQs7JHqXpmrnbWL7FBT2pk4Iz2Dsq0STQWSASKwd8EOwKL4er3Ia3zAnh4AjMWKGkmB9XY6ZbAUrG4KfGlOWK5N0ndJMZDpZG+slRZnLDS7wXSgB2sUydyQDPlfkmDIEBWuJYTS9vbj8vPfh+06E4++Q4ygSj7JMCFveiHfn0yi1gWQh7VhV5pLrsGkFoTR2XEmcwRwepKrC7S55f+fes0qEuPT55MCyZ+05rbwAWcg5YmqE0bqu25xwK56LHXpjONy8WA608iCV6Wrywr5oXWLxcKJ2QMviowzO4ESgvaqpBBDcyfvLmw2XeKZ5nTq6+fPfuouHqH+J/bLmNT02MWBIgCQn4dfuKf1Dy6hWKyJ4TiNmcNqDN0uNsQOfvjeTGewHUxaUT7xsLYmypq+8ikHNthTF0CPBONfFUNBEpW5xq5eaX4l8cEkQbYOBSP3/9HlLmTgs8TRYaI+mlXpKuaqgT3uv7mGiWJcTKmmCgHZ8vVLIh1ep2bAgH74OOeyZKYmOkLuuzqtX1wn9kC7hrOKvECjUkGXYA1d4kLG6HvhWFe2A98wBtq2yniusyZDSPxMrUpsmxfi1CdGU6QfphdCbuKYQM6owBgXjxk6jvRrwcvaPvFB3FG9y7xyXceHlRDb4ZEeIs9gpTqQ2CMltrI+zCBM0zru+yY6VznWt6bFXMIXY4zs3MD5Do2KxbkEuR+mfo/1Dq+vR390RQInxtck+U/5jj8eK7rTkciy6A4GDDdfEh5Fo+e34SdUVH0K5VhMaYS+agovKJYwbl7NyIM1F+WZJf8dtpBwhikTTP12C2qX2mb5yG41g5CT7a1qPoxtD95wKpaLpYFy53W8ZZsJj60jNSpBJFd3XoJ9Hi9kR6EmC49MTNDM4jIT+W6rSZ6eFqcYD3FHoruz6n5ivpJjByNi6ZDbAfDUuUVk4yecHwnlHZHj2jgE3x8lr3PezyOcNUI1vLXa9Y/G47ZduAvqCa5JoP2hKGTNJ1I8V8KAyOP3UFltP/AK/iD8IXShUjoBlOIdAlxI3rAepQTNfaO2KA3+2a8+JBztCi2CVKZa3q81HXCPQR7p3v+jhwwoiSrAWy4Fbqrv7cWM4aatoHlh0d7RZo7n5lr2Pd6LF9sv70hn640T+xYJ06qEQYEG1gKa+eUNEwNmevbO4KUaS0GGWJ1U11Ol5cHDRrY1r49iG1McXozNFHIGGd8Zi+V1YuE5+nL/3/sSL0hKFeW90TRbYa30Z7gHjBmrIkgkYaTG/R9tiTHqwU4Bd8cUp05JO9VejY8s/KF7MsV/QRPbuC8ILOoBaHSk=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB9678D745F5D1F4BC6532EE2689CCAGVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6c9253d4-61cd-4ad4-170f-08de26a8f843
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Nov 2025 13:47:09.4551 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dhd1gZUMGddLFSrkb8lC6I8b5co8vPeL+p+SC7YE4t0RMoPMCsiARirwcV25vGXi9RVcek1tlfFnV26AW9yofHk5U97qEga8gckm4u9WXxo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS5PR07MB9913
Message-ID-Hash: JCGW5BUTLNX2NKFVTEXV53PGSKAJOXLU
X-Message-ID-Hash: JCGW5BUTLNX2NKFVTEXV53PGSKAJOXLU
X-MailFrom: john.mattsson@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; header-match-cfrg.irtf.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [CFRG] Re: I-D Action: draft-irtf-cfrg-pairing-friendly-curves-12.txt
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/JnyN9-G6vIGSMuWyyqoWNNdQ6Xk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>
Hi,
I think it would be good to try to publish this asap. My two cents would be to focus on specifying:
- BLS12_381
- One BLS24 curve, one BLS48 curve, or both. I think many people might want some security margin when deploying pairing-based crypto.
- The ZCash serialization format
I don't think "Selection of Pairing-Friendly Curves" including what is standardized in other SDO is essential. I think BN462 could be removed. less is more. Correctly if I am wrong but my understanding is that BLS12_381 is superior to BN462. Security of Pairing-Friendly Curve could be moved to security consideration or an appendix.
Cheers,
John
On 2025-11-02, 22:17, "internet-drafts@ietf.org" <internet-drafts@ietf.org> wrote:
Internet-Draft draft-irtf-cfrg-pairing-friendly-curves-12.txt is now
available. It is a work item of the Crypto Forum (CFRG) RG of the IRTF.
Title: Pairing-Friendly Curves
Authors: Yumi Sakemi
Satoru Kanno
Riad S. Wahby
Name: draft-irtf-cfrg-pairing-friendly-curves-12.txt
Pages: 54
Dates: 2025-11-02
Abstract:
Pairing-based cryptography, a subfield of elliptic curve
cryptography, has received attention due to its flexible and
practical functionality. Pairings are special maps defined using
elliptic curves and it can be applied to construct several
cryptographic protocols such as identity-based encryption, attribute-
based encryption, and so on. At CRYPTO 2016, Kim and Barbulescu
proposed an efficient number field sieve algorithm named exTNFS for
the discrete logarithm problem in a finite field. Several types of
pairing-friendly curves such as Barreto-Naehrig curves are affected
by the attack. In particular, a Barreto-Naehrig curve with a 254-bit
characteristic was adopted by a lot of cryptographic libraries as a
parameter of 128-bit security, however, it ensures no more than the
100-bit security level due to the effect of the attack. In this
memo, we list the security levels of certain pairing-friendly curves,
and motivate our choices of curves. First, we summarize the adoption
status of pairing-friendly curves in standards, libraries and
applications, and classify them in the 128-bit, 192-bit, and 256-bit
security levels. Then, from the viewpoints of "security" and "widely
used", we select the recommended pairing-friendly curves considering
exTNFS.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-irtf-cfrg-pairing-friendly-curves/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-irtf-cfrg-pairing-friendly-curves-12.html
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-irtf-cfrg-pairing-friendly-curves-12
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
- [CFRG] I-D Action: draft-irtf-cfrg-pairing-friend… internet-drafts
- [CFRG] Re: I-D Action: draft-irtf-cfrg-pairing-fr… John Mattsson
- [CFRG] Re: I-D Action: draft-irtf-cfrg-pairing-fr… John Bradley
- [CFRG] Re: I-D Action: draft-irtf-cfrg-pairing-fr… Nick Sullivan
- [CFRG] Re: I-D Action: draft-irtf-cfrg-pairing-fr… Bellebaum, Thomas
- [CFRG] Re: I-D Action: draft-irtf-cfrg-pairing-fr… Watson Ladd