IETF Logo Mail Archive

Re: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)

Станислав Смышляев <smyshsv@gmail.com> Tue, 10 February 2015 20:12 UTC

Return-Path: <smyshsv@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 413EB1A1BA4 for <cfrg@ietfa.amsl.com>; Tue, 10 Feb 2015 12:12:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.25
X-Spam-Level: ***
X-Spam-Status: No, score=3.25 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, CHARSET_FARAWAY_HEADER=3.2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NaNL1XyPPvD4 for <cfrg@ietfa.amsl.com>; Tue, 10 Feb 2015 12:12:55 -0800 (PST)
Received: from mail-la0-f49.google.com (mail-la0-f49.google.com [209.85.215.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45A6B1A1EFD for <cfrg@irtf.org>; Tue, 10 Feb 2015 12:12:55 -0800 (PST)
Received: by labhv19 with SMTP id hv19so22607032lab.10 for <cfrg@irtf.org>; Tue, 10 Feb 2015 12:12:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:mime-version:in-reply-to:content-type :content-transfer-encoding:message-id:cc:from:subject:date:to; bh=JJPd0C0gk5NGxshpTfGYFz6grr5TCv+JsXhuScBrxHw=; b=Zh1YjSjU3BfBa16OXyTOqKMjd3NXni3O5bGWiauB5Q7HBOUkZwo0oEdjb8pT7/v2wu 5g1FXshZy7N2b6PJIB7solcGLt0VuiPQ1F6chM4P8V9qzd0iMJTZVEg9t1qrQYPvtTwu byEaMRl6brwSotObhJq/lDMM0M944KwHT3oh30C4m0wZf/0p4g7W4ElH45EOm1/R1jjB cxXEtkE1DDvqjyCnVDlvt9ZmE+bOTMOQD89+3K1ct3diAmOsphGtUKFgRMm6rgZEYMqb oVB/Z42od+/x95zMVoQbwGg0yAgd/ON/sCrv4/FVBNuGH108EUUJfbi9nX45CvrOqKXs Wy9Q==
X-Received: by 10.112.220.36 with SMTP id pt4mr24753552lbc.15.1423599173852; Tue, 10 Feb 2015 12:12:53 -0800 (PST)
Received: from [192.168.1.241] ([95.143.222.136]) by mx.google.com with ESMTPSA id 5sm2888605lam.33.2015.02.10.12.12.52 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 10 Feb 2015 12:12:53 -0800 (PST)
References: <CAMr0u6=L0g1Edg3Q+2baab1LHo2xc7G1qDeok0PJG_tZ5OXATg@mail.gmail.com> <87siedslqq.fsf@alice.fifthhorseman.net>
Mime-Version: 1.0 (1.0)
In-Reply-To: <87siedslqq.fsf@alice.fifthhorseman.net>
Content-Type: text/plain; charset="koi8-r"
Content-Transfer-Encoding: quoted-printable
Message-Id: <0A06BF6D-004F-4B36-960D-FB96B20223D2@gmail.com>
X-Mailer: iPad Mail (11B554a)
From: Станислав Смышляев <smyshsv@gmail.com>
Date: Tue, 10 Feb 2015 23:15:09 +0400
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/KBZa-ViPKLf6y2t9gHnvvNryO2o>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Elliptic Curves - poll on security levels (ends on February 17th)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Feb 2015 20:12:57 -0000

Dear Daniel,

the Russian digital signature standard strictly requires that the order of the prime subgroup of a curve either lies between 2^(254) and 2^(256) or lies between 2^(508) and 2^(512) - and one won't generate a curve with a cofactor of 512 (=2^(521-512)). 

Best regards,
Stanislav Smyshlyaev

> 10 февр. 2015 г., в 21:46, Daniel Kahn Gillmor <dkg@fifthhorseman.net> написал(а):
> 
>> On Tue 2015-02-10 09:20:59 -0500, Stanislav V. Smyshlyaev wrote:
>> Q1: No.
>> Q2: Yes.
>> 
>> For Q2: for Russia it is of primary importance that the curve is strictly
>> 512-bit, not 521-bit.
> 
> Can you elaborate on why this is of primary importance?  If a 521-bit
> curve is as performant, what would cause you to reject it? 
> 
>        --dkg

v2.23.0 | Report a Bug | By Email