Re: [Cfrg] ECC reboot (Was: When's the decision?)

"David Leon Gil" <coruus@gmail.com> Fri, 17 October 2014 16:07 UTC

Return-Path: <coruus@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE4681A1B5B for <cfrg@ietfa.amsl.com>; Fri, 17 Oct 2014 09:07:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iNKR9UyGlgRh for <cfrg@ietfa.amsl.com>; Fri, 17 Oct 2014 09:07:43 -0700 (PDT)
Received: from mail-qg0-x229.google.com (mail-qg0-x229.google.com [IPv6:2607:f8b0:400d:c04::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECC6C1A1A52 for <cfrg@irtf.org>; Fri, 17 Oct 2014 09:07:42 -0700 (PDT)
Received: by mail-qg0-f41.google.com with SMTP id a108so768084qge.14 for <cfrg@irtf.org>; Fri, 17 Oct 2014 09:07:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:mime-version:message-id:in-reply-to:references:from:to:subject :content-type; bh=affzjkzrbzKBDkATT96ieaddZsR1ZdWBrhGfQOUB1dc=; b=l5JHJCohHpkekY4QLy9IcaGIhHQBdW4oJ1YGPl2yhYpGbuYD8rQlp2j148AFqAqDkl D8HeFNPKTPGXoPVKt3Efd640W1ieYfIFeobKz3LYvT95kITLNzo1LCPkVgEoZnbJ4M+J vT5ExSkh9Xt3t4+LSnAJXQyvbMdGmEJCnix48jAcX+msmzT1DR4D23YuQqWwATVdxdhs 59puAqSkiCZTJ57Uk5Qob8/wZohY+bQJ55jTkbBAHWfpmIfejO3IHB69fZgR2n6LuuoW /yz1nuPGPCRHYmBWnmUZtnocBFkIlWJUe5rtL2dNuzxYzkI1SMn4M0qWf9X1szCytufk FYTg==
X-Received: by 10.224.111.201 with SMTP id t9mr13721720qap.0.1413562062048; Fri, 17 Oct 2014 09:07:42 -0700 (PDT)
Received: from hedwig-63.prd.orcali.com (ec2-54-85-253-19.compute-1.amazonaws.com. [54.85.253.19]) by mx.google.com with ESMTPSA id o7sm1212317qgd.11.2014.10.17.09.07.40 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 17 Oct 2014 09:07:40 -0700 (PDT)
Date: Fri, 17 Oct 2014 09:07:40 -0700 (PDT)
X-Google-Original-Date: Fri, 17 Oct 2014 16:07:39 GMT
MIME-Version: 1.0
X-Mailer: Nodemailer (0.5.0; +http://www.nodemailer.com/)
Message-Id: <1413562059625.99476af5@Nodemailer>
In-Reply-To: <54400E9F.5020905@akr.io>
References: <54400E9F.5020905@akr.io>
X-Orchestra-Oid: 35E76E90-2CB0-4EF9-9439-30B9AD0ADA83
X-Orchestra-Sig: 193b27009f40380fdd2da4ff5621169f2fe2de37
X-Orchestra-Thrid: TA0A48A94-F93D-4145-9A0F-E0395A71098E_1482136742507386550
X-Orchestra-Thrid-Sig: 25270b4c11286b5aa8a2cacd930854b0787e83fd
X-Orchestra-Account: 016f880b96449a4a7af50f5448cf76e26ded3e5a
From: "David Leon Gil" <coruus@gmail.com>
To: "Alyssa Rowan" <akr@akr.io>, cfrg@irtf.org
Content-Type: multipart/alternative; boundary="----Nodemailer-0.5.0-?=_1-1413562060892"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/KCahHlTaUofgexEo9TSu2VlzFa4
Subject: Re: [Cfrg] ECC reboot (Was: When's the decision?)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Oct 2014 16:07:45 -0000

Re the primes 2^521-1 and 2^607-1. Mersenne may be particularly good for hardware. Most of the large (expensive) blocks can be shared with side-channel-protected DSP blocks. And hardware designs for Mersenne multiplication are sufficiently old (Rader gives one), that there are no IP issues. (And this, I submit, should be a CFRG priority.)


They're obviously good software performers as well.




There is no problem with generating random curves mod M521; there are O(2^521-1) isomorphism classes. (About 1/4 are Edwards as well, IIRC.)



(Because of the width of DSPs needed in some applications, the prime M607 may not be significantly more expensive than M521 in hardware.)