[Cfrg] Primes (last time hopefully!)
Watson Ladd <watsonbladd@gmail.com> Wed, 28 January 2015 15:53 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E19D1A8752 for <cfrg@ietfa.amsl.com>; Wed, 28 Jan 2015 07:53:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BDaIIZV5ev7J for <cfrg@ietfa.amsl.com>; Wed, 28 Jan 2015 07:53:06 -0800 (PST)
Received: from mail-yk0-x229.google.com (mail-yk0-x229.google.com [IPv6:2607:f8b0:4002:c07::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 677CA1A8738 for <cfrg@irtf.org>; Wed, 28 Jan 2015 07:53:06 -0800 (PST)
Received: by mail-yk0-f169.google.com with SMTP id 200so9215049ykr.0 for <cfrg@irtf.org>; Wed, 28 Jan 2015 07:53:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=eof3Zc1L0uwrvuTrhX9BJewkjyj480CSkME53Ggk/IY=; b=aEXk0oU5HfjbyfIhCc53Lgz/3+asVbD7R7Tz3+0i4Pg6dZKUtkDFbvqOS7u618wBEG 5vXHhpUvKjOcAr/RHljJXgQslikSEZDegX9HxyAddU5ZB1M6UuxeiSfx5eMNnBWXjAzQ 0d7LDI8KbCJjBmajsUeey+3U2+lKgr9JxZH5j9hSn19+QZuGQEaecJxy1c2r0CLg3jGQ G63AOQkIaI9hZNRYEXik7yXzzPesXFDyxFE2W8S+6LqZEmwF0oWSXKXVITgHVayKeJlb eqSV0AwrsHRviZjwB395TYn9dyecvCLDZwW6vtGju0M+1SjsePVGGkGs6o5xCdUHuiBL 28KA==
MIME-Version: 1.0
X-Received: by 10.236.1.102 with SMTP id 66mr1528664yhc.163.1422460385608; Wed, 28 Jan 2015 07:53:05 -0800 (PST)
Received: by 10.170.115.77 with HTTP; Wed, 28 Jan 2015 07:53:05 -0800 (PST)
Date: Wed, 28 Jan 2015 07:53:05 -0800
Message-ID: <CACsn0c=a90vhRNg8Dj2otqp4HfjSdA5Cj8oU2XgKcYYMXS+znA@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/KkgP4dG_OYgzL-xAmdvM7Gzo0Zc>
Subject: [Cfrg] Primes (last time hopefully!)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jan 2015 15:53:08 -0000
Dear all, The following have been suggested for primes at sizes between 2^255-19 and 2^521-1. 2^521-1 2^512-big 2^448-2^224-1 2^414-17 2^389-21 2^384-big 2^379-19 I'm omitting smaller primes from the list, because I don't think that 2^324-24 is that interesting to anyone, for instance, as the time taken to compute a discrete log isn't that much bigger than 2^255-19 and the performance not much better then 2^379-19. Personally I think 2^521-1 needs to be in there, and 2^379-19 is reasonable, absent hard numbers showing its terrible. I'm hoping sometime to get those hard numbers. I'm assuming we use Edwards with the minimal d and the isogenous Montgomery curve with small value of a24 for all of these: there doesn't seem to be a reason not to. We can twist if that produces a complete curve: it's almost completely irrelevant. Sincerely, Watson Ladd
- [Cfrg] Primes (last time hopefully!) Watson Ladd
- Re: [Cfrg] Primes (last time hopefully!) Alyssa Rowan
- Re: [Cfrg] Primes (last time hopefully!) Ilari Liusvaara
- Re: [Cfrg] Primes (last time hopefully!) Watson Ladd