Re: [CFRG] Comment on draft-irtf-cfrg-hash-to-curve-10

Daira Hopwood <daira@jacaranda.org> Mon, 03 May 2021 06:08 UTC

Return-Path: <daira@jacaranda.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6C543A091C for <cfrg@ietfa.amsl.com>; Sun, 2 May 2021 23:08:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.383
X-Spam-Level:
X-Spam-Status: No, score=0.383 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HAS_X_OUTGOING_SPAM_STAT=2.484, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jacaranda.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vVFpeWNlgOZg for <cfrg@ietfa.amsl.com>; Sun, 2 May 2021 23:08:53 -0700 (PDT)
Received: from krystal1.wisercloud.co.uk (krystal1.wisercloud.co.uk [185.53.58.188]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21C6F3A07D6 for <cfrg@ietf.org>; Sun, 2 May 2021 23:08:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=jacaranda.org; s=default; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:Cc:To:Subject:Sender :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=2Y8JpkVRymQXSoWAFberESXLQSAG9Yif8D/CxemQqrk=; b=rmdWoDCkKu2P7SWV35uCuY6wrE 2auocob5JMLxNJSsk26iv1a0/FEqVAaDgncMCzgZ7PBDmsi5aKVhTNPiVeG6MiDhTC90yvyZayTNv cUCWKqFTv1fbCOWEZuHQ+HE1rdlovVsMGFh+UEtia1QWYS28UMDLQt5wwShzQ5BNB0Hf4OsNu4GEd Ypz8A2tgkJGBj+iv+SknZ/8YdI6gtiRYTRf8rJa3im11LDcp47A+DBsgqUT5BJ/pdr2iDt9+IGdhh JL4cF1zmeL4EqZiWUkeYq/inAzMHj/h29DvcnRInM3yQE65FqqEds9N+dx77KrzCrpVRuEZGnTZR9 nqx5npqQ==;
Received: from host86-179-54-144.range86-179.btcentralplus.com ([86.179.54.144]:51568 helo=[192.168.1.85]) by krystal1.wisercloud.co.uk with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94) (envelope-from <daira@jacaranda.org>) id 1ldRl9-00EKNP-Ku; Mon, 03 May 2021 07:08:47 +0100
To: "Riad S. Wahby" <rsw@cs.stanford.edu>
Cc: cfrg@ietf.org
References: <e270e62d-941d-0a87-7dc9-cf80f73b5aeb@jacaranda.org> <108aae2c-576d-ba68-34b8-c539d3fb945d@jacaranda.org> <d2f89438-faeb-47db-97f9-c7ebb394f348@www.fastmail.com> <8c736a71-8ef0-dd8e-1b5a-47cccf1af410@jacaranda.org> <20210422164424.5qwe5msxueqz6rrk@muon> <3360a3c2-9afc-332b-c3c7-6c8c512f8c1b@jacaranda.org> <20210423193036.szrrpvg7zbtplkor@muon>
From: Daira Hopwood <daira@jacaranda.org>
Message-ID: <79e77f8d-e8eb-cdbb-b7ea-c4c4e779262c@jacaranda.org>
Date: Mon, 03 May 2021 07:08:45 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.9.0
MIME-Version: 1.0
In-Reply-To: <20210423193036.szrrpvg7zbtplkor@muon>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-OutGoing-Spam-Status: No, score=-0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - krystal1.wisercloud.co.uk
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jacaranda.org
X-Get-Message-Sender-Via: krystal1.wisercloud.co.uk: authenticated_id: daira@jacaranda.org
X-Authenticated-Sender: krystal1.wisercloud.co.uk: daira@jacaranda.org
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/MBbsCqZRggLUtZPcRIG_WkpdahQ>
Subject: Re: [CFRG] Comment on draft-irtf-cfrg-hash-to-curve-10
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 May 2021 06:09:04 -0000

On 23/04/2021 20:30, Riad S. Wahby wrote:
> Hello Daira,
> 
> Thanks for clarifying your feedback.
> 
> I remain concerned about mixing implementation detail with high-level
> description. Here I am referring to using divsqrt in place of natural
> field arithmetic operations (sqrt, inversion, etc.) in the body text.
> Describing the algorithm independent of the implementation details is
> a way of specifying the mathematical properties of the algorithm, and
> having this specification explicit in the document has value, from my
> perspective.

The description of divsqrt (or sqrt_ratio) I gave *does* specify the
high-level mathematical properties of the algorithm, and keeps that
separate from how to implement it.

> But as I said in my prior email, it seems like refactoring Appx. G to
> use divsqrt and adding a few implementations of that function for the
> relevant cases (3 mod 4, 5 mod 8, 9 mod 16, and general, perhaps?) is
> a nice way of cleaning things up.

I think that if you explain the general case then the specializations to
{3 mod 4, 5 mod 8, 9 mod 16} are immediate and simple.

> And it seems like the same refactor
> applied to SvdW and Elligator in Appx. G would help, too.
> 
> This isn't something I can do in the near term, but I'm very happy to
> spend time on this once I've got some! I'm hopeful that's about three
> weeks from now, but I've been called an optimist before.
> 
> Thanks again for the feedback and best regards,

You're welcome.

-- 
Daira Hopwood