IETF Logo Mail Archive

Re: [Cfrg] ECC mod 8^91+5

Dan Brown <danibrown@blackberry.com> Thu, 18 May 2017 19:20 UTC

Return-Path: <danibrown@blackberry.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADF9C129B64 for <cfrg@ietfa.amsl.com>; Thu, 18 May 2017 12:20:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.098
X-Spam-Level:
X-Spam-Status: No, score=0.098 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VxSk-JRoVwky for <cfrg@ietfa.amsl.com>; Thu, 18 May 2017 12:20:55 -0700 (PDT)
Received: from smtp-p01.blackberry.com (smtp-p01.blackberry.com [208.65.78.88]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4AA5128DF3 for <cfrg@irtf.org>; Thu, 18 May 2017 12:14:57 -0700 (PDT)
Received: from xct108cnc.rim.net ([10.65.161.208]) by mhs211cnc.rim.net with ESMTP/TLS/DHE-RSA-AES256-SHA; 18 May 2017 15:14:56 -0400
Received: from XCT197YKF.rim.net (10.2.25.5) by XCT108CNC.rim.net (10.65.161.208) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 18 May 2017 15:14:56 -0400
Received: from XMB116CNC.rim.net ([fe80::45d:f4fe:6277:5d1b]) by XCT197YKF.rim.net ([fe80::459a:3e96:7706:5ba1%12]) with mapi id 14.03.0319.002; Thu, 18 May 2017 15:14:56 -0400
From: Dan Brown <danibrown@blackberry.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: ECC mod 8^91+5
Thread-Index: AdLNjx77PpyZT1/ZSIWijHcZu9CKCQCeRPzA
Date: Thu, 18 May 2017 19:14:55 +0000
Message-ID: <810C31990B57ED40B2062BA10D43FBF501B18C25@XMB116CNC.rim.net>
References: <810C31990B57ED40B2062BA10D43FBF501B181DA@XMB116CNC.rim.net>
In-Reply-To: <810C31990B57ED40B2062BA10D43FBF501B181DA@XMB116CNC.rim.net>
Accept-Language: en-US, en-CA
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.160.249]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/MPIPPbOPIsKhvm47peVHJ0oUvKw>
Subject: Re: [Cfrg] ECC mod 8^91+5
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 May 2017 19:20:58 -0000

Clarifying a few things over my previous message:
- 8^91+5 has fast modular reduction mainly due its being close to a power of 2 (in contrast to 7^98-2).
- 8^91+5 is a little further than I first thought from the specifics of Koblitz-Menezes Example 5, because the conductor seems to have several more prime factors, rather than the single prime in the KM construction - sorry if I gave the wrong impression.  Perhaps portions of the KM example 5 argument might yet apply to 2y^2=x^3+x/GF(8^91+5).
- 8^91+5 as a field size might be a little awkward.  For ECDH, we take advantage of the endomorphism (x,y)->(-x,iy), to drop a sign bit from x.  This fits x into 34 bytes.  This is larger than the usual 128-bit secure ECC curves, which can use 32 bytes, so they require extra data to send and store.  The byte length is not a multiple of 4, let alone power of two, but I am not sure how much trouble that would be.

v2.23.0 | Report a Bug | By Email