Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve25519function-01.txt
Richard Barnes <rlb@ipv.sx> Tue, 12 August 2014 16:50 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D4FC1A0322 for <cfrg@ietfa.amsl.com>; Tue, 12 Aug 2014 09:50:25 -0700 (PDT)
X-Quarantine-ID: <ClhvenECowiV>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BANNED, message contains text/plain,.exe
X-Spam-Flag: NO
X-Spam-Score: 0.323
X-Spam-Level:
X-Spam-Status: No, score=0.323 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MANGLED_OFF=2.3, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ClhvenECowiV for <cfrg@ietfa.amsl.com>; Tue, 12 Aug 2014 09:50:23 -0700 (PDT)
Received: from mail-oi0-f50.google.com (mail-oi0-f50.google.com [209.85.218.50]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19A991A030B for <cfrg@irtf.org>; Tue, 12 Aug 2014 09:50:23 -0700 (PDT)
Received: by mail-oi0-f50.google.com with SMTP id a141so6859444oig.9 for <cfrg@irtf.org>; Tue, 12 Aug 2014 09:50:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=Oux0G3Rb+OPuqRJT3xusAbTsegWy7/G5lkPYivH932s=; b=BWHnKA9cLWbHpigPrGAZqCv15Z3LVU9AZv40DXuR6VtwMaTDL5YL/rKvm2iBEY7SD8 D4LBYGGnB15BvXbzFgqm3PaT6uiGQrr5FYwbVT5qK3Sz0ONBhsoppwQfk1G16q6Exi5k gO+qIwX/Mfwws2LaoZtURwqjkaOtufWRpuiUiDOzARtjkwxsLdm1g7WjaFLjI2oUpyy5 HuNAOfXs20TZHwvXRkvCdFU4cHfJYK6yMNI26evN1qxo2V1Yc2FVsZ0eAYBSuPSGUcE+ U4vqMCWoIQ1diS9IpYCrEBhujOUZRbgy9UV/0AItjkXd7FyEnlzSDuLfKL3pDga2ptI0 fvug==
X-Gm-Message-State: ALoCoQm9IrXc5Ap12TifISf7PtH54dt4jK8ycsm10Gvg/fAZhjUbdUbESq5LvQx3bhdfxXCQcovC
MIME-Version: 1.0
X-Received: by 10.182.94.230 with SMTP id df6mr6254094obb.36.1407862222500; Tue, 12 Aug 2014 09:50:22 -0700 (PDT)
Received: by 10.76.106.202 with HTTP; Tue, 12 Aug 2014 09:50:22 -0700 (PDT)
In-Reply-To: <47B3925A-7D95-4877-8F60-409D506884D5@ieca.com>
References: <20140812131651.17483.68057.idtracker@ietfa.amsl.com> <47B3925A-7D95-4877-8F60-409D506884D5@ieca.com>
Date: Tue, 12 Aug 2014 12:50:22 -0400
Message-ID: <CAL02cgSgDZ-ZrAvemyKOR=VBnLqOMAEZbzTamhzjH0xito9QzA@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Sean Turner <TurnerS@ieca.com>
Content-Type: multipart/alternative; boundary="e89a8fb1f488aa4d9d05007177ab"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/Nv9OGTCa7Ro6ztjIU_bzVHUTKhg
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve25519function-01.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Aug 2014 16:50:25 -0000
A few minor comments below:
"""
Proper implementations use a
restricted set of integers for s and only x-coordinates of points Q
defined over GF(p).
"""
Assuming these restrictions are elaborated in detail elsewhere, a forward
reference would be helpful.
Looks like you need some line breaks here:
"""
cswap(s_t, x_2, x_3) dummy = s_t * (x_2 - x_3) x_2 = x_2 - dummy x_3
= x_3 + dummy Return (x_2, x_3)
"""
The document uses "leftmost" and "rightmost" to refer to bits. It might be
clearer to refer to "most significant" and "least significant".
There are a couple of magic values that appear, a24 in Section 4 and 9 in
Section 5. For a24, it would be helpful just to say "(see [Curve25519])"
to reinforce that this document isn't making it up. For 9, it would be
helpful to note that this fixed value is simply the chosen base point for
Curve25519 (in the language of traditional ECDH).
"""
Alice generates 32 random bytes in f[0] to f[31]. She masks the
three rightmost bits of f[0] and the leftmost bit of f[31] to zero
and sets the second leftmost bit of f[31] to 1. This means that f is
of the form 2^254 + 8 * {0, 1, ..., 2^(251) - 1} as a little-endian
integer.
"""
My preference would be for this to be stated less constructively, e.g., as
"Alice generates a random integer f in the range [2^254, 2^255-8]
inclusive, such that f = 0 (mod 8). For example ... [current procedure]".
"""
where 9 is the number 9
"""
I assume this is "the number 9, represented as a 32-byte integer in the
little-endian representation described in Section 3"
"""
Protocols that require contributory behavior...
"""
This phrase is new to me. Could you expand?
On Tue, Aug 12, 2014 at 9:18 AM, Sean Turner <TurnerS@ieca.com> wrote:
> Hi!
>
> Please note that we’ve submitted a new version to incorporate the comments
> received to date.
>
> The github repo is located here:
> https://github.com/seanturner/draft-turner-thecurve25519function
>
> spt
>
> Begin forwarded message:
>
> > From: internet-drafts@ietf.org
> > Subject: I-D Action: draft-turner-thecurve25519function-01.txt
> > Date: August 12, 2014 at 09:16:51 EDT
> > To: i-d-announce@ietf.org
> > Reply-To: internet-drafts@ietf.org
> >
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> >
> >
> > Title : The Curve25519 Function
> > Authors : Watson Ladd
> > Rich Salz
> > Sean Turner
> > Filename : draft-turner-thecurve25519function-01.txt
> > Pages : 7
> > Date : 2014-08-12
> >
> > Abstract:
> > This document specifies the Curve25519 function, an ECDH (Elliptic-
> > Curve Diffie-Hellman) key-agreement scheme for use in cryptographic
> > applications. It was designed with performance and security in mind.
> > This document is based on information in the public domain.
> >
> >
> > The IETF datatracker status page for this draft is:
> > https://datatracker.ietf.org/doc/draft-turner-thecurve25519function/
> >
> > There's also a htmlized version available at:
> > http://tools.ietf.org/html/draft-turner-thecurve25519function-01
> >
> > A diff from the previous version is available at:
> > http://www.ietf.org/rfcdiff?url2=draft-turner-thecurve25519function-01
> >
> >
> > Please note that it may take a couple of minutes from the time of
> submission
> > until the htmlized version and diff are available at tools.ietf.org.
> >
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/
> >
> > _______________________________________________
> > I-D-Announce mailing list
> > I-D-Announce@ietf.org
> > https://www.ietf.org/mailman/listinfo/i-d-announce
> > Internet-Draft directories: http://www.ietf.org/shadow.html
> > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg
>
- [Cfrg] Fwd: I-D Action: draft-turner-thecurve2551… Sean Turner
- Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve… Richard Barnes