Re: [CFRG] Second RGLC on draft-irtf-cfrg-pairing-friendly-curves

Michael Scott <> Fri, 19 March 2021 11:44 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3666B3A1016 for <>; Fri, 19 Mar 2021 04:44:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.088
X-Spam-Status: No, score=-2.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id M__P8QjdTNsT for <>; Fri, 19 Mar 2021 04:44:38 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::b36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9B4F03A1015 for <>; Fri, 19 Mar 2021 04:44:38 -0700 (PDT)
Received: by with SMTP id n195so5890691ybg.9 for <>; Fri, 19 Mar 2021 04:44:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=xlNIv9Dgx5YSZiQvkHOeS7pgANAujbBSW+/CxQ14MfI=; b=LIC80AZl+QeEkURUhZpkoNm+1FVXWAAygPUmbfotoOQ6xZB49None3w72ZltxHLcTh MwpJ8s/b9JwIrqNOwSzpoeC+wYOOSI7MOKRttSWdz7Qg28X7sYs9gkg5Yuw5DwSoVLbK s/v8Z9mFWdlgugMXEKqEinuHyi12yyEvYJ2wPRx4lgGBCnSs9hgqJPhBiDseyinxHz5U ozp8ZK5kxvzdXPgHtO4MtKKQmemr0tRIaOrp8jrcOHyOLDBAadATHrIlNeyS1QDBdkyo /8lGiusFcdDlb+TyooJtlOyQhP6pfHYUK2F8J3jzm2inOzMdSxTW7vETvrIHBMenlyAh LD4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=xlNIv9Dgx5YSZiQvkHOeS7pgANAujbBSW+/CxQ14MfI=; b=gCGszmjKpM9HY6c2YDtR9PxOpoZzG+KgAOscqUKFkzbUNG1g+8TowffeamYP7KvZzF 5BJi8gTqMny0bsApo31Gp/xkPc70TeJyzoPDMDmD/7yzn7zgttPtwkok0fem5BtXnZIP km0YDtSvJ7kNA6RW3w/x8RImXMdSU4arvQyExoRbf7P+Xph3aqUVPcu8YpPjMPOgl9g4 B3QlRaogWtOitLKP5IkqLFys3p1yc5+f4msavUVD7MOwOA0RrBKIZQzD0amN7Mhhi5hS RSnhHQl+DNrcuGVlWJVa8/Aey5eA9h19x0aZ9B0XLtbEZiyxw5o7CODBk8sV2Ju8cOxi K03Q==
X-Gm-Message-State: AOAM532q8vsAAfxjXKwCXSGNbLzF/T2oXK+tlcXDrsZlDBvQP38T7UcD fr62MMGToDSfc8R4iJJOo0gWi3Wj1xq+QweFO7ZZIJNczM+C3w==
X-Google-Smtp-Source: ABdhPJyoI8o5nnirXCHX73XZxZP3Msb67Alh/ZwlausafLcXNQKepnAd+ncu2pTRlKMoFYVOOROfDn+hVfKsfsSfrxM=
X-Received: by 2002:a25:2e41:: with SMTP id b1mr5796030ybn.15.1616154275662; Fri, 19 Mar 2021 04:44:35 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <>
In-Reply-To: <>
From: Michael Scott <>
Date: Fri, 19 Mar 2021 11:45:01 +0000
Message-ID: <>
To: CFRG <>
Content-Type: multipart/alternative; boundary="00000000000080e2b805bde23ddb"
Archived-At: <>
Subject: Re: [CFRG] Second RGLC on draft-irtf-cfrg-pairing-friendly-curves
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 19 Mar 2021 11:44:41 -0000

The purpose of this proposed draft standard entitled “Pairing Friendly
Curves” is to suggest standardised state-of-the-art curves for the safe
implementation of pairing-based cryptography. The clue is in the title. The
curves suggested are not controversial, and they are well enough described
to allow unambiguous implementation (I have done it myself).

I think  that the draft under consideration is not intended as, and should
not be judged as, an attempt to vindicate the whole field of pairing-based
crypto. It is just about the curves.

The comments  from Rene do not anywhere suggest any problem with the curves
themselves. Clearly “ditching” the whole proposal (as he suggests) would be
a case of throwing the baby out with the bathwater.

Might I suggest that the proposers cut back their proposal so as to just
describe the curves, some test vectors, and a heavily curtailed
bibliography. There is no actual requirement for much of the surrounding
commentary. I don’t think this document needs to take on an educational
brief. A reference to the excellent “Guide to Pairing-based Cryptography”
would suffice. Of the RFCs I have attempted implementations from, the
shortest have always been the best.

The alternative  would be an attempt to respond point-by-point to Rene’s
objections in order to keep the draft in its current shape. I suspect that
this would involve multiple over-and-backs (as some of Rene's concerns seem
pretty opaque to me), and would be a waste of everyone’s time.

Mike Scott

On Thu, Mar 18, 2021 at 5:36 PM Stanislav V. Smyshlyaev <>

> Dear CFRG,
> This is to cancel the Second RGLC for Pairing-Friendly Curves for now.
> A part of the questions (
> from Rene Struik with the additional concerns related to the -08 version of
> the draft) raised in the list has not been replied publicly. The replies
> for other reviews were provided in
> all later messages contained only support of the draft, but that does not
> change the fact that one part of the concerns has not been discussed.
> Please accept my apologies for the inconvenience.
> The RGLC will be restarted after all received comments are discussed
> publicly in the mailing list.
> Regards,
> Stanislav
> On Thu, 18 Mar 2021 at 18:23, Stanislav V. Smyshlyaev <>
> wrote:
>> Dear Rene,
>> Yumi replied to the received comments in the following message in
>> December:
>> (after
>> the line "Followings are our reply comments for Rene's comments in RGLC.").
>> After that message there were two messages in the mailing list with
>> support of the draft, no new concerns.
>> After that message there was also one clarifying message from Yumi in
>> February about the normative references (I asked to send that message since
>> I had found out that that comment remained unanswered).
>> Regards,
>> Stanislav
>> On Thu, 18 Mar 2021 at 15:52, Rene Struik <> wrote:
>>> Hi Stanislav:
>>> I am puzzled that the 2nd WGLC is on rev09 of the pairing curve draft
>>> (i.e., the one posted on Nov 16th last year).
>>> On Nov 11th, I posted another review on rev08 of this document (see [1])
>>> {for my review of the previous rev07 version, see [2]}.
>>> I could not find any response by the authors to my detailed comments of
>>> my rev08 review. Since they posted the current rev09 version (that is under
>>> 2nd WGLC) on Nov 16th, considerations of those comments must have happened
>>> within that 5-day time window. The authors, however, stated in [3]
>>> "Because we are currently considering Rene's latest comments, I'm sorry but
>>> this version does not reflect them".
>>> Isn't the normal step to consider received comments? If so, isn't the
>>> 2nd WGLC premature?
>>> (FYI - the authors only commented - after almost four months - on my
>>> minor note regarding normative vs. informative reference classification,
>>> but not at all on the much larger review I did in [1].)
>>> Best regards, Rene
>>> [1] Review RS of draft-irtf-cfrg-pairing-friendly-curves-08 (Nov 11,
>>> 2020):
>>> [2] Review RS of draft-irtf-cfrg-pairing-friendly-curves-07 (July 12,
>>> 2020):
>>> [2] Message Yumi Sakemi on draft-irtf-cfrg-pairing-friendly-curves-09
>>> (Nov 16, 2020):
>>> On 2021-03-18 7:04 a.m., Stanislav V. Smyshlyaev wrote:
>>> Dear CFRG participants,
>>> This message starts a second 3-week RGLC on "Pairing-Friendly Curves"
>>> (draft-irtf-cfrg-pairing-friendly-curves-09), that will end on April 9th.
>>> See
>>> for the latest version of the draft.
>>> We are having the second RGLC since Yumi Sakemi has provided (see
>>> replies for the questions raised after the first RGLC.
>>> Please send your comments, as well as expression of support to publish
>>> as an RFC (or possible reasons for not doing so) in reply to this message
>>> or directly to CFRG chairs.
>>> Regards,
>>> Stanislav, Nick and Alexey
>>> _______________________________________________
>>> CFRG mailing listCFRG@irtf.org
>>> --
>>> email: | Skype: rstruik
>>> cell: +1 (647) 867-5658 | US: +1 (415) 287-3867
>>> _______________________________________________
> CFRG mailing list