Re: [Cfrg] ECC reboot (Was: When's the decision?)

Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Thu, 16 October 2014 17:37 UTC

Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9449B1A1A4A for <cfrg@ietfa.amsl.com>; Thu, 16 Oct 2014 10:37:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DIzbk_YSOOYm for <cfrg@ietfa.amsl.com>; Thu, 16 Oct 2014 10:37:46 -0700 (PDT)
Received: from emh07.mail.saunalahti.fi (emh07.mail.saunalahti.fi [62.142.5.117]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D1AD1A19EE for <cfrg@irtf.org>; Thu, 16 Oct 2014 10:37:45 -0700 (PDT)
Received: from LK-Perkele-VII (a88-112-44-140.elisa-laajakaista.fi [88.112.44.140]) by emh07.mail.saunalahti.fi (Postfix) with ESMTP id 11CA93FF7; Thu, 16 Oct 2014 20:37:41 +0300 (EEST)
Date: Thu, 16 Oct 2014 20:37:41 +0300
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
Message-ID: <20141016173741.GA20033@LK-Perkele-VII>
References: <D065A817.30406%kenny.paterson@rhul.ac.uk> <543FF1A7.8030908@secunet.com> <D065B3C0.30460%kenny.paterson@rhul.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <D065B3C0.30460%kenny.paterson@rhul.ac.uk>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/SHCXZunKZnWNHWEj96YjP9ySOSE
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] ECC reboot (Was: When's the decision?)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Oct 2014 17:37:48 -0000

On Thu, Oct 16, 2014 at 04:46:16PM +0000, Paterson, Kenny wrote:
> Johannes,
> 
> Thanks for the pointer to this document. Everyone should read it to get a
> hardware-centric perspective on the problem we are trying to solve.
> 
> What would now be really helpful would be if you could distill the entire
> 5-page document into a couple of succinct sentences that we can then
> debate as possible hardware-specific requirements for our process - see
> this post for examples of the kind of level of detail we're looking for
> here:

What I consider short a summary of this topic:

General-purpose software requires special primes, extended-sidechannel-
security stuff requires (or at least is much easier with) random primes,
other hardware can use either with no preference.


Oh, and is there anything wrong with just using Brainpool for random
primes for extended-sidechannel-security applications? It even has TLS
codepoints.

Oh, and Weierstrass form. And cofactor 1. And unrestricted twist
cofactor. And uses SEC point formats.


-Ilari