Re: [Cfrg] Recommending secp256k1 in FIPS 186-5

Jeff Burdges <burdges@gnunet.org> Sat, 21 December 2019 00:31 UTC

Return-Path: <burdges@gnunet.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7002D1209E0 for <cfrg@ietfa.amsl.com>; Fri, 20 Dec 2019 16:31:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.532
X-Spam-Level:
X-Spam-Status: No, score=-3.532 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xIZSKyWdWnOF for <cfrg@ietfa.amsl.com>; Fri, 20 Dec 2019 16:31:28 -0800 (PST)
Received: from mail-out1.informatik.tu-muenchen.de (mail-out1.in.tum.de [131.159.0.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BE1D1209DF for <cfrg@irtf.org>; Fri, 20 Dec 2019 16:31:28 -0800 (PST)
Received: from [127.0.0.1] (sam.net.in.tum.de [IPv6:2001:4ca0:2001:42:225:90ff:fe6b:d60]) by sam.net.in.tum.de (Postfix) with ESMTP id AC2341C00D2 for <cfrg@irtf.org>; Sat, 21 Dec 2019 01:34:24 +0100 (CET)
From: Jeff Burdges <burdges@gnunet.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_8DB63349-95DD-47E1-A1CF-881C92CF5D7F"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Sat, 21 Dec 2019 01:31:18 +0100
References: <CAHOTMVLSOAXXO21MNdBFGjh6K9hH7hNznTd6gzEa4CN5dvMOdg@mail.gmail.com> <3C6C3732-B5F3-4759-9BEF-5B3AA52DF2CD@gmail.com> <017c01d5b6a1$1f311d40$5d9357c0$@augustcellars.com>
To: CFRG <cfrg@irtf.org>
In-Reply-To: <017c01d5b6a1$1f311d40$5d9357c0$@augustcellars.com>
Message-Id: <E9CEA3DE-4A50-4481-8A66-0F9C428B5B9B@gnunet.org>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Siu_OraUUKxbyFsLcFtFySM6uQ8>
Subject: Re: [Cfrg] Recommending secp256k1 in FIPS 186-5
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Dec 2019 00:31:31 -0000

> On 19 Dec 2019, at 18:13, Jeff Burdges <burdges@gnunet.org> wrote:
> Third, there are many poorly designed, or outright insecure, protocols like SECIO are built on secp256k1 whose usage should not be encouraged.  Any recommendation for secp256k1 makes these protocols might encourage their usage.  We should also be wary of nasty interactions between existing secp256k1 protocols like BIP32 and ECDSA multisigs.

I neglected to mention that secp256k1 has many really bad implementations for the curve itself, which invites different problems from all the bad protocols.

Jeff