Re: [Cfrg] Results of the poll: Elliptic Curves - preferred curves around 256bit work factor (ends on March 3rd)
Benjamin Black <b@b3k.us> Thu, 05 March 2015 23:54 UTC
Return-Path: <b@b3k.us>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25BFE1A909A for <cfrg@ietfa.amsl.com>; Thu, 5 Mar 2015 15:54:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.976
X-Spam-Level:
X-Spam-Status: No, score=-1.976 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p571WMtF7oCS for <cfrg@ietfa.amsl.com>; Thu, 5 Mar 2015 15:54:52 -0800 (PST)
Received: from mail-ie0-f180.google.com (mail-ie0-f180.google.com [209.85.223.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B74491A9090 for <cfrg@irtf.org>; Thu, 5 Mar 2015 15:54:51 -0800 (PST)
Received: by iecrp18 with SMTP id rp18so13474155iec.10 for <cfrg@irtf.org>; Thu, 05 Mar 2015 15:54:51 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=31K/aL9OKfHmISKohd3jYSzmfthznHVSxNG+heCRloA=; b=f8f/SXHZsYYAQ2XiltCnciW5ythSPgs73I0QYImY7nBuGBLWFeNvF3I5mxtL2Wd1Tf zagU/Pvkpd+QbqFzvMluTJ+ijv/+wDPQYLAu0M+UueKSEtiQlVbSliS7PCMkEJBCIWTZ jnzGFy35F0+HAT6pnoEZcRI/WiA3XTjOcD/sJHbonz33ytM2BWNZafcVFTtXR5D+h03l eDWYm+J1DI6tlhpHL8/4fTFEW9vC8hFq97uAct0L961DRQJnzevVmzpqWkebBg/4Inim 048JHhsIY4xPgAf8XNaoIVJ8jihTl6dVueCs5iJBWXQTT+Lxjnhbl0wkQcaIXBeY8Vg+ U0Pw==
X-Gm-Message-State: ALoCoQk1JBTU94x++S0fiJJ8Hafb5d5VUELmf3gQHz7/QtJQRc29i06x17MQUh0V7lriLnqY+X4N
X-Received: by 10.42.85.82 with SMTP id p18mr6968690icl.58.1425599691120; Thu, 05 Mar 2015 15:54:51 -0800 (PST)
MIME-Version: 1.0
Received: by 10.36.28.145 with HTTP; Thu, 5 Mar 2015 15:54:30 -0800 (PST)
In-Reply-To: <7FFDF55A-61BC-4114-9E8B-F23E43C42426@shiftleft.org>
References: <54EDDBEE.5060904@isode.com> <54F8E2B1.80304@isode.com> <CA+Vbu7y-6ocP9yPrYYVmSGyboHQvLzQFonzkejwE4jxOs0ww6A@mail.gmail.com> <7FFDF55A-61BC-4114-9E8B-F23E43C42426@shiftleft.org>
From: Benjamin Black <b@b3k.us>
Date: Thu, 05 Mar 2015 15:54:30 -0800
Message-ID: <CA+Vbu7w5=RMxjidsbrC15kjzEea=8=eLFyHw6ZXLaMCf03seNQ@mail.gmail.com>
To: Michael Hamburg <mike@shiftleft.org>
Content-Type: multipart/alternative; boundary="20cf303348752e7fd10510934b69"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/TKQqbwo3D3y_mJz_fQ5Fy98hVFs>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Results of the poll: Elliptic Curves - preferred curves around 256bit work factor (ends on March 3rd)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2015 23:54:55 -0000
As you say, it would be equally a problem for every curve, which was my argument repeatedly rejected by Alyssa and Robert. As they have never made a statement, public or private, of which I am aware withdrawing their assertions, I can only assume they still believe what they said. If they would like to pipe up and explain that they no longer hold those views that'd be swell. I cannot comment on Microsoft as I am no longer there. On Thu, Mar 5, 2015 at 3:41 PM, Michael Hamburg <mike@shiftleft.org> wrote: > Hi Benjamin, > > Robert Ransom was concerned about Microsoft’s paper and code release > possibly containing material based on the patent US7602907. This wasn’t > particularly to do with the curve, but with the combs algorithm for fast > fixed-point multiplications. If this is a problem with any curve, it’s > equally a problem for (implementations of) every curve. I believe that > Robert was motivated in this pursuit by a deep-seated conviction that > Microsoft was trying to pull something shady, but Alyssa and I just want to > make sure that the patent landscape is clear so that nobody infringes by > accident. > > Since my code uses signed all-bits set combs, and if I understand > correctly your patent specifically covers modified LSB-set combs, I don’t > believe that my implementation has patent problems. Again, this is a > property of the implementation and not of the curve. > > I asked if you and/or the Microsoft legal team concurred with this > analysis. You said that your team was unaware of the patent and didn’t use > it intentionally, but that you would ask legal if it happened to be > covered, and whether they thought the Goldilocks code might be affected. > Nearly 6 months have passed and we haven’t heard anything from legal. Do > you have an update for us? > > Cheers, > — Mike > > On Mar 5, 2015, at 3:22 PM, Benjamin Black <b@b3k.us> wrote: > > What happened to the earlier, vigorous arguments by Robert Ransom, Alyssa > Rowan and Mike Hamburg that Goldilocks448, and perhaps all of the curves > based on large primes, would be covered by Microsoft IP? > > On Thu, Mar 5, 2015 at 3:11 PM, Alexey Melnikov <alexey.melnikov@isode.com > > wrote: > >> On 25/02/2015 14:27, Alexey Melnikov wrote: >> >>> CFRG chairs are starting another poll: >>> >>> Q3: This is a Quaker poll (please answer one of "preferred", >>> "acceptable" or "no") for each curve specified below: >>> >>> 1) 448 (Goldilocks) >>> 2) 480 >>> 3) 521 >>> 4) other curve (please name another curve that you "prefer" or "accept", >>> or state "no") >>> >> Thank you for all responses. >> >> 521 - 6 preferred, 14 - acceptable >> 448 - 16 preferred, 4 - acceptable >> >> Very few prefer others (512 NUMS, 480). >> >> So CFRG prefers curve 448. >> >>> >>> If you stated your curve preferences in the poll that ended on February >>> 23rd (see the attachment), you don't need to reply to this poll, your >>> opinion is already recorded. But please double check what chairs recorded >>> (see the attachment). >>> >>> If you changed your mind or only answered the question about performance >>> versa memory usage for curves 512 and 521, feel free to reply. >>> >>> Once this issues is settled, we will be discussing (in no particular >>> order. Chairs reserve the right to add additional questions) implementation >>> specifics and coordinate systems for Diffie-Hellman. We will then make >>> decisions on signature schemes. Please don't discuss any of these future >>> topics at this time. >>> >> >> _______________________________________________ >> Cfrg mailing list >> Cfrg@irtf.org >> http://www.irtf.org/mailman/listinfo/cfrg >> > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg > > >
- [Cfrg] Rerun: Elliptic Curves - preferred curves … Alexey Melnikov
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Phillip Hallam-Baker
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Watson Ladd
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Stephen Farrell
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Yoav Nir
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Phillip Hallam-Baker
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Paul Hoffman
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Adam Langley
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Paul Lambert
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Simon Josefsson
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Watson Ladd
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Derek Atkins
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Damien Miller
- [Cfrg] On "non-NIST" Paul Hoffman
- Re: [Cfrg] On "non-NIST" stephen.farrell
- Re: [Cfrg] On "non-NIST" Paul Lambert
- Re: [Cfrg] On "non-NIST" Phillip Hallam-Baker
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Alyssa Rowan
- Re: [Cfrg] On "non-NIST" Stephen Farrell
- Re: [Cfrg] On "non-NIST" Tony Arcieri
- Re: [Cfrg] On "non-NIST" Tony Arcieri
- Re: [Cfrg] On "non-NIST" Damien Miller
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Dan Brown
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Dan Harkins
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… _MiW
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Rene Struik
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Ilari Liusvaara
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… David Leon Gil
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Andy Lutomirski
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Tony Arcieri
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Andrey Jivsov
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… David Gil
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Benjamin Beurdouche
- [Cfrg] Results of the poll: Elliptic Curves - pre… Alexey Melnikov
- Re: [Cfrg] Results of the poll: Elliptic Curves -… Benjamin Black
- Re: [Cfrg] Results of the poll: Elliptic Curves -… Watson Ladd
- Re: [Cfrg] Results of the poll: Elliptic Curves -… Michael Hamburg
- Re: [Cfrg] Results of the poll: Elliptic Curves -… Benjamin Black
- Re: [Cfrg] Results of the poll: Elliptic Curves -… Benjamin Black
- Re: [Cfrg] Comb algorithm IPR status (was: Result… Alyssa Rowan
- Re: [Cfrg] Comb algorithm IPR status (was: Result… Benjamin Black
- Re: [Cfrg] Comb algorithm IPR status Mike Hamburg
- Re: [Cfrg] Comb algorithm IPR status Alyssa Rowan
- Re: [Cfrg] Comb algorithm IPR status Benjamin Black
- Re: [Cfrg] Comb algorithm IPR status Benjamin Black