Re: [CFRG] I-D Action: draft-irtf-cfrg-hash-to-curve-16.txt
Jeff Burdges <burdges@gnunet.org> Tue, 10 January 2023 14:13 UTC
Return-Path: <burdges@gnunet.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DA1CC18F80E; Tue, 10 Jan 2023 06:13:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xMon2BDnXOxl; Tue, 10 Jan 2023 06:13:42 -0800 (PST)
Received: from mailout2.rbg.tum.de (mailout2.rbg.tum.de [131.159.0.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50876C0A0C9B; Tue, 10 Jan 2023 06:12:51 -0800 (PST)
Received: from mailrelay1.rbg.tum.de (mailrelay1.in.tum.de [IPv6:2a09:80c0:254::14]) by mailout2.rbg.tum.de (Postfix) with ESMTPS id 7311D4C0264; Tue, 10 Jan 2023 15:12:49 +0100 (CET)
Received: by mailrelay1.rbg.tum.de (Postfix, from userid 112) id 6D7C418A; Tue, 10 Jan 2023 15:12:49 +0100 (CET)
Received: from mailrelay1.rbg.tum.de (localhost [127.0.0.1]) by mailrelay1.rbg.tum.de (Postfix) with ESMTP id 7BAAC110; Tue, 10 Jan 2023 15:12:44 +0100 (CET)
Received: from sam.net.in.tum.de (sam.net.in.tum.de [IPv6:2001:4ca0:2001:42:225:90ff:fe6b:d60]) by mailrelay1.rbg.tum.de (Postfix) with ESMTP id 6E3C28E; Tue, 10 Jan 2023 15:12:44 +0100 (CET)
Received: from aletheia (sam.net.in.tum.de [IPv6:2001:4ca0:2001:42:225:90ff:fe6b:d60]) by sam.net.in.tum.de (Postfix) with ESMTP id 7D84A1C00D7; Tue, 10 Jan 2023 15:13:16 +0100 (CET)
Date: Tue, 10 Jan 2023 09:12:42 -0500
From: Jeff Burdges <burdges@gnunet.org>
To: Mike Hamburg <mike@shiftleft.org>
Cc: "cfrg@ietf.org" <cfrg@ietf.org>, "i-d-announce@ietf.org" <i-d-announce@ietf.org>
Message-ID: <FAB97DDD-1540-4CED-8BAD-7FEC67D47BAE@getmailspring.com>
In-Reply-To: <03E7A9B7-D5EB-4094-86F4-6469D46C3AAC@shiftleft.org>
References: <03E7A9B7-D5EB-4094-86F4-6469D46C3AAC@shiftleft.org>
X-Mailer: Mailspring
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/TwPJFOiQynqvGAZcMio7SdfE-N4>
Subject: Re: [CFRG] I-D Action: draft-irtf-cfrg-hash-to-curve-16.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jan 2023 14:13:45 -0000
I should not have even mentioned squeeze, sorry. I suggest to either clarify that counter may be a compile-time constant, or else explicitly say counter must support 1 and 2, while just not saying anything about other values. It does not really matter the exact "weasel wording", so long implementors feel okay not using dynamic allocators here. Jeff On Jan 10 2023, at 8:52 am, Mike Hamburg <mike@shiftleft.org> wrote: > My two cents: I would prefer not to specify it as a squeeze behavior, > especially since that’s also complex and even fewer implementations > need to do it in practice. > > Maybe we could specify that implementations of hash_to_field may be > restricted in terms of what counts they support, and that supporting > {1,2} suffices for all the uses in this spec? > > Or we could specify that hash_to_field may be internal? Then you > definitely wouldn’t need to implement it for all N, just for the cases that > actually come up. > > Regards, > — Mike > >> On Jan 10, 2023, at 1:24 PM, Jeff Burdges <burdges@gnunet.org> wrote: >> >> >> Appears hash_to_field and expand_message should not involve an arbitrary >> counter. Instead, they should either (a) be specified in terms of some >> squeeze behavior, or else (b) have the counter restricted somehow. I'm >> sure (b) suffices since hash_to_field needs a counter of only one or >> two. >> >> In fact, you could merely say the counter is a constant, not a runtime >> variable. An implementation that uses a constant is then compliant, >> while an implementation that uses a runtime variable "exceeds" the spec, >> which is fine. >> >> As is, this adds implementation complexity for platforms without a >> dynamic allocator, ala https://github.com/arkworks-rs/algebra/issues/572 >> >> Best, >> Jeff >>
- [CFRG] I-D Action: draft-irtf-cfrg-hash-to-curve-… internet-drafts
- Re: [CFRG] I-D Action: draft-irtf-cfrg-hash-to-cu… Jeff Burdges
- Re: [CFRG] I-D Action: draft-irtf-cfrg-hash-to-cu… Mike Hamburg
- Re: [CFRG] I-D Action: draft-irtf-cfrg-hash-to-cu… Jeff Burdges