Re: [Cfrg] Rerun: Elliptic Curves - preferred curves around 256bit work factor (ends on March 3rd)
Simon Josefsson <simon@josefsson.org> Wed, 25 February 2015 16:50 UTC
Return-Path: <simon@josefsson.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66A521A87C1 for <cfrg@ietfa.amsl.com>; Wed, 25 Feb 2015 08:50:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.348
X-Spam-Level:
X-Spam-Status: No, score=0.348 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SZc6ekTGBIaN for <cfrg@ietfa.amsl.com>; Wed, 25 Feb 2015 08:50:52 -0800 (PST)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 680711A1AB0 for <cfrg@irtf.org>; Wed, 25 Feb 2015 08:50:52 -0800 (PST)
Received: from latte.josefsson.org (c-04f7e555.014-1001-73746f1.cust.bredbandsbolaget.se [85.229.247.4]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t1PGomer029482 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Wed, 25 Feb 2015 17:50:50 +0100
From: Simon Josefsson <simon@josefsson.org>
To: Alexey Melnikov <alexey.melnikov@isode.com>
References: <54EDDBEE.5060904@isode.com>
OpenPGP: id=54265E8C; url=http://josefsson.org/54265e8c.txt
X-Hashcash: 1:22:150225:cfrg@irtf.org::Y/di5fnn0fibAcxW:2erT
X-Hashcash: 1:22:150225:alexey.melnikov@isode.com::lphJ0AJMUK+j4ERK:1NLL
Date: Wed, 25 Feb 2015 17:50:47 +0100
In-Reply-To: <54EDDBEE.5060904@isode.com> (Alexey Melnikov's message of "Wed, 25 Feb 2015 14:27:58 +0000")
Message-ID: <87wq36djfc.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.5 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/Uoms6yjhbRlRgvlGcwsBbz_dftY>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Rerun: Elliptic Curves - preferred curves around 256bit work factor (ends on March 3rd)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Feb 2015 16:50:53 -0000
I believe the focus on "around 256bit work factor" is distracting and could better be phrased "alternative to Curve25519 with higher security margin". Given that the work factor on the mentioned curves vary quite significantly away from 256-bit, I'm reading the poll that way. > Q3: This is a Quaker poll (please answer one of "preferred", > "acceptable" or "no") for each curve specified below: > > 1) 448 (Goldilocks) Preferred. > 2) 480 Acceptable. > 3) 521 Acceptable. > 4) other curve (please name another curve that you "prefer" or > "accept", or state "no") Curve25519 Preferred E-382 Acceptable M-383 Acceptable Curve383187 Acceptable brainpoolP384t1 No NIST P-384 No Curve41417 Acceptable Ed448-Goldilocks Preferred M-511 Acceptable E-521 Acceptable Generally, any curve that has high performance, reasonable security (more than ~100 bits of work factor) and doesn't have design warts (SafeCurves) is acceptable to me. To become preferred, I select the curves out of the acceptable curves that is seeing the highest adoption rate in the implementers community and getting the most reviews in the cryptographic community. The former (acceptable) is a simple process, the latter (preferred) is subjective. /Simon
- [Cfrg] Rerun: Elliptic Curves - preferred curves … Alexey Melnikov
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Phillip Hallam-Baker
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Watson Ladd
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Stephen Farrell
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Yoav Nir
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Phillip Hallam-Baker
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Paul Hoffman
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Adam Langley
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Paul Lambert
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Simon Josefsson
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Watson Ladd
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Derek Atkins
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Damien Miller
- [Cfrg] On "non-NIST" Paul Hoffman
- Re: [Cfrg] On "non-NIST" stephen.farrell
- Re: [Cfrg] On "non-NIST" Paul Lambert
- Re: [Cfrg] On "non-NIST" Phillip Hallam-Baker
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Alyssa Rowan
- Re: [Cfrg] On "non-NIST" Stephen Farrell
- Re: [Cfrg] On "non-NIST" Tony Arcieri
- Re: [Cfrg] On "non-NIST" Tony Arcieri
- Re: [Cfrg] On "non-NIST" Damien Miller
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Dan Brown
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Dan Harkins
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… _MiW
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Rene Struik
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Ilari Liusvaara
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… David Leon Gil
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Andy Lutomirski
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Tony Arcieri
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Andrey Jivsov
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… David Gil
- Re: [Cfrg] Rerun: Elliptic Curves - preferred cur… Benjamin Beurdouche
- [Cfrg] Results of the poll: Elliptic Curves - pre… Alexey Melnikov
- Re: [Cfrg] Results of the poll: Elliptic Curves -… Benjamin Black
- Re: [Cfrg] Results of the poll: Elliptic Curves -… Watson Ladd
- Re: [Cfrg] Results of the poll: Elliptic Curves -… Michael Hamburg
- Re: [Cfrg] Results of the poll: Elliptic Curves -… Benjamin Black
- Re: [Cfrg] Results of the poll: Elliptic Curves -… Benjamin Black
- Re: [Cfrg] Comb algorithm IPR status (was: Result… Alyssa Rowan
- Re: [Cfrg] Comb algorithm IPR status (was: Result… Benjamin Black
- Re: [Cfrg] Comb algorithm IPR status Mike Hamburg
- Re: [Cfrg] Comb algorithm IPR status Alyssa Rowan
- Re: [Cfrg] Comb algorithm IPR status Benjamin Black
- Re: [Cfrg] Comb algorithm IPR status Benjamin Black