Re: [Cfrg] I-D Action: draft-yonezawa-pairing-friendly-curves-00.txt

Shoko YONEZAWA <yonezawa@lepidum.co.jp> Fri, 15 February 2019 10:08 UTC

Return-Path: <yonezawa@lepidum.co.jp>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BEF6130FE6 for <cfrg@ietfa.amsl.com>; Fri, 15 Feb 2019 02:08:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lepidum-co-jp.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cLH7UaEJH4pw for <cfrg@ietfa.amsl.com>; Fri, 15 Feb 2019 02:08:29 -0800 (PST)
Received: from mail-pf1-x442.google.com (mail-pf1-x442.google.com [IPv6:2607:f8b0:4864:20::442]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C0F4130F8E for <cfrg@irtf.org>; Fri, 15 Feb 2019 02:08:28 -0800 (PST)
Received: by mail-pf1-x442.google.com with SMTP id u6so4606231pfh.11 for <cfrg@irtf.org>; Fri, 15 Feb 2019 02:08:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lepidum-co-jp.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=uPtvPniU75ekcmfCzSB6BZY7GZ+a2kcMAAFTd552vwA=; b=fV+GUM0wHHfZy3u/3fI2u2v6q7mIjZaLIMrRiSL2DPnvPRt1PfHJdWO7pU02UTl+t+ 8lMRJJidytcrJ4xyiOHLY+sOcWYxKGB5Q/JgRa8BraqXoEnaJt4sze4GdlUpskM/96lx 5Uw54+LfA/Xf1Q/GhMwEfqgLiEUHXqKvJxM9q+i9xL4jmQbisly8PlYYo8GtG6dKxwno f6NGNQAJq6h27GQaHuXpbZmLntRJ6u0AS+w900ZEVWPh47WdV2Q10Lo0nFhJWJxnXiQb JnF4gp72OsjZ4BOZPk+sGxvkMFMOu8hiISi1VJyLbGfktlF435FTuywGkQvFYRlYzDDF wgjA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=uPtvPniU75ekcmfCzSB6BZY7GZ+a2kcMAAFTd552vwA=; b=hizg3RlnEx4CfgH1n0mSvgyl0sf6czoB22m3xPVoQCP9I0tZ7CftbJHABQiooXuI37 c9p1HK0zU3nJvXagZOTM046Mx4vLCHyc2yGu1YnIrnjPuMh9I/kmsYVsN7i2EXkGtazi mmtK+K7JyfCz9fl1BbGQIspl1Km5nHZge+ffPRLGJkSnfZU5bZZtOy7EiW2an198x9xs 0+oaI6cjYovthel69ziP+ambA2YNp+4imnZUXGUMce1iXNhmo0HgSw6po+W5cCpX5dF3 G6F/AYnoEDqC3iHcYIRmt95nWxbRGE8NZWNqWr7JUKbL7wf1f0bfGmcQ4QSPGdbv65lT Uj9w==
X-Gm-Message-State: AHQUAuZGI1fL2KL4wLgUXsBnQ7gBOXEGf/uy4jStRo+C/bRsDDwN4SOg BNxV71reOA3z1Q/3UDXj7l+Jzppan8amwnbJ78x7qMNEdQG34tjrx2x8zIo8tUV+dHfpg8XBYsV CH6ecPH2vYes25lYUt4hK3zVn03KgObW0PKDn3D0LDmNldOv9HdUwntP/OX8=
X-Google-Smtp-Source: AHgI3IYF3SxFsmKjnlIELYsluIfgCqQczwzFtBBGBRGh3qbOodOAwwtB0Dz/TMOAIdYSvPtTZoZ6zA==
X-Received: by 2002:a63:d842:: with SMTP id k2mr4489582pgj.8.1550225307550; Fri, 15 Feb 2019 02:08:27 -0800 (PST)
Received: from [10.5.200.4] ([39.110.225.99]) by smtp.gmail.com with ESMTPSA id a90sm10294536pfj.109.2019.02.15.02.08.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 15 Feb 2019 02:08:26 -0800 (PST)
To: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
References: <030efaab-7a2d-8743-89a7-28fe61211cea@lepidum.co.jp> <5DC878C8-148E-4746-9C5C-0F960882194D@rhul.ac.uk> <d9c81d0e-3332-c0a8-5c50-68ad1fb1df04@lepidum.co.jp> <E4977A89-214B-4797-B040-5170B7CD1525@rhul.ac.uk>
From: Shoko YONEZAWA <yonezawa@lepidum.co.jp>
Message-ID: <3a514eda-9c9f-d9e4-b66a-0f3ff94d4036@lepidum.co.jp>
Date: Fri, 15 Feb 2019 19:08:24 +0900
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0
MIME-Version: 1.0
In-Reply-To: <E4977A89-214B-4797-B040-5170B7CD1525@rhul.ac.uk>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/UsoCbgQnWYwZZ8t1dqgOTw9B4fo>
Subject: Re: [Cfrg] I-D Action: draft-yonezawa-pairing-friendly-curves-00.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 10:08:37 -0000

Dear Kenny,

 >> We are going to include test vectors as well as curve parameters 
(size, order, generator, cofactor etc.) in the next version.
 >> One thing we are worrying is how to represent an element of an 
extension field (G2 and GT) in String.
 >> We will try to find the suitable representation by referring other 
examples and hearing the opinions from users of these curves.
 >
 > There are people on this list who have lots of experience of this 
kind of thing and I'm sure they'll jump in to help out.

Very nice to hear that. We really appreciate it.
At the moment, we would like to use the representation
according to the definition given in IEEE 1363a-2004.
I'd like to ask users if it would be acceptable.

Best regards,
Shoko

On 2019/02/15 18:16, Paterson, Kenny wrote:
> Dear Shoko,
> 
>> On 15 Feb 2019, at 03:46, Shoko YONEZAWA <yonezawa@lepidum.co.jp> wrote:
>>
>> Dear Kenny,
>>
>> Thank you very much for your comments on our draft.
> 
> [...]
> 
>> We are going to describe pseudo-code of pairing computation (optimal Ate pairing, specifically) for both BN curves and BLS curves
>> so that readers can imagine the implementation of pairing computation.
>> This will appear in Appendix.
>> I will post the description after we complete it.
> 
> Excellent.
> 
>> Your comments are really appreciated.
>>
>>> Relatedly, then, it would be useful to include test vectors for this "reference implementation".
>>
>> We are going to include test vectors as well as curve parameters (size, order, generator, cofactor etc.) in the next version.
>> One thing we are worrying is how to represent an element of an extension field (G2 and GT) in String.
>> We will try to find the suitable representation by referring other examples and hearing the opinions from users of these curves.
> 
> There are people on this list who have lots of experience of this kind of thing and I'm sure they'll jump in to help out.
> 
> Cheers,
> 
> Kenny
> 
>> Best regards,
>> Shoko
>>
>>> On 2019/02/08 21:01, Paterson, Kenny wrote:
>>> Dear Shoko,
>>> Thanks for preparing this draft. I think it could be very useful for CFRG to specify some pairing-friendly curves that reflect recent advances in cryptanalysis. We expect additional drafts making use of such curves to come before CFRG for consideration in the near future.
>>> One question I had at this stage: would it be feasible to include a short, self-contained description in pseudo-code of how to compute a pairing on these curves? I know this may be asking for quite a lot, especially as there are different pairings available, and many implementation optimisations can be made. However, perhaps a simple and not necessarily super-optimised description could be given? This would enable people starting from scratch with a suitable curve library to at least obtain a working implementation for themselves (which would of course be rather slow). Relatedly, then, it would be useful to include test vectors for this "reference implementation".
>>> Best wishes,
>>> Kenny
>>> -----Original Message-----
>>> From: Cfrg <cfrg-bounces@irtf.org> on behalf of Shoko YONEZAWA <yonezawa@lepidum.co.jp>
>>> Date: Monday, 28 January 2019 at 14:55
>>> To: "cfrg@irtf.org" <cfrg@irtf.org>
>>> Subject: [Cfrg] I-D Action: draft-yonezawa-pairing-friendly-curves-00.txt
>>>      Hi there,
>>>           we have submitted an Internet-Draft about pairing-friendly curves.
>>>      This is a revision of draft-kato-threat-pairing
>>>      (https://datatracker.ietf.org/doc/draft-kato-threat-pairing/).
>>>           Our I-D introduces pairing-friendly curves used for constructing
>>>      highly-functional crypto-based protocols.
>>>      We describe secure parameters for pairing-frinedly curves
>>>      reflecting the recent result on the remarkable attack
>>>      by Kim and Barbulescu.
>>>           I would be grateful if you are interested in our draft
>>>      and kindly read it. Your comments are welcome.
>>>           Thank you,
>>>      Shoko YONEZAWA
>>>           ---
>>>      A New Internet-Draft is available from the on-line Internet-Drafts
>>>      directories.
>>>                         Title           : Pairing-Friendly Curves
>>>               Authors         : Shoko Yonezawa
>>>                                 Sakae Chikara
>>>                                 Tetsutaro Kobayashi
>>>                                 Tsunekazu Saito
>>>          Filename        : draft-yonezawa-pairing-friendly-curves-00.txt
>>>          Pages           : 17
>>>          Date            : 2019-01-27
>>>           Abstract:
>>>          This memo introduces pairing-friendly curves used for constructing
>>>          pairing-based cryptography.  It describes recommended parameters for
>>>          each security level and recent implementations of pairing-friendly
>>>          curves.
>>>                The IETF datatracker status page for this draft is:
>>>      https://datatracker.ietf.org/doc/draft-yonezawa-pairing-friendly-curves/
>>>           There are also htmlized versions available at:
>>>      https://tools.ietf.org/html/draft-yonezawa-pairing-friendly-curves-00
>>>      https://datatracker.ietf.org/doc/html/draft-yonezawa-pairing-friendly-curves-00
>>>                Please note that it may take a couple of minutes from the time of submission
>>>      until the htmlized version and diff are available at tools.ietf.org.
>>>           Internet-Drafts are also available by anonymous FTP at:
>>>      ftp://ftp.ietf.org/internet-drafts/
>>>           _______________________________________________
>>>      Cfrg mailing list
>>>      Cfrg@irtf.org
>>>      https://www.irtf.org/mailman/listinfo/cfrg
>>>      
>>
>> -- 
>> Shoko YONEZAWA
>> Lepidum Co. Ltd.
>> yonezawa@lepidum.co.jp
>> TEL: +81-3-6276-5103

-- 
Shoko YONEZAWA
Lepidum Co. Ltd.
yonezawa@lepidum.co.jp
TEL: +81-3-6276-5103