IETF Logo Mail Archive

Re: [Cfrg] Call for adoption: draft-hdevalence-cfrg-ristretto-01

"Riad S. Wahby" <rsw@cs.stanford.edu> Tue, 01 October 2019 00:12 UTC

Return-Path: <rswatjfet.org@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50F38120073 for <cfrg@ietfa.amsl.com>; Mon, 30 Sep 2019 17:12:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.478
X-Spam-Level:
X-Spam-Status: No, score=-1.478 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.172, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kgOV4NA4QaWJ for <cfrg@ietfa.amsl.com>; Mon, 30 Sep 2019 17:12:07 -0700 (PDT)
Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2013F120077 for <cfrg@irtf.org>; Mon, 30 Sep 2019 17:12:07 -0700 (PDT)
Received: by mail-pl1-f182.google.com with SMTP id f21so4549415plj.10 for <cfrg@irtf.org>; Mon, 30 Sep 2019 17:12:07 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=jdX0i9qC+3K7jhLxR1uuPe4NPATFOJr42jIzsEtXgE4=; b=EEUWkpDHE0GB/s/dx3IqJfIxBk+9MgAsXh9QrODljZfo2QFMKTpYk7+8CfwzWh3dPK o+DPp0UHRSnSpccZiuyseArytj5Mn3ZiG25w2j67L0irPf0aJRGwtQAQ3IzYIVZIZhkh xAA1vZIqm47XukeGCdhJMkvdVG4RTitG8VWbOkvVyUlxGC9dojhYxwtd4OMftYPJMTG5 zRpY4geHsqqI1msBNgxTOVxfYHuaXCmUql7gPiDKGp/0JFek2RfCi4lOCgNwgt5rvXdV qP7zWKhReS6QZEqpqWa2sMPtewrti0YH7G+mRkr8qLdNazoy+sFgTCZQGzOkD0fGwmau PwhQ==
X-Gm-Message-State: APjAAAVMReKbu8GlgzikZcrmEyQyaslzOrHIep/S9HIIlt9aimlC5HLA B7EdmCGuSfl4kMCEtuRRUto=
X-Google-Smtp-Source: APXvYqyY1hoIGX+Rl36YAwXo/qEmThOoSS0l0ySANDkEvBdt2vlTYxP757h+qP1+2LjxxSxgyGmeaw==
X-Received: by 2002:a17:902:6b02:: with SMTP id o2mr22965375plk.302.1569888726460; Mon, 30 Sep 2019 17:12:06 -0700 (PDT)
Received: from localhost (positron.stanford.edu. [171.67.76.114]) by smtp.gmail.com with ESMTPSA id k9sm12955432pfk.72.2019.09.30.17.12.04 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 30 Sep 2019 17:12:05 -0700 (PDT)
Date: Mon, 30 Sep 2019 17:12:04 -0700
From: "Riad S. Wahby" <rsw@cs.stanford.edu>
To: Alex Davidson <alex.davidson92@gmail.com>
Cc: Filippo Valsorda <filippo@ml.filippo.io>, draft-hdevalence-cfrg-ristretto.authors@ietf.org, cfrg@irtf.org
Message-ID: <20191001001204.ltcp3bj5epr7ndmm@positron.jfet.org>
References: <e43c34da-1e2c-d1b5-9fc1-5bcc8373ebc8@isode.com> <CAL02cgQorNKVrOPvqZQtDQNK-F0nH_dwj3i39zadkBKM1O0U5A@mail.gmail.com> <161fc653-2cab-4c6d-812b-92d2e426719d@www.fastmail.com> <6be1dbd1-308c-4e32-98e3-f02dbceefa4d@www.fastmail.com> <CAD5V+fPL+OAoQu_emTSULvv=-hUsrQx97y-7EoeKsfoXH=NTbA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAD5V+fPL+OAoQu_emTSULvv=-hUsrQx97y-7EoeKsfoXH=NTbA@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/UspNAZ861Oyxg7dyMqtpqA-jyaM>
Subject: Re: [Cfrg] Call for adoption: draft-hdevalence-cfrg-ristretto-01
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2019 00:12:08 -0000

Alex Davidson <alex.davidson92@gmail.com> wrote:
> With this in mind, it would be useful if Ristretto groups could
> also be defined for curves with larger security parameters (such
> as providing an interface for Curve448). I'm not sure if this is
> a direction that is currently being considered?

For the specific case of Curve448, Ristretto isn't necessary because
the cofactor is only 4---so Hamburg's Decaf construction [1] (which
precedes Ristretto, and seemingly inspired it) suffices.

It might be interesting for the proposed draft to cover both, though
one could argue that this is feature creep. Probably it's worthwhile
for the Ristretto authors to weigh in on how much it would increase
complexity to cover both constructions in one document.

[1] https://eprint.iacr.org/2015/673

-=rsw

v2.23.0 | Report a Bug | By Email