Re: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncurves-00.txt
Kohei Kasamatsu <kasamatsu.kohei@po.ntts.co.jp> Tue, 04 February 2014 09:31 UTC
Return-Path: <kasamatsu.kohei@po.ntts.co.jp>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5B0F1A03D4 for <cfrg@ietfa.amsl.com>; Tue, 4 Feb 2014 01:31:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.073
X-Spam-Level:
X-Spam-Status: No, score=0.073 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O05xCHW3j9fC for <cfrg@ietfa.amsl.com>; Tue, 4 Feb 2014 01:30:59 -0800 (PST)
Received: from mail12.ics.ntts.co.jp (mail12.ics.ntts.co.jp [210.232.35.65]) by ietfa.amsl.com (Postfix) with ESMTP id 0BD601A03D9 for <cfrg@irtf.org>; Tue, 4 Feb 2014 01:30:56 -0800 (PST)
Received: from sadoku34.silk.ntts.co.jp (sadoku34 [10.7.18.34]) by mail12.ics.ntts.co.jp (8.14.4/8.14.4/NTTSOFT) with ESMTP id s149UrQm010616; Tue, 4 Feb 2014 18:30:53 +0900 (JST)
Received: (from root@localhost) by sadoku34.silk.ntts.co.jp (8.13.8/NTTSOFT) id s149Uri6014114; Tue, 4 Feb 2014 18:30:53 +0900 (JST)
Received: from ccmds32.silk.ntts.co.jp [10.107.0.32] by sadoku34.silk.ntts.co.jp with SMTP id UAA14113; Tue, 4 Feb 2014 18:30:53 +0900
Received: from mail147.silk.ntts.co.jp (ccmds32.silk.ntts.co.jp [127.0.0.1]) by ccmds32.silk.ntts.co.jp (8.14.3/8.14.3) with ESMTP id s149UqIs023070; Tue, 4 Feb 2014 18:30:53 +0900
Received: from mail147.silk.ntts.co.jp (localhost.localdomain [127.0.0.1]) by mail147.silk.ntts.co.jp (8.14.5/8.14.5/NTTSOFT) with ESMTP id s149UpEk001924; Tue, 4 Feb 2014 18:30:51 +0900
Received: from ccmds32 (mail145.silk.ntts.co.jp [10.107.0.145]) by mail147.silk.ntts.co.jp (8.14.5/8.14.5/NTTSOFT) with SMTP id s149UoQA001921; Tue, 4 Feb 2014 18:30:51 +0900
Message-ID: <52F0B319.5020200@po.ntts.co.jp>
Date: Tue, 04 Feb 2014 18:30:01 +0900
From: Kohei Kasamatsu <kasamatsu.kohei@po.ntts.co.jp>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Laura Hitt <LHitt@21CT.com>, cfrg@irtf.org, kobayashi.tetsutaro@lab.ntt.co.jp, kawahara.yuto@lab.ntt.co.jp
References: <CALvuEy41_HUcv6KX8OuFpK6gn_tSrPN-L5_6yrd2wo_pC07Vcw@mail.gmail.com>
In-Reply-To: <CALvuEy41_HUcv6KX8OuFpK6gn_tSrPN-L5_6yrd2wo_pC07Vcw@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-CC-Mail-RelayStamp: CC-Mail-V4.3-Client
X-CC-Mail-RelayStamp: CC-Mail-V4.3-Server
Subject: Re: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncurves-00.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Feb 2014 09:31:02 -0000
Hi Laura, Thank you for your feedback on it. We will apply that modification to new version. Best, Kohei KASAMATSU (2014/01/30 3:35), Laura Hitt wrote: > Hi Kohei, > Yes, thank you, that modification is better. > -Laura > > > -----Original Message----- >> From: Kohei Kasamatsu [mailto:kasamatsu.kohei@po.ntts.co.jp] >> Sent: Wednesday, January 29, 2014 5:02 AM >> To: Laura Hitt; cfrg@irtf.org >> Cc: kobayashi.tetsutaro@lab.ntt.co.jp; kawahara.yuto@lab.ntt.co.jp >> Subject: Re: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncurves-00.txt >> >> Hi Laura, >> >> >> Thank you for your comments. >> >>> Regarding your statement in Section 6, "The elliptic curve that >>> supports a bilinear map requires the hardness of solving following >>> problems, since the security of pairing-based cryptographic primitives >>> is based on hardness of these problems." You then list the ECDLP, >>> ECDHP, BDHP, ECDLP with auxiliary inputs. >>> >>> I would be hesitant to say ALL pairing-based cryptographic primitives >>> are based on the hardness of those problems...perhaps it's true, but >>> it's conceivable that a pairing-based scheme could be based on another >>> hard problem, such as solving the isogeny problem or co-gap DH. (See, >>> for example, Section 6 of "Evaluating Large Degree Isogenies and >>> Applications to Pairing Based Cryptography" by Broker, Charles, >>> Lauter, or "Improved algorithm for the isogeny problem for ordinary >>> elliptic curves" by Galbraith & Stolbunov.) >> >> We agree with it. >> As you say, there are pairing-based cryptographic primitives based on the >> hardness of different problems from these described in our draft. >> >> We would like to change >> "The elliptic curve that supports a bilinear map requires the hardness of >> solving following problems, since the security of pairing-based >> cryptographic primitives is based on hardness of these problems." >> to >> "Pairing-based cryptographic primitives are often based on the hardness of >> the following problems, so when the elliptic curves from this document are >> used in such schemes, these problems would apply." >> >> Does the modification despel the concern? >> >> Best, >> Kohei KASAMATSU >> >> >> (2014/01/24 3:13), Laura Hitt wrote: >>> Hi Kohei, >>> >>> Regarding your statement in Section 6, "The elliptic curve that supports >> a bilinear map requires the hardness of solving following problems, since >> the security of pairing-based cryptographic primitives is based on hardness >> of these problems." You then list the ECDLP, ECDHP, BDHP, ECDLP with >> auxiliary inputs. >>> >>> I would be hesitant to say ALL pairing-based cryptographic primitives >>> are based on the hardness of those problems...perhaps it's true, but >>> it's conceivable that a pairing-based scheme could be based on another >>> hard problem, such as solving the isogeny problem or co-gap DH. (See, >>> for example, Section 6 of "Evaluating Large Degree Isogenies and >>> Applications to Pairing Based Cryptography" by Broker, Charles, >>> Lauter, or "Improved algorithm for the isogeny problem for ordinary >>> elliptic curves" by Galbraith & Stolbunov.) >>> >>> Best, >>> Laura >>> >>> -----Original Message----- >>> From: Cfrg [mailto:cfrg-bounces@irtf.org] On Behalf Of Kohei Kasamatsu >>> Sent: Wednesday, January 22, 2014 6:04 PM >>> To: cfrg@irtf.org >>> Cc: kobayashi.tetsutaro@lab.ntt.co.jp; kawahara.yuto@lab.ntt.co.jp >>> Subject: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncurves-00.txt >>> >>> Hi cfrg folks, >>> >>> >>> Elliptic curves with a special map called a pairing allow cryptographic >> primitives to achieve functions or efficiency which cannot be realized by >> conventional mathematical tools. For example, ZSS signature is one of these >> primitives. >>> >>> We have recently submitted an I-D on Barreto-Naehrig curves (BN-curves) >> which provide efficient operations of a pairing. >>> The I-D specifies parameters of BN-curves which are particularly useful >> for realization of efficient cryptographic schemes based on pairing and >> parameters of BN-curves which are compliant with ISO/IEC 15946-5. >>> >>> We will propose I-Ds on computation of pairing and pairing-based >> primitives in order to contribute to IETF community in the near future. >>> >>> We would appreciate your comments and suggestions on our I-D and works. >>> >>> Best, >>> Kohei KASAMATSU >>> -------- Original Message -------- >>> Subject: I-D Action: draft-kasamatsu-bncurves-00.txt >>> Date: Thu, 09 Jan 2014 21:13:03 -0800 >>> From: internet-drafts@ietf.org >>> Reply-To: internet-drafts@ietf.org >>> To: i-d-announce@ietf.org >>> >>> >>> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >>> >>> >>> Title : Barreto-Naehrig Curves >>> Authors : Kohei Kasamatsu >>> Satoru Kanno >>> Tetsutaro Kobayashi >>> Yuto Kawahara >>> Filename : draft-kasamatsu-bncurves-00.txt >>> Pages : 15 >>> Date : 2014-01-09 >>> >>> Abstract: >>> Elliptic curves with pairing are useful tools for constructing >>> cryptographic primitives. In this memo, we specify domain >> parameters >>> of Barreto-Naehrig curve (BN-curve) [5]. The BN-curve is an >> elliptic >>> curve suitable for pairings and allows us to achieve high security >>> and efficiency of cryptographic schemes. This memo specifies domain >>> parameters of two 254-bit BN-curves [1] [2] which allow us to obtain >>> efficient implementations and domain parameters of 224, 256, 384, >> and >>> 512-bit BN-curves which are compliant with ISO/IEC 15946-5[3]. >>> Furthermore, this memo organizes differences between types of >>> elliptic curves specified in ISO document and often used in open >>> source softwares, which are called M-type and D-type >>> respectively[21]. >>> >>> >>> The IETF datatracker status page for this draft is: >>> https://datatracker.ietf.org/doc/draft-kasamatsu-bncurves/ >>> >>> There's also a htmlized version available at: >>> http://tools.ietf.org/html/draft-kasamatsu-bncurves-00 >>> >>> >>> Please note that it may take a couple of minutes from the time of >>> submission until the htmlized version and diff are available at >> tools.ietf.org. >>> >>> Internet-Drafts are also available by anonymous FTP at: >>> ftp://ftp.ietf.org/internet-drafts/ >>> >>> _______________________________________________ >>> I-D-Announce mailing list >>> I-D-Announce@ietf.org >>> https://www.ietf.org/mailman/listinfo/i-d-announce >>> Internet-Draft directories: http://www.ietf.org/shadow.html or >>> ftp://ftp.ietf.org/ietf/1shadow-sites.txt >>> >>> >>> >>> >>> _______________________________________________ >>> Cfrg mailing list >>> Cfrg@irtf.org >>> http://www.irtf.org/mailman/listinfo/cfrg >>> >>> >> >> >> -- >> Kohei KASAMATSU >> >> NTT Software Corporation >> TEL: +81 45 212 7908 FAX: +81 45 212 9800 >> E-mail: kasamatsu.kohei@po.ntts.co.jp >> >> > > > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg > -- Kohei KASAMATSU NTT Software Corporation TEL: +81 45 212 7908 FAX: +81 45 212 9800 E-mail: kasamatsu.kohei@po.ntts.co.jp
- [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncurves-… Kohei Kasamatsu
- Re: [Cfrg] I-D Action: draft-kasamatsu-bncurves-0… Michael Hamburg
- Re: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncur… Laura Hitt
- Re: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncur… Kohei Kasamatsu
- Re: [Cfrg] I-D Action: draft-kasamatsu-bncurves-0… Kohei Kasamatsu
- Re: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncur… Kohei Kasamatsu
- Re: [Cfrg] I-D Action: draft-kasamatsu-bncurves-0… Mike Hamburg
- Re: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncur… Laura Hitt
- Re: [Cfrg] I-D Action: draft-kasamatsu-bncurves-0… Kohei Kasamatsu