Re: [CFRG] hash_to_field requires implementing a new 25519 field op

"Riad S. Wahby" <rsw@jfet.org> Wed, 21 July 2021 22:45 UTC

Return-Path: <rswatjfet.org@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2078A3A2D53 for <cfrg@ietfa.amsl.com>; Wed, 21 Jul 2021 15:45:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tQ2SvVyqIqdD for <cfrg@ietfa.amsl.com>; Wed, 21 Jul 2021 15:45:43 -0700 (PDT)
Received: from mail-qk1-f177.google.com (mail-qk1-f177.google.com [209.85.222.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B96563A2D52 for <cfrg@irtf.org>; Wed, 21 Jul 2021 15:45:43 -0700 (PDT)
Received: by mail-qk1-f177.google.com with SMTP id j184so3676062qkd.6 for <cfrg@irtf.org>; Wed, 21 Jul 2021 15:45:43 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=zhe5SB+t7tDmBDfOXmzcdTUKBQ5o6TR8l6bX3RNeJZs=; b=mMLnzXuf005cjZlDalwmcwVD0ACuuHTlOmzUC51tKWCjfsChRAUaqfjb7wtKbsB3dK 6utxAZc5Z8gLD0ynQf6bjIhvkzf4es/O11a/47LDONEkm30vwzzdE3yjELebohnM/SvG SvHf/3Dow1hPRnTrpXQs+LSTMIC+eeTtf8z/3JWDDGCkp9D+sXS2EeBpE99MBbTeA0NU vxqXQ2hTuMQggmwYxJsgKYxG7E3+lXsiyNYNCpMLHVPBGXYxOzjAARwXaFkJuXwQ/pwr tZzMQCxEbLkcot+KY9IC8zgbxxRaWC5ucCv8RO1V8Byh/K+g+w1NZ6O4JdBejSFLdYQN 2kTA==
X-Gm-Message-State: AOAM533+wMkczg7plZbrxNxLL8epG+OuPVw96jK1rD9ielSrWmdbuvom kVaWU8x5jnK20gx3539lLN4=
X-Google-Smtp-Source: ABdhPJyCKzkGkVdgnjikgdAGU2l66o0FH/6iiOKfwyTZ/JdvGVfMTc9B/v8eErVaFc98j7eJ2FmvEw==
X-Received: by 2002:a37:6ca:: with SMTP id 193mr22951180qkg.484.1626907537479; Wed, 21 Jul 2021 15:45:37 -0700 (PDT)
Received: from localhost (mobile-166-170-21-67.mycingular.net. [166.170.21.67]) by smtp.gmail.com with ESMTPSA id h2sm12510995qkf.106.2021.07.21.15.45.36 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 21 Jul 2021 15:45:37 -0700 (PDT)
Date: Wed, 21 Jul 2021 18:45:36 -0400
From: "Riad S. Wahby" <rsw@jfet.org>
To: Loup Vaillant-David <loup@loup-vaillant.fr>
Cc: Filippo Valsorda <filippo@ml.filippo.io>, cfrg@irtf.org
Message-ID: <20210721224536.5noxfldw3x4cdl4m@kaon.local>
References: <aaa46d82-f05d-4558-8a2a-6d945fe9cb1d@www.fastmail.com> <20210721191123.i3f33p3qvkwxlbtl@kaon.local> <c16f6fe23f1b11e9a311f4b57cabfbef4a517b58.camel@loup-vaillant.fr> <20210721224113.qvbezr3pqbdy5bck@kaon.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20210721224113.qvbezr3pqbdy5bck@kaon.local>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/VgScmssqZp0zDqc1Shw0bdtLk_Q>
Subject: Re: [CFRG] hash_to_field requires implementing a new 25519 field op
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jul 2021 22:45:48 -0000

Ugh, self-replying because me dumb:

"Riad S. Wahby" <rsw@jfet.org> wrote:
> Our messages crossed, but in general the product of two residues mod p
> will be as large as p^2 - 2p + 1, which is roughly log2(p^2) bits as I
> claimed.

"The product of two integers less than p," obviously. Apologies.

-=rsw