Re: [Cfrg] Curve manipulation, revisited
Yoav Nir <ynir.ietf@gmail.com> Mon, 29 December 2014 18:47 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9ACB11A8BB2 for <cfrg@ietfa.amsl.com>; Mon, 29 Dec 2014 10:47:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QEWwvUUh4Kuw for <cfrg@ietfa.amsl.com>; Mon, 29 Dec 2014 10:47:53 -0800 (PST)
Received: from mail-wi0-x236.google.com (mail-wi0-x236.google.com [IPv6:2a00:1450:400c:c05::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C47331A8BB3 for <cfrg@irtf.org>; Mon, 29 Dec 2014 10:47:52 -0800 (PST)
Received: by mail-wi0-f182.google.com with SMTP id h11so22816827wiw.15 for <cfrg@irtf.org>; Mon, 29 Dec 2014 10:47:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=2r0Xi4CHRj0YhconCDSfeidqbWr3LgF2aXJ48yBLNvQ=; b=dEpLgBzfk+3sPaUFQwlcFU8OM12KKAeCHQPQyFXJvNFqAknZ9GfAS4I06qVCzeTuPF /7SELWxWRiV7MfeDozeRm8IVSwG4bvDATVapdBzxKTtW58d2TtY5YQi+zEjIF7iszDOA zanxiPtTv4PIewjYl2317jZu5W16yvrQv0FjjnPlzjrXbH/vMXIe8UHmld9LnSLmFtBW FAZfB+e+ilCWJDFnKNSBLhw4aTkpCYnBzAGDWoYzxW1WAaPF6ktTkGtFsKzulWwQByM5 xc14kjxvMRjODVPkmhb/VlRMVi5q1CeMrx65bNtWeegVAQCv/D0NZ9pYerda6/fASHdl FD1g==
X-Received: by 10.194.94.227 with SMTP id df3mr116175729wjb.34.1419878871622; Mon, 29 Dec 2014 10:47:51 -0800 (PST)
Received: from [192.168.1.104] (IGLD-84-228-227-214.inter.net.il. [84.228.227.214]) by mx.google.com with ESMTPSA id lg7sm40521492wic.0.2014.12.29.10.47.50 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 29 Dec 2014 10:47:50 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C71D55236ECC@USMBX1.msg.corp.akamai.com>
Date: Mon, 29 Dec 2014 20:47:48 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <A7D3783D-0159-486E-8136-63E90E20AC0B@gmail.com>
References: <CAMfhd9W684XMmXn3ueDmwrsQ_ZdiFG+VqYLxkvs7qDwiJdpk6w@mail.gmail.com> <1725646678.805875.1419539885135.JavaMail.yahoo@jws100115.mail.ne1.yahoo.com> <CAMfhd9Ua5fFZk46Xx1AN2VgyJ=Yng6fnO8aN-_ZfzXQn0Xbxhg@mail.gmail.com> <CA+Vbu7zqFcu8d1053mZ_eEm0q=np6T3snSQ4rfY0k1-4hBVDsA@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C71D55236DA1@USMBX1.msg.corp.akamai.com> <68DF78C2-9F4D-457C-A32E-88A58E74A371@gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C71D55236ECC@USMBX1.msg.corp.akamai.com>
To: Rich Salz <rsalz@akamai.com>
X-Mailer: Apple Mail (2.1993)
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/X709PeeTWvBdp_o3uu2kwyajxGY
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Curve manipulation, revisited
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Dec 2014 18:47:55 -0000
> On Dec 29, 2014, at 8:25 PM, Salz, Rich <rsalz@akamai.com> wrote: > >> May I ask why? If we can make key agreement faster by using X25519 >> instead of P-256, it stands to reason that we can make signatures faster by >> using Ed25519 instead of P-256. > > TLS only needs a key exchange. (X509 certificates are signed, of course, but that's a separable issue.) The signatures on X509 certificates are a separable issue. But the signatures in the ServerKeyExchange using the private key associated with the public key in the X509 certificates are very much a part of TLS. When measuring the performance of the TLS handshakes, the ECDHE derivation takes a similar amount of time as the ECDSA signature. That is the reason for moving away from RSA public keys to ECDSA public keys. If we can use public keys which will be even faster, that’s a net win. So again, why not? Yoav
- [Cfrg] Curve manipulation, revisited D. J. Bernstein
- Re: [Cfrg] Curve manipulation, revisited Adam Langley
- Re: [Cfrg] Curve manipulation, revisited Watson Ladd
- Re: [Cfrg] Curve manipulation, revisited David Gil
- Re: [Cfrg] Curve manipulation, revisited Adam Langley
- Re: [Cfrg] Curve manipulation, revisited Salz, Rich
- Re: [Cfrg] Curve manipulation, revisited David Gil
- Re: [Cfrg] Curve manipulation, revisited Adam Langley
- Re: [Cfrg] Curve manipulation, revisited David Gil
- Re: [Cfrg] Curve manipulation, revisited Adam Langley
- Re: [Cfrg] Curve manipulation, revisited Alyssa Rowan
- Re: [Cfrg] Curve manipulation, revisited Benjamin Black
- Re: [Cfrg] Curve manipulation, revisited Salz, Rich
- Re: [Cfrg] Curve manipulation, revisited Adam Langley
- Re: [Cfrg] Curve manipulation, revisited Watson Ladd
- Re: [Cfrg] Curve manipulation, revisited Yoav Nir
- Re: [Cfrg] Curve manipulation, revisited Benjamin Black
- Re: [Cfrg] Curve manipulation, revisited Benjamin Black
- Re: [Cfrg] Curve manipulation, revisited Salz, Rich
- Re: [Cfrg] Curve manipulation, revisited Michael Hamburg
- Re: [Cfrg] Curve manipulation, revisited Yoav Nir
- Re: [Cfrg] Curve manipulation, revisited Salz, Rich
- Re: [Cfrg] Curve manipulation, revisited Benjamin Black
- Re: [Cfrg] Curve manipulation, revisited Benjamin Black
- Re: [Cfrg] Curve manipulation, revisited Salz, Rich
- Re: [Cfrg] Curve manipulation, revisited Watson Ladd
- Re: [Cfrg] Curve manipulation, revisited Yoav Nir
- Re: [Cfrg] Curve manipulation, revisited Watson Ladd
- Re: [Cfrg] Curve manipulation, revisited Benjamin Black
- Re: [Cfrg] Curve manipulation, revisited Mike Hamburg
- Re: [Cfrg] Curve manipulation, revisited Benjamin Black
- Re: [Cfrg] Curve manipulation, revisited Rob Stradling
- Re: [Cfrg] Curve manipulation, revisited Salz, Rich
- Re: [Cfrg] Curve manipulation, revisited Benjamin Black
- Re: [Cfrg] Curve manipulation, revisited Tony Arcieri
- Re: [Cfrg] Curve manipulation, revisited Adam Langley
- Re: [Cfrg] Curve manipulation, revisited Rob Stradling
- Re: [Cfrg] Curve manipulation, revisited Watson Ladd
- Re: [Cfrg] Curve manipulation, revisited Salz, Rich
- Re: [Cfrg] Curve manipulation, revisited Paul Hoffman
- Re: [Cfrg] Curve manipulation, revisited Nico Williams
- Re: [Cfrg] Curve manipulation, revisited Watson Ladd
- Re: [Cfrg] Curve manipulation, revisited Salz, Rich
- Re: [Cfrg] Curve manipulation, revisited Paul Hoffman
- Re: [Cfrg] Curve manipulation, revisited Alyssa Rowan
- Re: [Cfrg] Curve manipulation, revisited Peter Dettman
- Re: [Cfrg] Curve manipulation, revisited Harry Halpin
- Re: [Cfrg] Curve manipulation, revisited Michael Hamburg
- Re: [Cfrg] Curve manipulation, revisited Peter Dettman