Re: [Cfrg] Task looming over the CFRG
Johannes Merkle <johannes.merkle@secunet.com> Tue, 06 May 2014 12:06 UTC
Return-Path: <Johannes.Merkle@secunet.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABDDC1A0187 for <cfrg@ietfa.amsl.com>; Tue, 6 May 2014 05:06:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.251
X-Spam-Level:
X-Spam-Status: No, score=-3.251 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UAnYoUfVn_6e for <cfrg@ietfa.amsl.com>; Tue, 6 May 2014 05:06:06 -0700 (PDT)
Received: from a.mx.secunet.com (a.mx.secunet.com [195.81.216.161]) by ietfa.amsl.com (Postfix) with ESMTP id 91AC41A0072 for <cfrg@irtf.org>; Tue, 6 May 2014 05:06:06 -0700 (PDT)
Received: from localhost (alg1 [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id 4E1831A00BD; Tue, 6 May 2014 14:06:02 +0200 (CEST)
X-Virus-Scanned: by secunet
Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id RRGE7unhYlXc; Tue, 6 May 2014 14:05:53 +0200 (CEST)
Received: from mail-gw-int (unknown [10.53.40.207]) by a.mx.secunet.com (Postfix) with ESMTP id B54501A00A8; Tue, 6 May 2014 14:05:53 +0200 (CEST)
Received: from [10.53.40.204] (port=56111 helo=mail-essen-01.secunet.de) by mail-gw-int with esmtp (Exim 4.80 #2 (Debian)) id 1Whe89-0001sn-5z; Tue, 06 May 2014 14:05:53 +0200
Received: from [10.208.1.57] (10.208.1.57) by mail-essen-01.secunet.de (10.53.40.204) with Microsoft SMTP Server (TLS) id 14.3.181.6; Tue, 6 May 2014 14:05:52 +0200
Message-ID: <5368D023.7000706@secunet.com>
Date: Tue, 06 May 2014 14:05:55 +0200
From: Johannes Merkle <johannes.merkle@secunet.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Paul Lambert <paul@marvell.com>, Rene Struik <rstruik.ext@gmail.com>, "Igoe, Kevin M." <kmigoe@nsa.gov>, "cfrg@irtf.org" <cfrg@irtf.org>
References: <3C4AAD4B5304AB44A6BA85173B4675CABAA4022F@MSMR-GH1-UEA03.corp.nsa.gov> <5367DA09.7020906@gmail.com> <CF8D298B.3A3C3%paul@marvell.com> <5367E67B.4050705@gmail.com> <CF8D3B8D.3A425%paul@marvell.com>
In-Reply-To: <CF8D3B8D.3A425%paul@marvell.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
X-Originating-IP: [10.208.1.57]
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/XQ3oZcJo-lncvf4KgzdtKL-x9Bk
Subject: Re: [Cfrg] Task looming over the CFRG
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 May 2014 12:06:08 -0000
Paul Lambert wrote on 05.05.2014 22:52: > NIST curves were created over 15 years ago. NIST has not kept pace in this period with recommendations to mitigate attacks documented by industry. NIST has not considered the advancements in open cryptographic publications that have identified new curves and algorithms that provide improved performance and better “safety” of implementations. We should not mix up curves with (possibly insufficient) recommendations for side-channel resistance. These are two different things. I do not mean to advocate the NIST curves, but lack of "safety" is a weak argument against them. It has been shown that time-constant and exception-free implementations of Weierstrass curves are easily possible while still obtaining good efficiency [1]. And invalid-point attacks are very easily (and cheaply) thwarted by point validation as recommended by NIST and ANSI standards. IMHO, lack of rigidity and slightly inferior performance are much better arguments against NIST curves. Johannes [1] Joppe W. Bos, Craig Costello, Patrick Longa, Michael Naehrig: Selecting Elliptic Curves for Cryptography: An Efficiency and Security Analysis. Cryptology ePrint Archive, Report 2014/130.
- [Cfrg] Task looming over the CFRG Igoe, Kevin M.
- Re: [Cfrg] Task looming over the CFRG Michael Hamburg
- Re: [Cfrg] Task looming over the CFRG Rene Struik
- Re: [Cfrg] Task looming over the CFRG Paul Lambert
- Re: [Cfrg] Task looming over the CFRG Rene Struik
- Re: [Cfrg] Task looming over the CFRG David McGrew
- Re: [Cfrg] Task looming over the CFRG Igoe, Kevin M.
- Re: [Cfrg] Task looming over the CFRG Paul Lambert
- Re: [Cfrg] Task looming over the CFRG Michael Hamburg
- Re: [Cfrg] Task looming over the CFRG Blumenthal, Uri - 0668 - MITLL
- Re: [Cfrg] Task looming over the CFRG Michael Hamburg
- Re: [Cfrg] Task looming over the CFRG Watson Ladd
- Re: [Cfrg] Task looming over the CFRG Johannes Merkle
- Re: [Cfrg] Task looming over the CFRG Igoe, Kevin M.
- Re: [Cfrg] Task looming over the CFRG Johannes Merkle
- Re: [Cfrg] Task looming over the CFRG Paul Lambert
- Re: [Cfrg] Task looming over the CFRG Watson Ladd
- Re: [Cfrg] Task looming over the CFRG Blumenthal, Uri - 0558 - MITLL