IETF Logo Mail Archive

Re: [Cfrg] New names for draft-ladd-safecurves

Watson Ladd <watsonbladd@gmail.com> Tue, 21 January 2014 03:54 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 693F21A0296 for <cfrg@ietfa.amsl.com>; Mon, 20 Jan 2014 19:54:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L72vTyEEcfiB for <cfrg@ietfa.amsl.com>; Mon, 20 Jan 2014 19:54:12 -0800 (PST)
Received: from mail-we0-x229.google.com (mail-we0-x229.google.com [IPv6:2a00:1450:400c:c03::229]) by ietfa.amsl.com (Postfix) with ESMTP id D1AB91A0293 for <cfrg@irtf.org>; Mon, 20 Jan 2014 19:54:11 -0800 (PST)
Received: by mail-we0-f169.google.com with SMTP id u57so7674524wes.28 for <cfrg@irtf.org>; Mon, 20 Jan 2014 19:54:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=WoBgRMa7WzLw1GENznKMcDm9tDk7eCCV9/9o5lnSr2c=; b=BuVMHHHy7YmkktdC08WPoY9PTodRL5UEknVnTTZYbzKCDbr5tdS0GDcWIgzm9erkFs 7dI78BQAbtiW5q9j87BviouqbS5LDyyg7gw1N2IK5SCHTxYDG09HCWS/HJXAWRg6YKFB 0ysjXu7+y8/5OPIlP8Cr0FdRTKn9APNdzC3B8KYnx1d54BPhrIB91V6YSqnFKQO2trGA F4OzUDZt/zBJif34XCcLNVO32y5U9h2SZqX2oyvrQg9Nij16B6xjy9XJWfopcaRwT8sH 4P0uhVx4udNxrsf3hoO9xye796FlQBi8TLet5xkoJTsSxgTaGnITtv7vo7EPyNKIm5+l BDuA==
MIME-Version: 1.0
X-Received: by 10.194.178.135 with SMTP id cy7mr17222676wjc.21.1390276451401; Mon, 20 Jan 2014 19:54:11 -0800 (PST)
Received: by 10.194.250.101 with HTTP; Mon, 20 Jan 2014 19:54:11 -0800 (PST)
In-Reply-To: <6489F7D3-BF54-416F-94BE-64FD1CFCCB1E@callas.org>
References: <CACsn0ck02mnETBUfuyJjLV9K8Yuiki8_-RG0tVszL8BDhkK27w@mail.gmail.com> <6489F7D3-BF54-416F-94BE-64FD1CFCCB1E@callas.org>
Date: Mon, 20 Jan 2014 19:54:11 -0800
Message-ID: <CACsn0cn0938BHMs7uFJYeB_q2VcGQULcF8fzc7KR67A_+mqzLw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Jon Callas <jon@callas.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] New names for draft-ladd-safecurves
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2014 03:54:13 -0000

On Mon, Jan 20, 2014 at 7:50 PM, Jon Callas <jon@callas.org> wrote:
>
> On Jan 20, 2014, at 7:17 PM, Watson Ladd <watsonbladd@gmail.com> wrote:
>
>> I am proposing that we name the curves with the following scheme: E,
>> M, TE, indicating
>> the curve type, followed by a prime designator. The prime designator
>> will be the concatination
>> of the numbers a and b such that 2^a-b=p if such a and b exist and are
>> small. Otherwise I'll think of something (Ed448 Goldilocks I'm looking
>> at you).
>>
>> Any objections? Or do we have consensus on this change, and I was just
>> to dense to notice?
>>
>> A new version with significant alterations will be hitting the draft
>> server in a few days.
>
> I think it's overkill, myself.
>
> Really, there's no reason to designate in the name an Edwards curve from a Montgomery, especially because in the implementation someone's probably going to flip between representations. Only us math weenies really care about the representation, and you're going to confuse the coders.

If I hand you a string of bytes, what point does that represent and on
what curve does it fall? Seems to me like that's a representation
issue we should all care about.

>
> I spent time talking to Dan and Tanja this weekend at ShmooCon about this sort of thing and I think that our agreement was that names like "Curve 255-19" (which covers both Curve25519 and Ed25519) or "Curve 414-17" (for the curve formerly known as Curve3617) made sense.

This would be great except that we want both Edwards and Montgomery
wire formats. If there is consensus on only Edwards wire formats, that
naming will work fine.


>
>         Jon
>



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin

v2.23.0 | Report a Bug | By Email