IETF Logo Mail Archive

[CFRG] Re: Pairing-Friendly Curves: Open Questions Before Draft Update

"Bellebaum, Thomas" <thomas.bellebaum@aisec.fraunhofer.de> Mon, 15 December 2025 19:07 UTC

Return-Path: <thomas.bellebaum@aisec.fraunhofer.de>
X-Original-To: cfrg@mail2.ietf.org
Delivered-To: cfrg@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 027FE9ADAB6A for <cfrg@mail2.ietf.org>; Mon, 15 Dec 2025 11:07:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.297
X-Spam-Level:
X-Spam-Status: No, score=-4.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=aisec.fraunhofer.de header.b="zDhrrCnt"; dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com header.b="ZjaePkpX"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CvHfb2aNHWmc for <cfrg@mail2.ietf.org>; Mon, 15 Dec 2025 11:07:30 -0800 (PST)
Received: from mail-edgeBI195.fraunhofer.de (mail-edgebi195.fraunhofer.de [192.102.163.195]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id D20239ADAB5A for <cfrg@irtf.org>; Mon, 15 Dec 2025 11:07:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1765825650; x=1797361650; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=bbdR3MScWdQR2Slkh7G0SLc87WC5R9EoZjU3lOYY95w=; b=zDhrrCntiM19t6iPxWU4JGE3dEiCbtN7P7cW50o82dhp5Oz4vrLhtSY4 B3Wd0lpyrJ/G2PjWcWJasFGH8E6kSVgmUolt/q5McWEvk7KEeeQaoY497 uO7igv9RviYVKnMyS8h4VYlMFezdnEVvmxIOyHG4SCAIfB1UyRAc+j3gu k9+Km2S7U82SLkTLXG5YXj6pGkKHmsFFiDiL+wnluhyy+gDPsVNDR6mqo zbDo+QLwJuIOHCEHwuS49u7ONZpSIPJYmmID53/Bnh3iGeB0e5/chr7Lv 3KxKl0oIQWZhVMKCZHFdb7RmHJsWv75OpjjU5R832rTFcLWxxYkmZTv7n Q==;
X-CSE-ConnectionGUID: v29DuZNVS1qh+AWiER0m2w==
X-CSE-MsgGUID: lE3VheTqRtSslvGvaCvvJQ==
Authentication-Results: mail-edgeBI195.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com
X-ThreatScanner-Verdict: Negative
X-IPAS-Result: A2FHDABMVK1o/ycE4gpRCR4BAQsSDIRTQAFALoE3hFWRcQOBE4EqAZVBgTuDNYJQAy4pCAcBAQEBAQEBAQEEAwEBNB0EAQEDAQNDhD0CjCcnOBMBAQEBAwEBAQEBAgUBAQEBAQEBAQEBAQsBAQYBAgEBAQQIAQKBHYYJRg2CW4EnBXQwAgEBAQEBAQEBAQEBAR0CDyYMKgEfAQQBIx0BATgECwIBCEICAgIvJQIEASANgmiCJAQSAw8TExQGugqBMoEBggwBAQaCaNhBGIJABwkJAYE/gViCJIEGg04BgVwSgwtqgk2CM4IMQ4EVNYFzSjg+gkqBTQMHAQGDe4JpghEVRD4UhA6CKoFigheFPAw8gxOHFVKBFANZLAFVExcLBwWBIBAzAyAKNBUcAhQNIg8aBS0dcwwoEmeEFYQfK0+CG3KBAXRBGT+DUx4Gaw8GgRUZSQICAgUCQz6BcSQGHxICAwECAoEQEAJuQAMLbT03Bg4bkloSIUaBXYJBA2MCQiYEQ18JIxZJBQsUBQMhBQ8CkxSzXQMEA4I1gWeGXYMzgg6VUzOEBIFXkgWSJGeZBiKCNoswmw4CBAIEBQIQCIF/gX9xLiGCZwlJGQ+LSIJZCxeDXjO5fXgCOgIHAQoBAQMJkWo0gUsBAQ
IronPort-PHdr: A9a23:0e9wEhCmtbHgPtxzM5IfUyQUb0cY04WdBeb1wqQuh78GSKm/5ZOqZ BWZua42ygeSFtyEt68Zw8Pt8IneGkU4qa6bt34DdJEeHzQksu4x2yEGPouuJHa/EsTXaTcnF t9JTl5v8iLzG0FUHMHjew+a+SXqvnYdFRrlKAV6OPn+FJLMgMSrzeCy/IDYbxlViDanbr5/I hu7oR/NusQYjoduN6Q8xxTJr3ZIZu9b2X5mKVWPkhnz4cu94IRt+DlKtfI78M5AX6T6f6AmQ rFdET8rLWM76tD1uBfaVQeB6WMSXWoPnhdWDAbL8Qn2UZjtvCT0sOp9wzSaMtbtTb8oQzSi7 rxkRwHuhSwaKjM26mDXish3jKJGvBKsogF0zoDIbI2JMvd1Y6XQds4YS2VcRMZcTyxPDJ2hY YsTAeQPPuhYoIvhqFQBtha+ChWgCfn1xzNUmnP736s32PkhHwHc2wwgGsoDvHrJodrrMKcSV f66w7LSwjXeavNZ3C/x45XWfBAhpvGMWKh/cdHfxUIyEA7FklWQqYvgPzyPzeQBqXOU4PRkV eKrlWEosBt+oiWqxso3kIbJh5kVxU7Y+iljzoY1P8e3SFN9Yd6kF5tQuT+VN5FsTsw/XW5lo SA3waAJtpCnZiYF0ognxwLBZPyddYiF+hDuWeSfLDtlmH9oe66yiha2/EagzuDxSNe53UtXo iZYndfBtXEA2hPS58WHSfZw/lqs1ziR2w7c6exJL046mKjdJpU8wbAwjoIevVnfEiPshkn6k q6bel8r9+Sy5enqZq3qqoGdOoNohAzzN7kiltClDuk5NwUBQnWX9Oe52bDm8030QbRHg/srm afDqp/aP94UpquhDg9Q1YYs9giwAi+90NQdgXkHNFVFeA+bj4TxO1HBPvT4DfCnjlSpijhrx vTGMqTkApXRNHfOjbTvcat55kNY0gYzw8pf6IhJCrEHIPLzXUHxu8LCDhMjLgO73f7rCNR71 owARWKCGrKVPL/IvVOW+O4iIvOAaYAPtDvzL/Up//vugmU4mV8Zc6mpx5wXaHWgE/R6I0WZZ n/sjc0aEWsQpQUxUujqiFmcXjFIfXmyQqc86yohB4KnFofMWJyijKaP3CehBJJWe2ZGClCLE XfmaYqEQe0AZz+MLcN5iDwLSaChS5M91RGprAL117RnLvDb+iADtJLjzsR15+PJmRE17zx0A NyR03uRQGFsgmMIWzg20bh5oUx81liD0a94g/hCGtxI/f9JSRo6NZrYz+x7FdD9QATBc8yGS FajWNqmADUxQsgtzN8JZkZxA9OigQvb0CqwH7AVj6CLBIAz8q/EwXT9P9x9xGjY1KcilVcrW s5POnenhq577gTTApLJnF+CmKaraKgR2CrA+H6CzWqIoEFYShR/Xb/AXXEQfEfWo8756VnfT 7+oCbQnNQVBxtCYKqdQd9Lmk01KS+rgONTfZmK8g32+CAqVyL2RdIblZmAd0z/HCEcYiw0d5 W+IOxAxCCu5uGLeFDJuGEr3bU316edwp2u3TlQszwGEd0Jh16S6+hoShfGEU/0dx6oKtihy4 wlzSRy73tnWDN6JvEx6YaFYYM005n9I0GvYs0p2OZnqZ/Rkh1UedAB+pAX1yhFzC5tJl+Alq XoryEx5LqfOlBsLfD2C0rjxIKHZbG7o81rnP6XYwF720cyK9OEI8vtu+Hv5uwT8XGAv93Fq2 dBI1j/U2pXNCQMJG9qlTkYw8hFh4bvXZi0w7YrJ0FVlMLK5uXnMwds0AusixBu6OdtSZvDXX DTuGtEXUpD9YNchnEKkO0ps1J166vttbIuvIuGd0euwPO86wWz1xW8S+o1521KB+21mR+rBz 5sJkJT6lgfSWS31kVGhtc76g8ZDYzQTFXC40i/qGMhaYaghNZ1eEmqqLsarwc8kwpD3UmNe9 FmtCklD38mseBGIaEf60xEV3kMS8hnF0Svt4SZzlmMFp7aSjhfTyebvfwZVH2NQX2BtgBLND dqfiNYGUU60KjQ4jBb3wGff6u1lqb5kLm7VE3cNWhOzAnFpUqK2ubfHWMNJ5J4ymAl8UOm3Y gP/KPb3o04Q2S/ZRE5lzw83TgvwgZH6n0NV0Fm5JyYsk1GEQ5BdwiXd2YfYYs9gj2cZEXod6 3HdU2q+NtSR/s2kqLHb4uewXnmwTMNjegW3zdmKpAmk2HJIBUa9lcr0psK/NSQe6nfq2NJtU x6Qs0a/WJPMjrrhO+BAexJtNF+h4slnSop0g5EJlI87xkInoZHF9D0mznXNAN4F+KOjTEstG QIF253RyRfMgEBNFHyN3onpUkqn/eFNOf+UZ2IKnQs5vtpyMPm0trFajxZ0kkOEiCnoPeFim 2oaw/8wxU8dvOolt19+hjXYA6oVG1FfJzCpjRmT8tSi+b1ef338GVDR/E93nNTkAb2Nryt9A SekPJk4FDJ27sJxPUiK3HCgoo3nedyFddsIrVXUiBbPieFJNYg83uQHnytpOG/x/DUlxuc3g AYo3MSSspKONmNt+6y0GFhfMDj0bNkU4TbjkeBVmcP+4g==
X-Talos-CUID: 9a23:TBKI+mkvn/5/FbdfcdIy3xFd+17XOWOHnVvNEWmGMj9wSP68dl69wvthydU7zg==
X-Talos-MUID: 9a23:gL3jYgm5vsWjRVOwaIQ3dnpmGZxW46mSEXoRqo4CpeaaPAduJRWk2WE=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.18,214,1751234400"; d="p7s'346?scan'346,208,346";a="15877777"
Received: from mail-mtabi199-intra.mx.fraunhofer.de (HELO mail-mtaBI199.fraunhofer.de) ([10.226.4.39]) by mail-edgeBI195.fraunhofer.de with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 15 Dec 2025 20:07:25 +0100
X-CSE-ConnectionGUID: fxa2R/08RvSzpozy9GAmvw==
X-CSE-MsgGUID: Psus1PaBR3adcGIyJxUeLA==
IronPort-SDR: 69405c67_Y89Q0p0+hKQnp18tc0TqfLzXGBsJWpg5DsBelH0dyO1tTIG CM5a2ufj+gtSF4btraMpMR3wLMJOkfr2/zTYxuA==
X-IPAS-Result: A0DrBQDdW0Bp/3+zYZlRCYEugxlSQAF1MYEJhFSDTAOFLIh5A4ETlmyBO4M1glADVw8BAwEBAQEBBAMBAVEEAQGFBwKMaCc4EwECAQECAQEBAQMCAwEBAQEBAQEBAQEBCwEBBQEBAQIBAQYFgQ4Thk8NhlsBAQECARIRHQEBOAQLAgEIQgICAi8lAgQBIA0HgmGCJAQSAw8TFAICAqggAYFAAoslgTKBAYIMAQEGBASCYNhEGIJABwkJAYFBgViCJIEHg1ABgVwSgwxrgk6CM4IMQ4EVNYFzSjg+hBcDBwEBg3uCaYIRFXoUhVcMPIl3BoFIiApSgRQDWSwBVRMXCwcFgSMQMwMgCjQtAhQNIg8aBS0dcAwnEg8dFxNgPRdAg0kYBmgPBoERGUkCAgIFAkA6gWYiBhwSAgMBAgI6VQuBdgICAgKCGH6CCg+HPoEBBS56JS4DC209NwYOG5JhECENgjBOgUUDYwJCJgRDXwkjFkkFCxQFAyEFDwKTFLNdAwQDgjWBZ4ZdgzOXYTOEBJNckiRnmQYigjamPQIEAgQFAhABAQaBfyWBWXEuIYJnTwMZD4tIgmQXg17KMUUzPAIHAQoBAQMJkWqBfQEB
IronPort-PHdr: A9a23:G94GbBNklt5jRQzybXgl6nZVDBdPi9zP1nM99M9+2PpHJ7649tH5P EWFuKs+xFScR4jf4uJJh63MvqTpSWEMsvPj+HxXfoZFShkFjssbhUonBsuEAlf8N/nkc2oxG 8ERHEQw5Hy/PENJH9ykIlPIq2C07TkcFw+6MgxwJ+/vHZXVgdjy3Oe3qPixKwUdqiC6ZOFeJ Qm7/z7MvMsbipcwD6sq0RLGrz5pV7Z9wmV0KFSP2irt/sri2b9G3mFutug69slGA5W/Wp99Y KxTDD0gPG1w38DtuRTZZCek5nYXUTZz8FJCA13P5h3ABbLKuRT2j9An4y2ZPZLZFYsQUmT90 Iw2ck7FjxUFCmU911Dm25Fv2fE+wlqr8i59yoPsY5mlC9xmLqTTdMgLXzRxVeoNV3ZLEqGjU pQtC7EDN9wfk5alg3cqlkOvCgKrAti31W8LvGXRhLNh2eYGFFrD7Ax9FtET4H/evc/MJLk5T tqI662YxHLiMOFo6DyjyYmVUiEB/c2CRfF0WNX4kUQBLQ3Bl16ArbPfABm5iMIjtmmHqMNkB PiXszAH8QxvsAWu9t4Qr6Lw2psKzw3D/yFn7bcyGtaURxsoKc7hEYFXsTmdLZczWM45XmV07 T4z0aZV0XbaVC0DyZBiwgLWQd3eItnO7AjqSeCRJjl1njRpdeH3ixWz9B24w/bnHomv0VlMp zZYiNSEqH0X1hLS58TGAvtw90usw3COgijd8OhZJ0Azm6fBbZknx787jJ0ItkrfWCTxnS3L
IronPort-Data: A9a23:AmA4NKK5/EuBZ/YHFE+RGZAlxSXFcZb7ZxGr2PjKsXjdYENS1DRRy mBKWT+DP/6LZDTzKtFzb96w8hhTuZHRmtJhGQAd+CA2RRqmiyZq6fd1jqvUF3nPRiEWZBs/t 63yUvGZcoZsCCaa/k78WlTYhSEU/bmSQbbhA/LzNCl0RAt1IA8skhsLd9QR2+aEuvDnRVnU0 T/Oi5eHYgL8gWcpajh8B5+r8XuDgtyi4Fv0gXRjPZinjHeG/1EJAZQWI72GLneQauF8Au6gS u/f+6qy92Xf8g1FIovNfmHTKxBirhb6ZGBiu1IOM0SQqkEqSh8ajs7XAMEhhXJ/0F1lqTzTJ OJl7vRcQS9xVkHFdX90vxNwS0mSNoUekFPLzOTWXcG7lyX7n3XQL/pGAlE/Z7dforZNH1pc7 fsKOWEiRxWdmLfjqF67YrEEasULN8z3JMUSqnpgiz/DBOsgQZfNTr+M6dIwMDUY350VW6eBI ZNGOHw2Nkuojx5nYj/7DLoinOCtj2K5eTBcrF+frLcyy2HS1wF6lrb3OcfTetuESN8TkkvwS mfupD6oUk5DZIf3JTytymmxnbb3lAnBA4seH5KZ59x6vVC37zlGYPERfR7hyRWjsWa4WtlfL Egd4Ww1sKw29VKiSPHyWhS5pDiPuRt0c9FeCeIS6RuRxOzT+QnxO4QfZjNRb5kmpcUsRDBv3 F7Plt/yQzJ1uaCTSXWT+63SoT7a1TUpEFLurBQsFGMty9f5qZw1jhXBQ8wlF6iwj9bvHir3z SzMpy8774j/R+ZRv0li1Qmf3GL+lYuDVQMv+ATcU0Ss6w4zNsbvZJWl5RKfpbxMJZqQBAvJ9 nUVudms3MZXB7G0lQuJXLosGpOt7K27KzHyuwNkMKQg0DWPwESdW75szgtwHno0DfZcSwTVO BfSnShz+K5sOGCbaP4rQoCpVOUv46vSNfXkcfH2NtNhM4RARCqazSRQfkS/4WHcoHYwqI4RI ZzBT8SICEQLOJRZ0TOZFuIv4Z429A8DxEf4Z5Py/zK425WwOV+XTrYkNgOVT+YbtamrniTcw +x9BeCrlSpNYbbbWTbG17ITIXQhD2kJNbqvp+N5Lue8cxdbQkc/APrv8JYdUo1CnZUNsNzX/ 3u4C3Rq+HCmiVLpcQy1O21eMpXxVpNCrFU+DywmHXCs/1MBOY+PzqMuR6EbTIkd1t5I7KBLF qEeWsC6HP5wZCzN+G0dYbnDvYVSTkmXqjzUDRW1QgoUXsBGfBPIyO/GbwG01SgpDwiLj+Ucj YCk9DvmRcske1w/IufQMOmi3nGgj0g7wehSZXbFEvNXWUfr8bVpFRDPs+8KE5kMBynuljq+/ CSKMCgcvtjI8tMU8sGWpKWqrLWJMupZH2hIFVnh8pKzC3XrpGW+84liUOq3IDfXDlHw86T/Z tdu7urdNccflw1gqLtMELdMzIM/6eDwprRc8B9WIXXTY3mvCZJiOnOg38JfkoFsn5h34RCXX GCL8flkYYS5AtvvSgMtFVB0f9a92uExsRiMy/YMeWHRxjJ9pZiDWmVsZyi8sjRXduZJAdl00 NUamZAk7iKkgUAXKfeAtCdf8lqMIlEmU6kKspI7ApfhujE0y2NtMIDtNSvr3K6hM9l8EFEmA juxtprwg75xwknjcX1qMVPv2eFbp4oFuTEU7VskCmmKpOH4ha4M7EUMyQg0cwVb9QUY8uRRP mMwCVZ5C5/T9BhVhe9CfVuWJSd/ODOj9Hfc8WA5zF/icxHwV0jmDnEMBuKWzUVIr0NeZmd6+ Z+b+kbEUBHrXpn48XouaH5Ats3mc8d72TPDqfCZA/2qMYExOwTnpqqcdFs4lQbuLpI0tn3mu NtFwedUQo/4PB42vKcUJdS717MRcRW6P2Ztf/BQzJ0VOUr2RTidiCS/G2WwdPhSJvfMz1SKN sx2Ku9LVDW8zCyorDsLIYItephaxOUI4vgGcZPVfV82iaOV9GdVgciB5xrAi38OaPQwt8QEc 6f6VS+IS06Ujltqw179ltFOYDeEUINVdT/H/b6H9csSHMg+q8BqS0Y514W0s1izMAdK+xG1v hvJV5TJzt5NmJhdoI/xLpptXwmEC8v/dOCtwjCBt95jadDuM8CXkyg3rlLhHRpdPJpPetBRu ImOjuXK3xL+jO5ra1zappiPKfAYr4H6Fu9aKdn+I3RmjDOPEp2kqQcK/2ejb4dFipVB782gX BG1c9a0acVTYdpG2XlJcGJLJn7x0UgsgnvI/ktRd8ixNyU=
IronPort-HdrOrdr: A9a23:k0KnQq4atu4FWIZjDQPXwUWBI+orL9Y04lQ7vn2ZFiY7TiXIra yTdaoguCMc0AxhIk3I6urwRZVoIEmsvqKdhLN+AV7MZniBhILFFvAA0WKm+UyaJ8SczJ8W6U 4DSdkGNDSYNzET5qyagDVQUexQuOVvmJrYwds2pE0dKD2CHpsQiDuRfTzrdnGeKjM2Z6YRJd 653I5qtjCgcXMYYoCQHX8eRdXOoNXNidbPfQMGLwRP0njCsRqYrJrBVzSI1BYXVD1ChZ0493 LergD/7qK/99mm1x7n0XPJ5Zg+oqqs9jIDPr3CtiEmEESstu+aXvUgZ1REhkF3nAib0idlrD ALmWZjAy080QKVQoj/m2qQ5+Cp6kdQ15al8y7evZKrm72GeBsqT8VGno5XaR3f9g4pu8x9yr tC2yaDu4NQFg6oplWK2zHkbWAfqqOPmwtUrccDy3hEFYcOYr5YqoISuEtTDZcbBSr/rIQqCv NnAs3Q7OtfNQryVQGQgkB/hNi3GngjFBaPRUYP/sSTzjhNhXh8i08V3tYWkHsM/I80D5NE++ PHOKJ1k6wmdL5eUYttQOMaBcenAG3ERhzBdGqUPFT8DakCf2nArpbmiY9Fkd1CuKZ4vqfatK 6xI2+w71RCCn4GIff+rKF2zg==
X-Talos-CUID: 9a23:EI85K2h3682xWylDFLBVrOrIhjJufG3Ulk2Xex+CF117ULqHWA6/0aZ6jJ87
X-Talos-MUID: 9a23:4nijSwVCJ8iO9aDq/Af3mSo7DM5C2f+nBEsisIQkq/SJEQUlbg==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.21,151,1763420400"; d="p7s'346?scan'346,208,346";a="32987183"
Received: from exo-hybrid-bi.ads.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaBI199.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Dec 2025 20:07:19 +0100
Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.29; Mon, 15 Dec 2025 20:07:19 +0100
Received: from FR6P281CU001.outbound.protection.outlook.com (40.93.78.4) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.29 via Frontend Transport; Mon, 15 Dec 2025 20:07:18 +0100
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=IGT0s1OQl+4J/iCXmRGOMHL6fA9x2xQopTrrtSqENyP/uaciHhLw7QdniOSmDlsOVG1jeQxCXuIMFqr3/Hsneayl513IFhPOreKJoGQE89ldBS1Uc5fogMFA0j87SsZCSN2oWSBvjI2ZtJBC3KQSZbnSSXPSFTdK/HokiAFjjzozX+a8n4xp+9lfMG0NyGRUNTgMyU+JN3WK+3ddKy8Gfslip8TL64iqoMdkgDAge2ET56wmqX7MbFnPEU3xjXiRqcGXjjkMalX/YgeKBjannDY/ApwrHl0v2+32EjNfMfjzTLNWW5GfmdtWvhf7d+z4lfuHC1zzl2eNkGk3dA+sXQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bbdR3MScWdQR2Slkh7G0SLc87WC5R9EoZjU3lOYY95w=; b=j0x/AGy/UvOC5wKnc/n3x/gd6rrF5dM9UhK5nvj4J3GI0DeH7lbTduOFP0dZuUNWul0t4g/heA3Z2G71Qqy9m4DkceLMwP+5F1wY3Tye7GasAI7LmWykVZFvcXBlE1ShF3S7lmiWQGNpyfrLWh/SzOFmMuMUAqPMi47SaZeE7tSBMSMdLA3iMmsfZFWrOrFIUXhiLzsQDFdByjzxHOAML6Z6Fyfqy/jUgSy9W+qsxethTfV1O3UPeSsenloTZBbbYvNL7mI9AIPBY5jJJWibzWADbJS4uSoDlgfr1aZVJyJYGORdbYcAELc+ujL3FZSa/C83brm2ZMAMdmFxlyrXjw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bbdR3MScWdQR2Slkh7G0SLc87WC5R9EoZjU3lOYY95w=; b=ZjaePkpXWNp8ofasyr6XcD4h2bxJwUwJl3jbR/Tw0LDLS0ygconS0w8+RrO1v3bjOm3mXh5aku8cbyrQxvCwRUOl8a/I7zVYc6Ii5HYH4Tfp+lAwA0eFRflqcxlWRWBD6NFmit/Al9rPP6H2evzUiXqTMCQ4qwm5oblvEYoWcDg=
Received: from FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d18::f66) by BE1P281MB2931.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:63::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9412.13; Mon, 15 Dec 2025 19:07:16 +0000
Received: from FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM ([fe80::8d96:d427:50b0:8ad6]) by FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM ([fe80::8d96:d427:50b0:8ad6%3]) with mapi id 15.20.9412.011; Mon, 15 Dec 2025 19:07:16 +0000
From: "Bellebaum, Thomas" <thomas.bellebaum@aisec.fraunhofer.de>
To: "nicholas.sullivan@gmail.com" <nicholas.sullivan@gmail.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [CFRG] Pairing-Friendly Curves: Open Questions Before Draft Update
Thread-Index: AQHca4P4slKjXLbAzUav27JY4xUm27UjFQSA
Date: Mon, 15 Dec 2025 19:07:16 +0000
Message-ID: <800adcb41ec541b47ca522ecbf84119828cb45cc.camel@aisec.fraunhofer.de>
References: <CAOjisRy=_=+rGpjX-3=1uDNfhBrzKggrw+Ts8QVdebeGAtU3xg@mail.gmail.com>
In-Reply-To: <CAOjisRy=_=+rGpjX-3=1uDNfhBrzKggrw+Ts8QVdebeGAtU3xg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: FR1PPF809320EF6:EE_|BE1P281MB2931:EE_
x-ms-office365-filtering-correlation-id: 1cf67af7-0deb-4b94-d8ca-08de3c0d29af
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|1800799024|38070700021|4053099003;
x-microsoft-antispam-message-info: gcMf8ewg5lHH53yvnUr5Av633hq/LAv5G/E8opxmvnGU/ukKIYRHXhg4tLAT0IvIb+2tf7hD2ltreyl0OaQiK5L4HpqYyYm9JCoba7AErjKXc3iIsRr2vsueqW+aEKUS9cyB30M5PgEbxfcCWxvWEmtzf/uoUorqmsV1iRgmmkPKw3hIWilrKv0NonnfyNmyaE+wBkuQn984UXdKfepd/33igvKVkTTT9rvj2SHjm5N3qPiUBFN1Om2srZ3piMdd3+LlrE6ewl1fWwt+mrvlB7nON9f5+Hv3KEGrXuBE2upyUpcLY30eZHtuyArGrRRk16LKR7hzqMFi1HLXN15i/vnE/dAJ/hAE+HSn/gkUHyumTuiLeuYSuVQ3bOExuaR6EGZjKwwFUEiup2sRjF1bIXZVnVT+IFZP6vr6Pfx0CgIRtQAbhpR+MhLS+IqqjlkpXERj5VhJcJUN+AuHZbokgTP0dN/ucawaUKIh+xxSTK0ntUaRbDrUmhcS1rpnXL28SfHAgKrQJZdDy32y1gOBHmRPIE3PWNBYWOIZk/1XcY5G+lS+2tiZyX+k96EvaRURnvH5M5frDA0lEyq4dveUYEJgMW4MYTcon2Hgr5RqNLydlGZS+6RkNXptCVkiWa75B2IBIKEH6Tpuzh76uZJYT1JMAwQUfGUahvIBTCxIGbvKNjHBJN5ryCH8O6h+Lymtn67rE4qHZvhUtvEHbYPW9CBRHOkL2tn/T6hm4oyTZ1IOwm8PSaOANMfb0VDe2DHNNIB6827Va2EHSuHzNGnoeZhKlYIaVVjf+CD94U5ZsmeDX7eANDpX+8xBHj4kk86XgxoN6Hgp2bAsE2ZK9pbWuO+F5mKRsf7yAwowsW7qdXy1u9x5HxszxaCYBPHMwKvXPmRf61J95mHOrvxQe9yzU6sFlyKXsPy0qg5RVLi+PxZW+XG/L91VCpnZSYFJWWjWTUR94ZarkNsgiMuouonAcSS+CYPXe79992UQs4DroZTq1rObeiPDeA+xw6Gk3PQINjSKvUCUxihqFchfoKQqqZKkHTihTAeagnreAlYrSSsL9y92akZEj3CENrEnL1aM7xzj8HHcF+ezq2P24ExnzWLdgFXiDlEQwNUsVVA9Nut12idkfBMyVHV/XZ44GndAPcOqULMp/iQeBXBzY5/8nsVXk/K2HoOyVUkhLYw1ubbWYNGZtEWuShEH9wQ9LY/qDAuku0jBNC0qJtwQ1MjoBg2NE2nrH2G3RN/1Y5eBpLSv7g1ZJ2gAC+DTl9v/xGhjk+Q+vrXmxa2zV6OAhYZJvTGjKgt5/uxT0X6LSuFD5uaBYkS5ZDf9jIm2pO7C2sHGp/qcfxfZDmjAuRa5p9/sP9XiYchH7wtELoTvW3JsIRt0Q1xaZrC27lKtAtNMYr11NSVZtyC6uWGaCi75LIhf7ib/8He96+cFzmtL+dhjMPglaYoy9MyzkR6+UbkTIOyRs6mAhZwrLEFCPcJSVXOpm57U/anIZniQBENjFmROAmHhu2fjbkr0if7xmrssYTBQ
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(38070700021)(4053099003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: v0Sn0Fy2S3cHBb5lggtF77aCR6+zuLDiH0sDYUikoQF90KAzu5qSwqa/wMhi5YntFfC4kDqjSnIyTbyJI26fXgVvwMDhvmSmFY4wZx3PjlPuq0uGRZ0vHrBEKoE4/tMYVXGTYHtZMdxAWDGVBhNHLqa5p2ZQjvJnGcCiW4bTXe5tO+v6x5gjk5v0exGoZ2Mqgon+pc/nJGzj+eb1VuW6Jd1eYFbDJu/QYN/s5zI0j8PFkf3rIAEmdVNxEt8kQf5t4xV+KYLLtkxSeboW+SZ0DC4BFplO7TYnTwoXdwCbSozSJrcgpnOJIiuYwhA8jMUoLbjj/7NXomAXeGLyX8bJ9j4JsuJR6hH8+DPrBP8gBWBxbzaVVIlr65LwUYlzm2LbVbHGwKOrUnAZ7veSggjKcKJjTtMGc6b5E3AzMr6yzlHmtEIx4oD2iuDav+whJXWjGv7ZaIB/RwYwcDeIF8DEZLDMLp2Rox9LLxNeZUEkc6nyWrzZYUF+SLoiEbpAkcmEunhmn/fIYhZ0kBuxQ3f/EnO4Nxsw4wBCYVNJ4Ygdd9BSbHhDt5FZ3exQZX+3ZidzFIsAN4O9e422BB9RtKE564XNjsCqTFDS596enPaBQQPlXhXeOq7a8s5rSDmCYNDcjbBdTT2Q2iVN8zxkWmomZgt7KU8xoCFmDvenMcbhwUKH2P/jSmQ+syYcnr7pK+fjFDp0RlMPI7Wd+JIkOiSu/HqewzJJR0UzN3ssslTNBpvdlCDkX+pjMVxeDQrqeE6DMlTzrJ2fCXiXnvQEvweGYjy4o71bYF4cF3RmIE8xpgrQLeUn6xo46afso/rbw6lw2q90OLcxm62gSeZX6wVPohrzFedCtsT9Dh/STXn0wdLvCivJ1gI4N/pxSFT0BD3wn+jkZQ+VVQFA6BWoLpa31ZO8fQUXtFdBmcVWOVgPhF1s8teuLWoUJ8UJsI3HaYNRj+KDHkWk7SMIgbUNgVKSb5JwP9HmkNsFnWPzcdknz9hZyNxbBLvhvTs0f9GPY2PUvJ7KmFy+6jv2WJEvJSK8+AXUWqHlimWGwZ2vcNDvVN+kN92Habc4ncIPrfRY0ob+gcSPsgUV1cjbhS+n1UTrjHXhNlTF1IXC12ENAj+faI8+72VvuzcTrsDh92mEr8K4YoHsMI+sGTeOUZYHerqJkFMurXqhBZ3PiqzYIEFKr0JXy51iBkKp6uoxm8M/9rLOi60Q0k3zoPP7l12KYP1+PQixk5VFSZJuJWrOtmnnDy3rhtJIjpvmKwcDkf/9TTkiwqJXFJYBJMM4a/CC5R2NQD0pNH5+LPpXpEXzOOngBbLRHkFuujB9HYqG/J99wHKmrIYGFVthu1qk8++ka8rwMXMUrgAAzkc77tRDtsRVjaC1k+9D7qG/60DzuIyQA4q3ylRCSmZDZzR/dtHVOpLg9DlthAX5fmA+yp2ofyELt+fkkOnTzMeJl0tINGLceTH7f6i2DEJeqv9IUOhPVY4vNBotpnWAWkZphGvE4vpgID/0hBCAfFdyCTdFBZpnpBhbGxw96nugIhs6ig2FRbK/nZAH6SIO14YXeaEpBSHf/CxpnV/mlUozWjqzL8douXnZS6PKVxOfq/k40PZbXUXL8zL249ri278U/+uQzXhIclA=
Content-Type: multipart/signed; micalg="sha-256"; protocol="application/pkcs7-signature"; boundary="=-YmNVEqK+WvGaR/5tTONK"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 1cf67af7-0deb-4b94-d8ca-08de3c0d29af
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Dec 2025 19:07:16.4715 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: QfmNZa7WRcVDSZTbOHhD0o4/R9zrLmDH577CJ9EFBsROYAOaxnlRTAw8L1mXDNaixWuXxgvqxjpPlTzvMarYDZEDLAoTsovmsT+VntAO1BlUWJnA/h9TMOeA89YWR/Uj
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE1P281MB2931
X-OriginatorOrg: aisec.fraunhofer.de
Message-ID-Hash: RIJDI7L4INNALX2QMEL54WKVKSR5KXQQ
X-Message-ID-Hash: RIJDI7L4INNALX2QMEL54WKVKSR5KXQQ
X-MailFrom: thomas.bellebaum@aisec.fraunhofer.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; header-match-cfrg.irtf.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [CFRG] Re: Pairing-Friendly Curves: Open Questions Before Draft Update
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Y8PiMjmr-KzWMjNCpW9jUvllvkw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

> Document scope and structure
> 
>    - Should the draft stay focused on curve parameters and test vectors, or  
>    also include interface guidance, serialization formats, or tutorial  
>    content? Should nonessential background material (e.g. pairing formulae,  
>    curve surveys) be moved to an appendix or companion document? Should the  
>    draft’s title or positioning be updated to reflect this narrower focus?
> 

The pure math is sufficiently covered in the literature and does not require re-publication at the IRTF.
I am most interested in unifying the interface between applications (focusing on octet strings) and various ECC protocols (dealing with abstractions like cyclic group elements and scalars). These are details which should never be reinvented by WGs, and neither should they be restated in every protocol using these curves.

Thus, surveys can be moved to a different document (or the appendix), while serialization and tutorials/algorithms should become more central.

Good RFCs to look to are
- RFC 7748, which gives explicit algorithms for de-/serialization and curve multiplication, and
- RFC 8032, which gives advice for efficiently decoding a compressed point.

Pairing-friendly curves should extend this level of detail to common operations like pairings.

> Curve selection
> 
>    - Is the current set of curves appropriate? Some suggest narrowing to  
>    BLS12-381 plus one BLS24 and one BLS48 to target 128-, 192-, and 256-bit  
>    security levels. Others recommend removing BN curves that may no longer  
>    meet security or deployment criteria. A shared rationale is needed for  
>    inclusion or removal. Should this document support only BLS-style use  
>    cases, or also applications like ZKPs or IBE?
> 

I am in favor of removing options here. ECC as a whole has limited value when we need PQ solutions, so focusing on getting one or two options correct (and implementations secure) right now seems better. Even with RFC7748, I only see one of those curves in practice.

I would like to see BLS12-381 and optionally one 256-bit curve where implementation experience from the former is most useful for implementing the latter.

> Interfaces and related primitives
> 
>    - Should the draft describe expected abstractions or interfaces (e.g.  
>    mapping to G1/G2, referencing hash-to-curve), or should it remain neutral  
>    and defer to other specs like RFC 9380? Should the draft specify a minimal  
>    pairing API (e.g. function signature or domain separation guidance), or  
>    leave that entirely to downstream specs?
> 

RFC 9380 already contains quite detailed, constant-time, optimized algorithms for computing hashing operations. A reference suffices I think.
For the pairing, similarly detailed instructions should be given.
A brief overview/list of all the supported operations would be nice in the introduction.

> Serialization
> 
>    - The current draft allows both compressed and uncompressed encodings,  
>    including identity elements. Concerns were raised about interoperability  
>    and risks from optional encodings. Should the draft specify a simpler,  
>    consistent serialization format for implementers? Should identity points be  
>    disallowed or tightly constrained?
> 

I wrote the mail arguing against uncompressed formats and the identity element and still believe that this would be the preferable option to reach secure implementations.
However, I do see the argument for computational superiority of uncompressed points in theory.
In practice however, the square root computation seems cheap compared to the computation of pairings, which are the reason we are using these curves in the first place, and frequent hash-to-curve operations.

*If* there are major applications wishing to use uncompressed points, I would advise them against mixing the two serialization formats (especially "on demand"). In this case, I would prefer to stick to one of the following options:
- Have the _very_ few applications requiring uncompressed points (assuming these are rare) define their own version of an encoding including detailed instructions on how to parse incoming octets, or
- Specify a second, dedicated curve with identical parameters to the normal one, but a different identifier (to also be used in hash-to-curve), which uses the uncompressed format exclusively. Again, include detailed de-serialization instructions.

In any case, the identity element is not useful currently compared to the potential damage it can do (maybe even including timing leaks for checks?).

The option of only specifying the uncompressed format (as suggested by Watson) seems undesirable as long as the BBS schemes use the compressed format exclusively.

> Framing and utility
> 
>    - To support adoption, should the draft explicitly document security  
>    assumptions (e.g. resistance to DLP via exTNFS), implementation risks (e.g.  
>    subgroup checks), and what classes of protocols these curves are  
>    appropriate for? Should test vectors include intermediate values or results  
>    for multiple encodings?
> 

If you provide detailed instructions to de-serialize prime-order group elements, you do not need to talk about subgroup problems in detail thereafter. The same goes for constant-time operations. Any remaining implementation risks should be clearly documented, alongside some guidance.

Details on various attack performances and detailed discussions of the bit security belong in the scientific literature, which we should reference rather than repeat (as they are not very helpful to protocol/application designers or implementers).


Thanks for your efforts! Let me know if I can help out somehow.
Best,

-- TBB

v2.46.0 | Report a Bug | By Email | System Status