Re: [Cfrg] I-D Action: draft-kasamatsu-bncurves-00.txt
Michael Hamburg <mike@shiftleft.org> Thu, 23 January 2014 00:46 UTC
Return-Path: <mike@shiftleft.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B6451A0193 for <cfrg@ietfa.amsl.com>; Wed, 22 Jan 2014 16:46:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.557
X-Spam-Level: *
X-Spam-Status: No, score=1.557 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_NET=0.311, HTML_MESSAGE=0.001, RDNS_DYNAMIC=0.982, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9jBxnSDMNAaf for <cfrg@ietfa.amsl.com>; Wed, 22 Jan 2014 16:46:42 -0800 (PST)
Received: from aspartame.shiftleft.org (199-116-74-157-v301.PUBLIC.monkeybrains.net [199.116.74.157]) by ietfa.amsl.com (Postfix) with ESMTP id 0F1D41A00F0 for <cfrg@irtf.org>; Wed, 22 Jan 2014 16:46:41 -0800 (PST)
Received: from [10.184.148.249] (w035.z205158021.lax-ca.dsl.cnc.net [205.158.21.35]) by aspartame.shiftleft.org (Postfix) with ESMTPSA id 119063AA04; Wed, 22 Jan 2014 16:44:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=shiftleft.org; s=sldo; t=1390437868; bh=d9RysFTvjH8/VJsVl6skH2/Q/AAaGhDoVP77BO/TrTs=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=YgUA4lEsVBco4icNt0iQvVJ6hO4Nc2TRk2NEwfqFCBRe2tJyfS7VULjGQdKBn6BNF H909in1RNPUy844TkkJA0T9rz2D7Asg5RC5iU1n062XzGTxf2RIIVwaTC8t7g4rXh7 HKQPLptNNt6Rm2ADlzypBviVujiLECCLtQcIqacs=
Content-Type: multipart/alternative; boundary="Apple-Mail=_16314D5F-7853-45C6-B412-1A5E6F1BAC2C"
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Michael Hamburg <mike@shiftleft.org>
In-Reply-To: <52E05C7C.2030400@po.ntts.co.jp>
Date: Wed, 22 Jan 2014 16:46:38 -0800
Message-Id: <2A62E87D-89CF-47E9-A0A2-F213F6D079BE@shiftleft.org>
References: <20140110051303.25816.17055.idtracker@ietfa.amsl.com> <52E05C7C.2030400@po.ntts.co.jp>
To: Kohei Kasamatsu <kasamatsu.kohei@po.ntts.co.jp>
X-Mailer: Apple Mail (2.1827)
Cc: kobayashi.tetsutaro@lab.ntt.co.jp, kawahara.yuto@lab.ntt.co.jp, cfrg@irtf.org
Subject: Re: [Cfrg] I-D Action: draft-kasamatsu-bncurves-00.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2014 00:46:44 -0000
Hello Kohei and company, It’s cool to see pairing-friendly curves specced. I’ve always found the applications of these curves fascinating, so progress toward deploying them is very nice to see. But isn’t 512 bits rather large for a BN curve? If you’re going to have a curve that large, it seems to me that you’d want an embedding degree of at least 18 even though it costs you a giant cofactor. A curve with a 512-bit prime and a 384-bit subgroup might get you to the 192-bit security level. This would take a 640-bit BN curve at minimum, with 720 a more conservative guess. Source: Freeman 2006, http://eprint.iacr.org/2006/372.pdf. My knowledge on this subject is dated, so I’m sure you know better... Cheers, — Mike Hamburg On Jan 22, 2014, at 4:04 PM, Kohei Kasamatsu <kasamatsu.kohei@po.ntts.co.jp> wrote: > Hi cfrg folks, > > > Elliptic curves with a special map called a pairing allow cryptographic > primitives to achieve functions or efficiency which cannot be realized > by conventional mathematical tools. For example, ZSS signature is one of > these primitives. > > We have recently submitted an I-D on Barreto-Naehrig curves (BN-curves) > which provide efficient operations of a pairing. > The I-D specifies parameters of BN-curves which are particularly useful > for realization of efficient cryptographic schemes based on pairing and parameters of BN-curves which are compliant with ISO/IEC 15946-5. > > We will propose I-Ds on computation of pairing and pairing-based primitives in order to contribute to IETF community in the near future. > > We would appreciate your comments and suggestions on our I-D and works. > > Best, > Kohei KASAMATSU > -------- Original Message -------- > Subject: I-D Action: draft-kasamatsu-bncurves-00.txt > Date: Thu, 09 Jan 2014 21:13:03 -0800 > From: internet-drafts@ietf.org > Reply-To: internet-drafts@ietf.org > To: i-d-announce@ietf.org > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > > > Title : Barreto-Naehrig Curves > Authors : Kohei Kasamatsu > Satoru Kanno > Tetsutaro Kobayashi > Yuto Kawahara > Filename : draft-kasamatsu-bncurves-00.txt > Pages : 15 > Date : 2014-01-09 > > Abstract: > Elliptic curves with pairing are useful tools for constructing > cryptographic primitives. In this memo, we specify domain parameters > of Barreto-Naehrig curve (BN-curve) [5]. The BN-curve is an elliptic > curve suitable for pairings and allows us to achieve high security > and efficiency of cryptographic schemes. This memo specifies domain > parameters of two 254-bit BN-curves [1] [2] which allow us to obtain > efficient implementations and domain parameters of 224, 256, 384, and > 512-bit BN-curves which are compliant with ISO/IEC 15946-5[3]. > Furthermore, this memo organizes differences between types of > elliptic curves specified in ISO document and often used in open > source softwares, which are called M-type and D-type > respectively[21]. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-kasamatsu-bncurves/ > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-kasamatsu-bncurves-00 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > I-D-Announce mailing list > I-D-Announce@ietf.org > https://www.ietf.org/mailman/listinfo/i-d-announce > Internet-Draft directories: http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > > > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncurves-… Kohei Kasamatsu
- Re: [Cfrg] I-D Action: draft-kasamatsu-bncurves-0… Michael Hamburg
- Re: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncur… Laura Hitt
- Re: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncur… Kohei Kasamatsu
- Re: [Cfrg] I-D Action: draft-kasamatsu-bncurves-0… Kohei Kasamatsu
- Re: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncur… Kohei Kasamatsu
- Re: [Cfrg] I-D Action: draft-kasamatsu-bncurves-0… Mike Hamburg
- Re: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncur… Laura Hitt
- Re: [Cfrg] I-D Action: draft-kasamatsu-bncurves-0… Kohei Kasamatsu