[Cfrg] The 512/521 thing Re: Elliptic Curves - poll on security levels (ends on February 17th)
Phillip Hallam-Baker <phill@hallambaker.com> Tue, 10 February 2015 23:43 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3494D1A875A for <cfrg@ietfa.amsl.com>; Tue, 10 Feb 2015 15:43:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.922
X-Spam-Level:
X-Spam-Status: No, score=0.922 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vsZKSuP-DbyG for <cfrg@ietfa.amsl.com>; Tue, 10 Feb 2015 15:43:02 -0800 (PST)
Received: from mail-lb0-x229.google.com (mail-lb0-x229.google.com [IPv6:2a00:1450:4010:c04::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EE3A1A8756 for <cfrg@irtf.org>; Tue, 10 Feb 2015 15:43:02 -0800 (PST)
Received: by mail-lb0-f169.google.com with SMTP id p9so197316lbv.0 for <cfrg@irtf.org>; Tue, 10 Feb 2015 15:43:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:cc:content-type; bh=krzl8XNbBD8YqSvLeRcTDcHD9jU9+rxsmttIe+XQ7hA=; b=zHAyKQVbKFzTASp2NNfTSxBCSZr9hw+9kromtuQWLFrFdrgflqd2oHobfGTPfK4d6F JNmgvQLWIRFuo8jRoyC+WsGlJu1XLqwUhdLAR/ZuunR5bVqAa4UaAyV6VU5ndfvKY30u C/4UAbEN9WbZOeZohsXXbnBKszxlDV7U4A6yd2egWayZ9DSaEaX9rLklHMWmz0kGC3/l OzCJnQhZa8dVBnof5hHneWWd1qjMGDjjTJgv8rWUFCuG0nUWXk1sD3Ym1HdnMo6ufMwK DG9N4nnIs76a/8gDx+AompTSj0nhAIHN3tOJvPSutl4QDGrJRPQBOlhNYbgMO+RoGsJN 0tUQ==
MIME-Version: 1.0
X-Received: by 10.112.243.12 with SMTP id wu12mr25018466lbc.91.1423611780847; Tue, 10 Feb 2015 15:43:00 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.147.193 with HTTP; Tue, 10 Feb 2015 15:43:00 -0800 (PST)
Date: Tue, 10 Feb 2015 18:43:00 -0500
X-Google-Sender-Auth: q7G24cw6idp_CEc5lRsf1-4LyHc
Message-ID: <CAMm+LwjqwVh9r3uZB8XUVPnJStTi8t7Lvj8fm48kP=T_cwbJGA@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Станислав Смышляев <smyshsv@gmail.com>
Content-Type: multipart/alternative; boundary="001a1133ac527edec2050ec472ab"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/Zl31USbPzcdC0kE84V3t5iiSTh8>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: [Cfrg] The 512/521 thing Re: Elliptic Curves - poll on security levels (ends on February 17th)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Feb 2015 23:43:04 -0000
On Tue, Feb 10, 2015 at 2:15 PM, Станислав Смышляев <smyshsv@gmail.com> wrote: > Dear Daniel, > > the Russian digital signature standard strictly requires that the order of > the prime subgroup of a curve either lies between 2^(254) and 2^(256) or > lies between 2^(508) and 2^(512) - and one won't generate a curve with a > cofactor of 512 (=2^(521-512)). The only way I can see someone coming up with that requirement is by first deciding that Curve 25519 is close enough to 256 to not be worth worrying about the extra bit and then writing the bill so that it works for that specific special case without either making it look like it is a special case or opening the door to lots of other special cases. I don't want to get into making allowances for special crypto for any governments. Do it for one and we end up having to do it for 200. But we are in a position where what we really need are rejection criteria. Arbitrary objective criteria make reaching a decision easier than subjective not very sharp criteria.
- [Cfrg] The 512/521 thing Re: Elliptic Curves - po… Phillip Hallam-Baker
- Re: [Cfrg] The 512/521 thing Re: Elliptic Curves … Stanislav V. Smyshlyaev