Re: [Cfrg] When's the decision?

Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Fri, 17 October 2014 09:04 UTC

Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8284A1A9162 for <cfrg@ietfa.amsl.com>; Fri, 17 Oct 2014 02:04:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yxxdTyRCuqAB for <cfrg@ietfa.amsl.com>; Fri, 17 Oct 2014 02:04:30 -0700 (PDT)
Received: from emh03.mail.saunalahti.fi (emh03.mail.saunalahti.fi [62.142.5.109]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6AED61A9155 for <cfrg@irtf.org>; Fri, 17 Oct 2014 02:04:30 -0700 (PDT)
Received: from LK-Perkele-VII (a88-112-44-140.elisa-laajakaista.fi [88.112.44.140]) by emh03.mail.saunalahti.fi (Postfix) with ESMTP id 65AF81887F0; Fri, 17 Oct 2014 12:04:27 +0300 (EEST)
Date: Fri, 17 Oct 2014 12:04:27 +0300
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: "Parkinson, Sean" <sean.parkinson@rsa.com>
Message-ID: <20141017090426.GA28822@LK-Perkele-VII>
References: <CACsn0cnHDc6_jWf1mXc5kQgj5XEc6dBBZa7K8D2=4uLti5e3aA@mail.gmail.com> <20141008173154.15169.qmail@cr.yp.to> <2FBC676C3BBFBB4AA82945763B361DE608F1D021@MX17A.corp.emc.com> <D065B1D4.3044B%kenny.paterson@rhul.ac.uk> <2FBC676C3BBFBB4AA82945763B361DE60A76B232@MX17A.corp.emc.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <2FBC676C3BBFBB4AA82945763B361DE60A76B232@MX17A.corp.emc.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/_dHv7k01JuXR83y-ZX31CKLg48w
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] When's the decision?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Oct 2014 09:04:32 -0000

On Fri, Oct 17, 2014 at 04:42:09AM -0400, Parkinson, Sean wrote:
> While I still think that X25519 has speed and implementation simplicity
> advantages over numsp256t1, the fact that it can only be used for key
> exchange makes it difficult to recommend - you need another curve
> implementation anyway.

One can transform it to forms that support signatures, sharing the
base field implementation, which is by far the most annoying
part.

Unfortunately, all known EC signatures also require scalar field,
which is even more annoying to implement than base field (and
one can't use generic bignums there).

ECDSA is practicularly annoying here, because it needs inversion
in scalar field for signing. E.g. ECGDSA does not.

IIRC, The MS ECCLIB software (at least 1.1) does not implement
the corresponding scalar fields.


I earlier posted a message that gave list of suggested
operations. That also included fair amount of scalar field
operations (in order to support various ECC protocols).


-Ilari