IETF Logo Mail Archive

Re: [Cfrg] BLS standard draft

david wong <davidwong.crypto@gmail.com> Mon, 11 February 2019 13:44 UTC

Return-Path: <davidwong.crypto@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5339130DC2 for <cfrg@ietfa.amsl.com>; Mon, 11 Feb 2019 05:44:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tVo382fOdYpz for <cfrg@ietfa.amsl.com>; Mon, 11 Feb 2019 05:44:46 -0800 (PST)
Received: from mail-ot1-x332.google.com (mail-ot1-x332.google.com [IPv6:2607:f8b0:4864:20::332]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D709512008A for <cfrg@irtf.org>; Mon, 11 Feb 2019 05:44:45 -0800 (PST)
Received: by mail-ot1-x332.google.com with SMTP id u16so17454937otk.8 for <cfrg@irtf.org>; Mon, 11 Feb 2019 05:44:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=A7VeDRsZYFKeIERz1pGtRZ6kYZct1gGTkGjvW5TLVB4=; b=nvrjH94pWpmarP4yFTjZ7wsHiu51sj09jAtgKGlJz97g+lHSw4p7E3wyutzbB8F2vU ocPfO3aMeJv3i8FbhcNmpTPvRwYLbxdQ2wK8fJHk9+d2eA8h3HdXrjJmA7rT/DIr/BIh pNgoFoui4k5AxTFfrDuGrD5rMDTir84yUzfmAjiVBgokiRlqsp9XitEYJYkg0qmaC1vh DwZmxo98gCCifCsa34wc+mvDuDSe4mwf0lnmwhv37Vaf2XVr06mpFgUwMtPKQrOdwkNv di3X6WrGokQt+JswarG4XqGn7hoYsjpebPbQo3y/iXqj7/bvsWvPIZoUrP26dzlaeWf+ z2Xw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=A7VeDRsZYFKeIERz1pGtRZ6kYZct1gGTkGjvW5TLVB4=; b=ix2EfxlnQbiQ6HOM9JF9zxfjDRrrowTwBI3R/sXrEfb2Xr3XvFfqSxjQkEKcZDzXbz T1nyIivg8ufXYH5Sa8fGuXKQf0yRsC4AaT67NSWufK+srP/UJjzPuEBQAlN+SC9X/D/7 zSTF2mGQ1xLvorjHhvu//wcx9NaiWHhK3l5hFwVcacbjYz1jE2Q4wWt2bfndDVL6rCxH 8AyeQqpZk6YBpk0ENKGwtr/8GjTH9X3RhoM4wKwoS1vxD6NB3tp60tmGqoUZZgkRF6wd 0QC0M67ZtLg9U2Prki/gbw/RDTs5iqJi+75ae23ogH6qauTG2W0bSQSe5vIN21C1ii1e a42w==
X-Gm-Message-State: AHQUAuaT8bPQvVffLGc8lV00s7zDTzfKVUI+XP3PhbxU5gvMD+3U4y5I 5T68u5ovKyiQaxkzd6DVdTofTsBv/sA=
X-Google-Smtp-Source: AHgI3Iap4mq+XmJr7HHk9q75QenX8Zn6fltkvWQMsgrlzSzklNQ+UuqeHfNFLK5+AlD2Dhl8MviHjA==
X-Received: by 2002:a9d:6f8d:: with SMTP id h13mr18340166otq.47.1549892684635; Mon, 11 Feb 2019 05:44:44 -0800 (PST)
Received: from [192.168.1.141] ([187.153.104.3]) by smtp.gmail.com with ESMTPSA id j88sm1106827otj.47.2019.02.11.05.44.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Feb 2019 05:44:43 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail-EE5CC1B4-12EB-4DFC-B61C-1BA9B5354CA6"
Mime-Version: 1.0 (1.0)
From: david wong <davidwong.crypto@gmail.com>
X-Mailer: iPhone Mail (16D39)
In-Reply-To: <CAEseHRqWTQppCOnF2KyZEKZyf4bhYr2nwuE6pHATnq84ttnLXg@mail.gmail.com>
Date: Mon, 11 Feb 2019 08:44:42 -0500
Cc: CFRG <cfrg@irtf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <ECD99439-4441-4D75-8F55-D032EDD23135@gmail.com>
References: <CACnav0oBNCt7VwR5_kvf7HqqVFF33iKv5y3mqeWnwx2UVHhD=g@mail.gmail.com> <CAND9ES1bYNC2V5oCHVXO4CO6iG5QBh+N51K4Mjdu6T3aBxF08A@mail.gmail.com> <CAEseHRqWTQppCOnF2KyZEKZyf4bhYr2nwuE6pHATnq84ttnLXg@mail.gmail.com>
To: Michael Scott <mike.scott@miracl.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/aM1PDQWjKum77T4-Vr282_A_VTQ>
Subject: Re: [Cfrg] BLS standard draft
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Feb 2019 13:44:49 -0000

As we have no 100% certainty on if quantum computers that can break crypto will ever be a thing, why should that stop the standardizarion of any algorithms?

Great work Sergey,
David

> On Feb 11, 2019, at 6:52 AM, Michael Scott <mike.scott@miracl.com> wrote:
> 
> My take on this would be that
> 
> 1) Pairing-based crypto threw open the doors to lots of nice new crypto possibilities, enabling stuff that we couldn't do before
> 
> 2) Gradually post-quantum crypto is catching up and demonstrating capabilities that mirror some (but not all) of these achievements
> 
> 3) Post-quantum crypto depends on hard problems that it will take time to develop full confidence in, even in regard to attacks from non-quantum computers
> 
> 4) In the meantime (and that could be quite a long time) it makes perfect sense to proceed with the development and standardization of non-quantum safe methods.
> 
> 5) In the year x out pops a quantum computer. However in the year x-1 out popped well-developed and well-understood post-quantum crypto replacements in which we can have 
> complete confidence. 
> 
> 
> Everyone is a winner! Well except for the guys who invested in a business plan to develop a quantum computer on the basis that it would break all of crypto.
> 
> 
> Mike Scott
> 
>> On Sun, Feb 10, 2019 at 11:37 PM William Whyte <wwhyte@onboardsecurity.com> wrote:
>> Hi all,
>> 
>> With no intent to cast aspersions on this particular scheme, I'm not sure that CFRG should be putting a lot of time into non-quantum-safe schemes these days unless there's a compelling reason to.
>> 
>> Cheers,
>> 
>> William
>> 
>>> On Sun, Feb 10, 2019 at 5:44 PM Sergey Gorbunov <sgorbunov@uwaterloo.ca> wrote:
>>> Dear Colleagues: 
>>> 
>>> We submitted a draft-00 on the BLS signature scheme. 
>>> We received some preliminary feedback from interested parties, and we plan to continue updating it as we receive more. 
>>> Please take a look. 
>>> We appreciate any additional feedback! 
>>> https://datatracker.ietf.org/doc/draft-boneh-bls-signature/
>>> 
>>> Abstract
>>> 
>>>    The BLS signature scheme was introduced by Boneh-Lynn-Shacham in
>>>    2001.  The signature scheme relies on pairing-friendly curves and
>>>    supports non-interactive aggregation properties.  That is, given a
>>>    collection of signatures (sigma_1, ..., sigma_n), anyone can produce
>>>    a short signature (sigma) that authenticates the entire collection.
>>>    BLS signature scheme is simple, efficient and can be used in a
>>>    variety of network protocols and systems to compress signatures or
>>>    certificate chains.  This document specifies the BLS signature and
>>>    the aggregation algorithms..
>>> 
>>> 
>>> Regards,
>>> Sergey 
>>> web
>>> _______________________________________________
>>> Cfrg mailing list
>>> Cfrg@irtf.org
>>> https://www.irtf.org/mailman/listinfo/cfrg
>> 
>> 
>> -- 
>> 
>> ---
>> 
>> I may have sent this email out of office hours. I never expect a response outside yours.
>> _______________________________________________
>> Cfrg mailing list
>> Cfrg@irtf.org
>> https://www.irtf.org/mailman/listinfo/cfrg
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg

v2.30.2 | Report a Bug | By Email | System Status