Re: [Cfrg] Safecurves draft

Paul Lambert <paul@marvell.com> Thu, 09 January 2014 00:30 UTC

Return-Path: <paul@marvell.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B5501ADED9 for <cfrg@ietfa.amsl.com>; Wed, 8 Jan 2014 16:30:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.567
X-Spam-Level:
X-Spam-Status: No, score=-1.567 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oLDZIL_sRCr5 for <cfrg@ietfa.amsl.com>; Wed, 8 Jan 2014 16:30:21 -0800 (PST)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by ietfa.amsl.com (Postfix) with ESMTP id 706FF1ADED7 for <cfrg@irtf.org>; Wed, 8 Jan 2014 16:30:21 -0800 (PST)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.14.5/8.14.5) with SMTP id s090UAhS024489; Wed, 8 Jan 2014 16:30:10 -0800
Received: from sc-owa02.marvell.com ([199.233.58.137]) by mx0b-0016f401.pphosted.com with ESMTP id 1h919raqrw-6 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Wed, 08 Jan 2014 16:30:10 -0800
Received: from SC-vEXCH2.marvell.com ([10.93.76.134]) by sc-owa02.marvell.com ([10.93.76.22]) with mapi; Wed, 8 Jan 2014 16:30:08 -0800
From: Paul Lambert <paul@marvell.com>
To: Watson Ladd <watsonbladd@gmail.com>
Date: Wed, 8 Jan 2014 16:30:07 -0800
Thread-Topic: [Cfrg] Safecurves draft
Thread-Index: Ac8MtdEuFQX4VURCQ7K4x7eIvi4OngAGz86A
Message-ID: <7BAC95F5A7E67643AAFB2C31BEE662D018B7ED700E@SC-VEXCH2.marvell.com>
References: <CACsn0cmPj-=bfwCLJXvHSbOS_U5AfZH2vTWfrVsXwOXF4Y9hcg@mail.gmail.com> <52CD8931.9050909@cs.tcd.ie> <CACsn0ck8Vh1t1CKCYy06X0ifW2HYZzB3RXEaQ8f1hF5JhSXFfQ@mail.gmail.com> <e36cdd6ad77b7fcdd7ede78142abf004.squirrel@www.trepanning.net> <7BAC95F5A7E67643AAFB2C31BEE662D018B7ED6F89@SC-VEXCH2.marvell.com> <CACsn0ckY0-k2ajX5W+pesVuBSTDoBcfOB2M-Rp2cZvStbU8MbA@mail.gmail.com>
In-Reply-To: <CACsn0ckY0-k2ajX5W+pesVuBSTDoBcfOB2M-Rp2cZvStbU8MbA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.87, 1.0.14, 0.0.0000 definitions=2014-01-08_09:2014-01-07, 2014-01-08, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1305240000 definitions=main-1401080164
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Safecurves draft
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jan 2014 00:30:22 -0000

> > You should also look at: RFC 6090
> > The math for Small Wierstrass curves is defined well - you need the
> > equivalent of
> > 6090 for Edwards curves.  Do note the authors of this excellent RFC
> > Include both chairs of this list.
> 
> First, is this advising me on next steps, or is it an objection to the
> draft?
Next steps.  I'm very supportive of the inclusion of these curves into the main stream.

> The group is [l]Jac(E(F_q)). There, done. In fact, this is in the
> introduction.
> The equivalent to RFC 6090 is the Bernstein paper on addition on
> Edwards (and twisted Edwards curves).
> It's readily available. If you want to reformat it as an I-D, go right
> ahead.
Academic papers are not appropriate directly.  Clear and concise algorithm 
descriptions and guidelines are required.


> 
> Is it really that bad to have the EFD get cited for the formulas, or to
> advise implementers to read Handbook of Elliptic and Hyperelliptic
> Curve Cryptography?
Yes.  They are not standards.  They are not always precise and subject to
Interpretation and bad implementation.  
They are not complete ... Dan's point about OIDs and the like required
to actually use the curves.



Paul