IETF Logo Mail Archive

Re: [Cfrg] BLS standard draft

Michael Scott <mike.scott@miracl.com> Mon, 11 February 2019 11:52 UTC

Return-Path: <mike.scott@miracl.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36BE8130E8A for <cfrg@ietfa.amsl.com>; Mon, 11 Feb 2019 03:52:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=miracl-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9ZsH0p7baWbn for <cfrg@ietfa.amsl.com>; Mon, 11 Feb 2019 03:52:20 -0800 (PST)
Received: from mail-it1-x12a.google.com (mail-it1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 078B4130E8C for <cfrg@irtf.org>; Mon, 11 Feb 2019 03:52:19 -0800 (PST)
Received: by mail-it1-x12a.google.com with SMTP id b5so25468571iti.2 for <cfrg@irtf.org>; Mon, 11 Feb 2019 03:52:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=miracl-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=Ccg9iJNta8HiqAB1hm7bbfnS8H/mZxFoeLJOqKwazHk=; b=gRS996+E88XVXxeWj9Ekv+k1LhnFLAhYT/hcoQDlSsJuAGrstQqRSoz4kPyeXQ+daS GBmm0IB9V9smZFcE+fFCdkLnwXNqOwTRRkSxMB2JmrCrMIfiMuDTM2UsfhIc9tXJSVx4 svsY7T+Sm3dMaLhZd4fp61N4VVHO4XFrFw4nocTIsWOfBUYEdAHULFucK+XHMAHrclSE +GP+11A5NwgctPLj8w799iVZteO+UWDtl8yME/mtzOyRjoBe7dJqX25+Bfb4dQY48qsD ZLHNWBC4bflCC0/U1E8wbRisryxZV9uOFe/xhtj+tkjn2UrX5MKSsIQd+YouioBQ8EQb 0qBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=Ccg9iJNta8HiqAB1hm7bbfnS8H/mZxFoeLJOqKwazHk=; b=iyeQoS1Dorsp3rsMjKLRm119zLLflC6Woktq9veGVmlzGWKVfhefkiBKfl8mafWkaH 8bc2vcQWAyO0Y03KO1dt1+HEvqhCDFkFsteHLI8d2Yxe65cGsceK+hIFL6JbQ8qQQ5TP Tm6sL51PFf7Y4Oe8y5G2W4YZHek6TKMTVV5yzulEVw5EViZdikCJvVHU+3qB11bFFzvd 0yeho3ha1xosnCBDw8ieH7w0gvSiT2SFu1UHqeaunM6wC/reduV8dYYYY76ABuipDP3d o3fZBn4SZN6iTLT+hmZA6G1x2Yl6Nxy9BvHEY1BVKtH0QguDuYOyEeQeL/sU5jde9lPH zOsA==
X-Gm-Message-State: AHQUAuY3RksY4uQtQvEeKG4xJoYlL8hv/j/so43JQ9Ri/fx9t6QpV3kD jn0TUAuOuD00aqmnI3M0vWWkYqvjpp9dKFO67QnUZN/TBmU=
X-Google-Smtp-Source: AHgI3Ibg97IKPkOkesQp24fm7Hpkp6iTkzibZNXmqSWCOy0m2MQp71sAOBcEJu6ZBv0D5okF5rHi/WeSUReYWMjPx0U=
X-Received: by 2002:a24:5c90:: with SMTP id q138mr4999771itb.32.1549885938783; Mon, 11 Feb 2019 03:52:18 -0800 (PST)
MIME-Version: 1.0
References: <CACnav0oBNCt7VwR5_kvf7HqqVFF33iKv5y3mqeWnwx2UVHhD=g@mail.gmail.com> <CAND9ES1bYNC2V5oCHVXO4CO6iG5QBh+N51K4Mjdu6T3aBxF08A@mail.gmail.com>
In-Reply-To: <CAND9ES1bYNC2V5oCHVXO4CO6iG5QBh+N51K4Mjdu6T3aBxF08A@mail.gmail.com>
From: Michael Scott <mike.scott@miracl.com>
Date: Mon, 11 Feb 2019 11:52:09 +0000
Message-ID: <CAEseHRqWTQppCOnF2KyZEKZyf4bhYr2nwuE6pHATnq84ttnLXg@mail.gmail.com>
To: CFRG <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="000000000000d2f05205819cf018"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/b19pyRNHtXzlE0jFXpZkCaEtnSY>
Subject: Re: [Cfrg] BLS standard draft
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Feb 2019 11:52:22 -0000

My take on this would be that

1) Pairing-based crypto threw open the doors to lots of nice new crypto
possibilities, enabling stuff that we couldn't do before

2) Gradually post-quantum crypto is catching up and demonstrating
capabilities that mirror some (but not all) of these achievements

3) Post-quantum crypto depends on hard problems that it will take time to
develop full confidence in, even in regard to attacks from non-quantum
computers

4) In the meantime (and that could be quite a long time) it makes perfect
sense to proceed with the development and standardization of non-quantum
safe methods.

5) In the year x out pops a quantum computer. However in the year x-1 out
popped well-developed and well-understood post-quantum crypto replacements
in which we can have
complete confidence.


Everyone is a winner! Well except for the guys who invested in a business
plan to develop a quantum computer on the basis that it would break all of
crypto.


Mike Scott

On Sun, Feb 10, 2019 at 11:37 PM William Whyte <wwhyte@onboardsecurity.com>
wrote:

> Hi all,
>
> With no intent to cast aspersions on this particular scheme, I'm not sure
> that CFRG should be putting a lot of time into non-quantum-safe schemes
> these days unless there's a compelling reason to.
>
> Cheers,
>
> William
>
> On Sun, Feb 10, 2019 at 5:44 PM Sergey Gorbunov <sgorbunov@uwaterloo.ca>
> wrote:
>
>> Dear Colleagues:
>>
>> We submitted a draft-00 on the BLS signature scheme.
>> We received some preliminary feedback from interested parties, and we
>> plan to continue updating it as we receive more.
>> Please take a look.
>> We appreciate any additional feedback!
>> https://datatracker.ietf.org/doc/draft-boneh-bls-signature/
>>
>> Abstract
>>
>>    The BLS signature scheme was introduced by Boneh-Lynn-Shacham in
>>    2001.  The signature scheme relies on pairing-friendly curves and
>>    supports non-interactive aggregation properties.  That is, given a
>>    collection of signatures (sigma_1, ..., sigma_n), anyone can produce
>>    a short signature (sigma) that authenticates the entire collection.
>>    BLS signature scheme is simple, efficient and can be used in a
>>    variety of network protocols and systems to compress signatures or
>>    certificate chains.  This document specifies the BLS signature and
>>    the aggregation algorithms..
>>
>>
>> Regards,
>> Sergey
>> web <https://cs.uwaterloo.ca/~sgorbuno/>
>> _______________________________________________
>> Cfrg mailing list
>> Cfrg@irtf.org
>> https://www.irtf.org/mailman/listinfo/cfrg
>>
>
>
> --
>
> ---
>
> I may have sent this email out of office hours. I never expect a response
> outside yours.
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>

v2.23.0 | Report a Bug | By Email