Re: [Cfrg] Safecurves draft

Bodo Moeller <bmoeller@acm.org> Thu, 09 January 2014 15:26 UTC

Return-Path: <SRS0=d0zJ=WP=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2AF11AE3F6 for <cfrg@ietfa.amsl.com>; Thu, 9 Jan 2014 07:26:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.467
X-Spam-Level:
X-Spam-Status: No, score=-1.467 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.538, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yfF4KpiZw-0s for <cfrg@ietfa.amsl.com>; Thu, 9 Jan 2014 07:26:56 -0800 (PST)
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by ietfa.amsl.com (Postfix) with ESMTP id 1ABA91AE404 for <cfrg@irtf.org>; Thu, 9 Jan 2014 07:26:54 -0800 (PST)
Received: from mail-oa0-f42.google.com (mail-oa0-f42.google.com [209.85.219.42]) by mrelayeu.kundenserver.de (node=mreu1) with ESMTP (Nemesis) id 0MFOim-1WDKBL2P3c-00F5gc; Thu, 09 Jan 2014 16:26:43 +0100
Received: by mail-oa0-f42.google.com with SMTP id n16so3503462oag.15 for <cfrg@irtf.org>; Thu, 09 Jan 2014 07:26:42 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Z6gxQ2S3tX/P3VuBKakZfyH0WRuzjIWW5nWKsRd/YF8=; b=aq6ncWMoQyIoC5AD19IX1QMyKM7h5oyNa0foczpODr0Xw2OdCCbePeyEvH0Lgjlgxw 46K2nq2ZoGK1d7Jinztk6OrKoaB3RRMRZMrNGpYea/2I70DGBgNUQ6P6zARA1S4hWjyf z/hfe4GNGLBqvPIwIGdEi9VR+a1IuEeR3EbR9nV80lcAmuGjdg1mhOnSpWCvCttgqdby VqIZ/oJEKAAnzJy8O10DjswSss7Oc1wgW4STI0r6uBPr2Zg3jOjVZMzUVbc3s1iuKIpO 29/LA7eLvza4uV5+znayPL/NTJMn61B1G4nWmSVD3woTNEz+7823YScw6oDwg57eXp8c jICg==
MIME-Version: 1.0
X-Received: by 10.182.153.41 with SMTP id vd9mr68007obb.87.1389281202314; Thu, 09 Jan 2014 07:26:42 -0800 (PST)
Received: by 10.60.142.129 with HTTP; Thu, 9 Jan 2014 07:26:42 -0800 (PST)
In-Reply-To: <CABqy+soX0xVWG0+vJs-_7O1Ur_hkDW0u0acCGZYrrtEci5QRXw@mail.gmail.com>
References: <20140109031144.6111382.52184.8264@certicom.com> <20140109094731.GA12327@netbook.cypherspace.org> <CADMpkc+giuSZgrYmusRJmj5SyN9Dcu_Mdaqx5KQPyXGMmosFUw@mail.gmail.com> <CABqy+soXxjY+fEzpHP+_yn9Y1Xtapm_9OWbgDcA_J_Lukz_YLw@mail.gmail.com> <CADMpkcJFk2C5DPQX9RVWphUH25atsUX2vPA7RwNf8zbmR6dXJQ@mail.gmail.com> <CABqy+soX0xVWG0+vJs-_7O1Ur_hkDW0u0acCGZYrrtEci5QRXw@mail.gmail.com>
Date: Thu, 9 Jan 2014 16:26:42 +0100
Message-ID: <CADMpkcKptQrtXyaarkXiMpRyGmobEcywbTeTkkcb6uWB-yttwg@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: Robert Ransom <rransom.8774@gmail.com>
Content-Type: multipart/alternative; boundary=089e013a10468ea63404ef8b3ce3
X-Provags-ID: V02:K0:KDjoMUvZxQ/5UJDitcXCC44CEqc3yNhpjdQgLmY7FHj RueA/MXbIXwEeAS4DWH7fRkOKg37xpMjRhEEQNLLqihzsrxzjf KtQUTX93CUIcJ0FwyT7vB1wKnJC86JLsJJ95UHDQcTfQuRH20t 2YhkmNnELcRSeDPRwlPAot3BOn7f8zGdBOJ67fw3/pwOUkNStp gsoQz4lLia4jdKaFiVINztzhOuKuRDNV3+RwtYWhPrY1Ba0Fc1 vPOONpXSRqIAfzm0od+s9O/sr2ZwnUCyhHwJDkbcRYyyc0GZRT P2HDFbFhGTwBwrnd9PySZN/0AeV+WQSVoKkRerGfkFyNBlBgQX rfbs3egkJfRsgmDwiv2fuxEFCGcN71mvhU4Oj9fHuKIqz3QZ1r HkKsY+dUae5mxKfXX5oXjXfX81eFOFPoqS4GEMxuSSUp/IBX2A Zm+mE
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Safecurves draft
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jan 2014 15:26:57 -0000

Robert Ransom <rransom.8774@gmail.com>om>:

> So while the Montgomery-form Curve25519 certainly has its use, allowing
> > applications to negotiate a different form for ECDH would be beneficial.
>
>

> Even if the party which generates a public key uses Edwards-form
> points internally for that operation, whoever generates the key can
> put it into Montgomery form for free before scaling, whereas whoever
> receives it would need to perform an extra coordinate inversion in
> order to convert from Edwards form to affine Montgomery form.


That's a good point.  As I've pointed out (or tried to point out, anyway),
the receiver might want to do the computations in Edwards form too, but
there's not that much to be gained from that, so it may not be worth the
extra complexity.

Bodo