IETF Logo Mail Archive

Re: [Cfrg] Chopping out curves

Michael Hamburg <mike@shiftleft.org> Thu, 16 January 2014 21:54 UTC

Return-Path: <mike@shiftleft.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE5E91ACCEF for <cfrg@ietfa.amsl.com>; Thu, 16 Jan 2014 13:54:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.556
X-Spam-Level: *
X-Spam-Status: No, score=1.556 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.982, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zGlVuXvm9Vue for <cfrg@ietfa.amsl.com>; Thu, 16 Jan 2014 13:54:07 -0800 (PST)
Received: from aspartame.shiftleft.org (199-116-74-157-v301.PUBLIC.monkeybrains.net [199.116.74.157]) by ietfa.amsl.com (Postfix) with ESMTP id 05D4C1AC4AB for <cfrg@irtf.org>; Thu, 16 Jan 2014 13:54:06 -0800 (PST)
Received: from [10.184.148.249] (w035.z205158021.lax-ca.dsl.cnc.net [205.158.21.35]) by aspartame.shiftleft.org (Postfix) with ESMTPSA id BEB7D3AA03; Thu, 16 Jan 2014 13:52:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=shiftleft.org; s=sldo; t=1389909125; bh=EsEHLwczlIqFF1yJbIui7hfkeoZ9syHt4rcMD5nsUQk=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=Q/UlT0r5lOGb/+GXA1xacz0QufOnm+GTQzShUFqSECW/WrzFf2HY1R0MB5aAsO6f3 EJQ/geBMKCdM+HL3p5jsArMPIXoLZjNTB6mpbycBCRjMqF79KZuZI7H6O6sLvtRfEy Uvn6lZ2yWY73KbWXmxCoW9neVGKDss7VUbUBMf4s=
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Michael Hamburg <mike@shiftleft.org>
In-Reply-To: <CAGZ8ZG1qF4ba3ogjHQnMwgXV+0Fj7eR44QdvuSw3GYBvNVFZBA@mail.gmail.com>
Date: Thu, 16 Jan 2014 13:53:51 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <1DB62466-6F18-494D-AAE6-0FB19C33BCE6@shiftleft.org>
References: <CACsn0cmJX2begH0q8vOUZhP2t3CFo_2Ad71Neke4EKejoYCPRg@mail.gmail.com> <CAGZ8ZG1qF4ba3ogjHQnMwgXV+0Fj7eR44QdvuSw3GYBvNVFZBA@mail.gmail.com>
To: Trevor Perrin <trevp@trevp.net>
X-Mailer: Apple Mail (2.1827)
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Chopping out curves
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jan 2014 21:54:08 -0000

On Jan 16, 2014, at 1:50 PM, Trevor Perrin <trevp@trevp.net> wrote:

> On Thu, Jan 16, 2014 at 1:40 PM, Watson Ladd <watsonbladd@gmail.com> wrote:
>> Dear all,
>> Trevor Perrin suggests that we only put in Curve25519/T25519 and
>> E383/M382 so implementors can focus on 4 curves ala Suite B. Are there
>> any protocols in which larger curves would be useful? Anything we
>> might be missing with this decision?
> 
> I didn't quite suggest that.
> 
> I do feel there should be fewer curves.  Perhaps only curve25519 and
> (either Curve3617 or Ed448-Goldilocks).
> 
> It takes a great deal of effort to do high-speed, const-time
> implementations of a different curve, so we should not diffuse that
> effort across too many choices.
> 
> Note that Suite B only has 2 curves (P-256 and P-384).

Yeah, I was going to protest: instead of using one stronger Montgomery curve and one Edwards, maybe we should use a Montgomery curve and a birationally equivalent (or at least isogenous) Edwards curve, or vice-versa.

— Mike

v2.23.0 | Report a Bug | By Email