IETF Logo Mail Archive

Re: [CFRG] please use real names (was: Re: Small subgroup question for draft-irtf-cfrg-hash-to-curve)

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Sun, 11 April 2021 15:30 UTC

Return-Path: <prvs=373585548c=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8EBB3A10D3 for <cfrg@ietfa.amsl.com>; Sun, 11 Apr 2021 08:30:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ly3D6ty7yf4E for <cfrg@ietfa.amsl.com>; Sun, 11 Apr 2021 08:29:57 -0700 (PDT)
Received: from llmx2.ll.mit.edu (LLMX2.LL.MIT.EDU [129.55.12.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C841C3A10CB for <cfrg@irtf.org>; Sun, 11 Apr 2021 08:29:43 -0700 (PDT)
Received: from LLE2K16-HYBRD01.mitll.ad.local (LLE2K16-HYBRD01.mitll.ad.local) by llmx2.ll.mit.edu (unknown) with ESMTPS id 13BFTboH005516 for <cfrg@irtf.org>; Sun, 11 Apr 2021 11:29:37 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=dwok4XcBtqAh87yKU9ytAOAJA3JUcRfwUqFYU9b0m9QdUrpwMw29E85B8+EL1sbVoRWTB58DpSr9vCYnwHaqugNnByDP4ES1YetRdCNXyzVqFOQeP5EDkwkncESyXSw4xkzxAmHUDN5WmIjRxD+DdbkeT7rxWAyr/gkv9ZDnzF/LP4gunC/vmMj3yL2owjEs7MLSCYp+hsibOUiscRj+sJwfHTUne8ZVnawXegeLHM3XIWSQDmobhCkdbNSH/RheRMWLVdbBWb8hEA+bRaJSlaHYLiVxr5/7cWn0ouTAPljL80MksXRP/yksGL3NLFB4y4YTrsI9i8RAcBuYyt13Lg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XVxqOxVTzj+O6rzYGE17lYXhirxNEXsh2R7A7sD+xkY=; b=My8/iWHXaqzBO6gCD+RuzfBAl3g/YEtzuSpafoiwEYxM4Rjui+TkzdNNrZYQkUGXyUiaFPTcf+TXHSPOXqRrpWHPhT/Iwcd829yjOM1sSQtCO36NkuHGks1zBvFdddyuoCa/jixWQEtTr/7Fgo3MTAkitPl/jzJY8GVAIr03XZZNdSnX7ldh20DBJLS7mTDLCJXMHhWHCR5mX11YwVPsDMWDQW2UQY8dXtRAc1TxKg2sgZGnnbhlaFPsBYE6ZdwnDg84e/pXHk3vaLLBZVEoDRZJ95NwExPxrNU6jm7Atiazq+mWhRVAl3ak6JlJB5HV7bbzGt2NcgRnl1O9hpkJfw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: CFRG <cfrg@irtf.org>
Thread-Topic: [CFRG] please use real names (was: Re: Small subgroup question for draft-irtf-cfrg-hash-to-curve)
Thread-Index: AQHXLh8j1GUG88on0USvBHHXFTV67aqvcasA//+994A=
Date: Sun, 11 Apr 2021 15:29:32 +0000
Message-ID: <98A2CE80-C8A9-4E3F-8A27-DFE6DDABF910@ll.mit.edu>
References: <e270e62d-941d-0a87-7dc9-cf80f73b5aeb@jacaranda.org> <d0778523-5f5d-4327-b795-279918c1899c@www.fastmail.com> <CAMr0u6=PBX1W5zQFmpxKQ=ViUXN9QK00BREL4M0=2HOkaXaiZw@mail.gmail.com> <VI1SPR01MB03573585C37B871D200ECC23D6739@VI1SPR01MB0357.eurprd01.prod.exchangelabs.com> <trinity-f323065e-9f30-48fd-9ead-0865e8f877eb-1618002469856@3c-app-webde-bap03> <VI1SPR01MB035772443E4DA3206E4CD4D3D6739@VI1SPR01MB0357.eurprd01.prod.exchangelabs.com> <7944D4F1-81F8-44FC-95D1-45D47733B385@shiftleft.org> <VI1SPR01MB03574E592790FD59C1ACEB84D6729@VI1SPR01MB0357.eurprd01.prod.exchangelabs.com> <20210410151254.7ze5pt4lpvblhk3f@muon> <fc33aa70-1723-7bc1-5a3e-6c58036ec766@gmail.com> <2D9AC492-5687-427A-A5FC-0C425006E823@csperkins.org>
In-Reply-To: <2D9AC492-5687-427A-A5FC-0C425006E823@csperkins.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.47.21031401
authentication-results: irtf.org; dkim=none (message not signed) header.d=none;irtf.org; dmarc=none action=none header.from=ll.mit.edu;
x-originating-ip: [129.55.200.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: af668919-a8c0-4929-dccd-08d8fcfe9b2c
x-ms-traffictypediagnostic: DM3P110MB0523:
x-microsoft-antispam-prvs: <DM3P110MB0523A9E399280CF4F423503690719@DM3P110MB0523.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9ym5e8JyregYIHjTXcnriPOWO55pVBlzUQiVAKRlXLJl+vwmEPnn65OVTUpcLOC73F4v8Ua+tRAm1G5LQiQLmd9FDO1Izz2kiv5CFZgxEahqckhoOkGKH3KFx/eeF4VRySvw6scmN69btwch4LogT3L+osXFcHfRNJRftwExUQf0f2+jRgFrS1wkcqp/9wl7AB+up+mNWmnxL34p2NuPC7AeaiwA1eMHIYcxVxlSi80gACmrLrHohorN+6NUX6ljrxzgvw7yO8CzgKDbaMHQh1G5Df4kggqAxYF8knqV4y3pgZ+uh4orB5QyCwbMy4BFnrFKAhlgQ44L1mCinCRAsE6gF0OisK2qEIX3GTXwiPy1L+G99H5Rw+poDveHpQFbc8q2w30uSKBB+GI/pScdOrMLRyNDcOzJw+KYop2gj/QXTPeiXgfSije9pZSZ5EnvZtSTyBzrKIzO53oPdW9t/junR69pdGleR7jc4ZUP0plWXT1i0bQL9muyXgXzem0ZDQNV+VCHdFtmba21vF2oDksK6FYz1Jh8EQSC9ueXX0/XVvL5R2mtkQqdDOOCHnnnWl+HaiRmT8q/hz4MYubWdn/LD6r0XekgfqUH8QprFxYMlcAJpgxv67aNeLQmEeWhZkGvNvqgxUA3Oy07r3aIuhdQQsLUdFopSlAwVnElHbyWU8/pv4mBjAoqE0PqOy0D6yG5u7jv3y6OLQQQsuCKvNkCVVbv1xZKd6WV8a1Jv+M=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM3P110MB0475.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(136003)(346002)(376002)(396003)(366004)(39850400004)(53546011)(83380400001)(6506007)(316002)(478600001)(966005)(99936003)(8676002)(38100700002)(75432002)(33656002)(76116006)(66946007)(2906002)(71200400001)(186003)(6916009)(64756008)(86362001)(66556008)(66476007)(66616009)(66446008)(2616005)(6512007)(5660300002)(26005)(8936002)(6486002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: QLcFOrlXtS49PCGTHjqxpOmkdqUeEVsm6qBCjnYxeskSHNUn5g6V3WKUBItFua5PCMILm51cIhe/bLsaIXQ1ZoTTaFiKyAn8BAHF5gSIf670l994Hy0DXTf/zdFyOEChgtd0bitXoU7W/X/e7nwJOxVZAtxUeZxTafEx9nj0PKrWqc9u/ehhgTQijPegD9k85VaGAang3mI4ogNJB040T10VKKlwiMG+PopExnibTEMlzRP/BRJa1YrSYAFy+5s7oQTeWld7GLtzA+Ah9xPDROSLG4CSXKWjb2gAUucBz+DzgRcUai1CtEFCfPnt+EcsU9GA0XicsIuU1wvSt727YqO7ZNR4aRKqWG+Sr87E/SK6ne/f3hYBx1MrKJfdmRlr0Jcb0Fui3Gj84TDlIs/Nr1jQW8NhdjEoFUa2CXC3swLEwcwkDsYkixU3SA5biIjJN8iYykwb9ZfRcJD5TvzHHUFuVDXARNVVXri2HZlQZ/IQA+gqJRAuwkRR5mukUxYjh6l7rlyaV7Ndpj2GE1p7sKauj2KH++JzAqmMarBEKn7vw2dAograqTk24HWIoW8Sed3VHxHdF+e538hXH90uxBMEuQT1YtfSeLJYkqB0CPfmDxd979nTSnWVVhrhO6ndnk9SAlmXzJUYtbjgXB48I9J4RDYGtBTr1DNNQzGHfaV0BUQUclhWmRW+4GUBA/c0EdIMsBIq/gDh5MJvawz3XRB/5uxyXS5GIzeK57dJr2q5gBqVtfqhvDeQp3M26X6TghrWDqJKpEp06M7JDNPrLzH22uWBHHTKPtTiysvBGPBLKYMT3ogGqibGbhD+RL8x2CUsdXLgnGC91yeI17j9A820yjf0Gmo59O2jAkld7zIKebA6vOpow+ilC7GqZTRNxvRgEBr+/YAeOxZAlun6SvwaQ3Z2E3BfhlQ7qRjfnaWoxLbdB3Zu4LCZ/4aTRtWCjNC20rj6T81cpEGAaPyTFjlDLQUBnM9n0Fs1kxWUpfngyzHsxyVtYZ964U+kO4DnJr9E0tOlRF18gI2nVV2rN2mDmCXGdvEjcCjAz20qxDQQFXrzYCB2s7GA2bUysZ4ncFRKtGmUj5X+wOH2IYWI3yRiQhOcI90FoLcQyLkh/7U9L//hZvO2gFeWYEed9JssVC0Gv68cCuL8nLQBUK6HOAnZKTv6L/mZqyI0VQBx0oOaPAHAdZ7YL8ix0HY2IB8F7J9kfFewa4tt13WDeqcSukwifP1Ohsr9eT42sl1vuyg9ZmJ/bBxqnupJwCyyfFaN
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3700985371_1178599083"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM3P110MB0475.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: af668919-a8c0-4929-dccd-08d8fcfe9b2c
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Apr 2021 15:29:32.7396 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM3P110MB0523
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-04-11_05:2021-04-09, 2021-04-11 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2103310000 definitions=main-2104110121
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/cFCEEykrmEgDN88evzO6eka15-8>
Subject: Re: [CFRG] please use real names (was: Re: Small subgroup question for draft-irtf-cfrg-hash-to-curve)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Apr 2021 15:30:02 -0000

>   . . . my understanding is that it is possible to participate in IRTF pseudonymously while complying with the Note Well.

It sure is - just counterproductive in many cases.


    > On 10 Apr 2021, at 16:34, Rene Struik <rstruik.ext@gmail.com> wrote:
    > 
    > Hi "rsw":
    > 
    > As a general courtesy, may I suggest that all communications use people's real names and not some obscure acronym.
    > 
    > The CFRG is supposed to be a research forum, where people do not hide their identity. In fact, in my opinion, IETF should have no place for communications by "anonymous".
    > 
    > Rene
    > 
    > On 2021-04-10 11:12 a.m., rsw@cs.stanford.edu wrote:
    >> Hello Feng,
    >> 
    >> "Hao, Feng" <Feng.Hao=40warwick.ac.uk@dmarc.ietf.org> wrote:
    >>> Rsw also gave a similar example of having all zeros for the hash.
    >>> Let me clarify that we are not – and shouldn’t be - concerned with
    >>> any of such cases since the values are uniformly distributed within
    >>> their respective range.
    >> Right. And the argument is precisely the same for hash-to-curve!
    >> 
    >> Let me be perfectly clear: the property that hash_to_curve gives
    >> is that the output is a uniformly* distributed point in the (big)
    >> prime-order subgroup of the target elliptic curve.
    >> 
    >> At the risk of seeming didactic (in which case, apologies): the
    >> identity element is indeed an element of the target group G.
    >> 
    >> Put another way: fix a generator g of group G of prime order q. Then,
    >> hash_to_curve returns g^r in G, for r sampled uniformly* at random
    >> in 0 <= r < q. Under the assumption that discrete log is hard in G,
    >> hash_to_curve does not reveal r. Under the preimage and collision
    >> resistance of the underlying hash function, one cannot choose any
    >> particular r or find two inputs that hash to the same r.
    >> 
    >> I hope this helps clarify the security properties, and why focus
    >> on low-order points at intermediate steps of the computation is not
    >> relevant to the security of hash_to_curve as specified.
    >> 
    >> * uniformly except for some statistical distance less than 2^-100.
    >> 
    >> Regards,
    >> 
    >> -=rsw
    >> 
    >> _______________________________________________
    >> CFRG mailing list
    >> CFRG@irtf.org
    >> https://www.irtf.org/mailman/listinfo/cfrg
    > 
    > 
    > -- 
    > email: rstruik.ext@gmail.com | Skype: rstruik
    > cell: +1 (647) 867-5658 | US: +1 (415) 287-3867
    > 
    > _______________________________________________
    > CFRG mailing list
    > CFRG@irtf.org
    > https://www.irtf.org/mailman/listinfo/cfrg


    -- 
    Colin Perkins
    https://csperkins.org/




    _______________________________________________
    CFRG mailing list
    CFRG@irtf.org
    https://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email