[Cfrg] Suggestions for draft-irtf-cfrg-curves-01.txt
"Stanislav V. Smyshlyaev" <smyshsv@gmail.com> Thu, 29 January 2015 13:43 UTC
Return-Path: <smyshsv@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 432151A0404 for <cfrg@ietfa.amsl.com>; Thu, 29 Jan 2015 05:43:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SUmV3NeQN90Y for <cfrg@ietfa.amsl.com>; Thu, 29 Jan 2015 05:43:29 -0800 (PST)
Received: from mail-oi0-x229.google.com (mail-oi0-x229.google.com [IPv6:2607:f8b0:4003:c06::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E17CB1A03A3 for <cfrg@irtf.org>; Thu, 29 Jan 2015 05:43:28 -0800 (PST)
Received: by mail-oi0-f41.google.com with SMTP id z81so26694262oif.0 for <cfrg@irtf.org>; Thu, 29 Jan 2015 05:43:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=M5jLUZ94SuWf3niohYyMjeDBGaHtwX0Y1lEEFF5VnLs=; b=PNoroaznuN+zy23WlTWa/sqW/6XEpHhYjGfFNwBKreC223n6IbMnuaAG8VpJX7SjUs Ud5JKsKgGbH8Z4y4cx3y6r+DmS8dgkfuYmidkrHBTzqK31nixCbW/CeyJyTsNistso1w CA1ASRHWtnlU/P+PIRws4YCaPB4Gy47rEPUhcfIvmN1SkX6k2Yc0jxBHQh3Gskhf351J kIsFUR39TrMBPNUN+RXS0M9OgM7SkKf9Zn0GJBB5u22tiBHBCtanl5iVOfSNrz2jal9A pVs74zIlKOe7TQhSaaV2CppzXsuQz/RHrMaS3nvBVxZPInHse/aIa9OLGuDl6wL3grJT Jt1g==
MIME-Version: 1.0
X-Received: by 10.202.185.198 with SMTP id j189mr390891oif.72.1422539008162; Thu, 29 Jan 2015 05:43:28 -0800 (PST)
Received: by 10.182.5.103 with HTTP; Thu, 29 Jan 2015 05:43:28 -0800 (PST)
Date: Thu, 29 Jan 2015 17:43:28 +0400
Message-ID: <CAMr0u6n3px83ihg5Q=v3HkAV3ur_BT6b_WviQ-4+WfzCbWNLJw@mail.gmail.com>
From: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
To: agl@imperialviolet.org, "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="001a113ce80e42c1a7050dcaac8a"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/ceZB5R3_LUBtmY08Sfn2IZJbl2k>
Subject: [Cfrg] Suggestions for draft-irtf-cfrg-curves-01.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jan 2015 13:43:34 -0000
Dear colleagues, We would like you to consider several proposals on the latest variant of draft (draft-irtf-cfrg-curves-01). 1) In our opinion, some important clarifications have to be done explicitly in the document, though needed references are given. a) In Section 3.3 declare explicitly what "r” denotes. b) In Section 5 mention explicitly Schoof–Elkies–Atkin algorithm as an algorithm used to calculate number of curve points or even fully cite it there. c) Add explicit description of algorithms used to examine curve on MOV-, CM- and twist-security as well as Frobenius trace calculation formula. Add “perform checks” step in algorithms proposed in sections 5.1 and 5.2. 2) Select and add a higher security curve (512- or 521-bit). 3) Add some explanations on parameter d of the selected 255-bit curve (the current draft leaves the question whether it is the first d to be returned by 5.2 algorithm and the reason of choice if it is not). 4) Introduce a rigid base point generation algorithm (either the one that was proposed in the previous version of the draft or one using cryptographic hash function). We consider that important to ensure the generated points could be safely used in applied protocols like password-based key establishment protocols (PAKE, EKE, PACE etc.) and RNGs like Dual EC DRBG. Best regards, Stanislav V. Smyshlyaev, Ph.D., Head of Information Security Department, CryptoPro LLC
- [Cfrg] Suggestions for draft-irtf-cfrg-curves-01.… Stanislav V. Smyshlyaev
- Re: [Cfrg] Suggestions for draft-irtf-cfrg-curves… Evgeny Alekseev
- Re: [Cfrg] Suggestions for draft-irtf-cfrg-curves… Watson Ladd
- Re: [Cfrg] Suggestions for draft-irtf-cfrg-curves… Paul Lambert
- Re: [Cfrg] Suggestions for draft-irtf-cfrg-curves… Evgeny Alekseev