Re: [Cfrg] Elliptic Curves - curve form and coordinate systems (ends on March 12th)
Phillip Hallam-Baker <phill@hallambaker.com> Thu, 12 March 2015 20:03 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4439A1A1EF3 for <cfrg@ietfa.amsl.com>; Thu, 12 Mar 2015 13:03:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rvrxlOz-KAYG for <cfrg@ietfa.amsl.com>; Thu, 12 Mar 2015 13:03:04 -0700 (PDT)
Received: from mail-la0-x233.google.com (mail-la0-x233.google.com [IPv6:2a00:1450:4010:c03::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 730661A1BC2 for <cfrg@irtf.org>; Thu, 12 Mar 2015 13:03:04 -0700 (PDT)
Received: by labgm9 with SMTP id gm9so18297484lab.11 for <cfrg@irtf.org>; Thu, 12 Mar 2015 13:03:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=3eUHF4/F8covALt7Sn5Yfb8N3Feix5VcQYaafNloO68=; b=PWT/rKqCGPbPpjLjtr0CvSayqA55tkxzhtnOA3mRzE+GrI9cQL+lgXk1TrocnIIMxr cDebIG3BmzfQKlLoLKIrQu+8a08u/wZsdvkoDl/h1wSkdzCg3rQEg7Vf00MwESw3EByR sk4jUlENBUI0JtM90IrZ+DH7a8tTVGAc637zNMDCcO+mkknCPr7KEuHj3ccUKE6zw5Dy gizNNvvaq2Q7zT8/bCkcvp+/uys/W4S3NpyrzeUFfI22dt4t7Evnt9z/DVJJnqolJxJ5 MLFT3T6E3jecoMWlGrszgV4ausin1SbXOBCGWLXaT+yEYyO9QXTmWcqwyiDq4Am/Aq7b Qs2w==
MIME-Version: 1.0
X-Received: by 10.152.120.8 with SMTP id ky8mr39054097lab.118.1426190582755; Thu, 12 Mar 2015 13:03:02 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.45.203 with HTTP; Thu, 12 Mar 2015 13:03:02 -0700 (PDT)
In-Reply-To: <CAMfhd9VNM7q7PKfxDdZPOFAMBsyKfREUOotxtYycozvsS9UvxA@mail.gmail.com>
References: <54F8E735.2010202@isode.com> <5501E6A5.5040608@brainhub.org> <CAMfhd9VNM7q7PKfxDdZPOFAMBsyKfREUOotxtYycozvsS9UvxA@mail.gmail.com>
Date: Thu, 12 Mar 2015 16:03:02 -0400
X-Google-Sender-Auth: vFD7usRodS9mDh7Bv4g502lRYAE
Message-ID: <CAMm+LwhbGMxNOspDW9WXaU3567eY86C74MpgYc+RMQJutEJVug@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Adam Langley <agl@imperialviolet.org>
Content-Type: multipart/alternative; boundary="089e0122aef8113beb05111cdf59"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/d_CPqTNRW8MQsnC1iVRsg_NF6W0>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Elliptic Curves - curve form and coordinate systems (ends on March 12th)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Mar 2015 20:03:06 -0000
On Thu, Mar 12, 2015 at 3:53 PM, Adam Langley <agl@imperialviolet.org> wrote: > On Thu, Mar 12, 2015 at 12:19 PM, Andrey Jivsov <crypto@brainhub.org> > wrote: > > I propose the Montgomery curve representation (u, v), which can be used > for > > signatures on the same curve. > > > > "u" is identical to the sec 9 of > > https://tools.ietf.org/html/draft-agl-cfrgcurve-00. > > "v" is calculated (at virtually no additional computational cost) as v = > u^3 > > + 486662*u^2 + u > > I'm going to display my ignorance here, but if "v" can be calculated > from just u with very little cost, why send it at all? The receiver > could equally calculate it if useful, no? > > > * The format is friendly for crypto algorithms that need to add points > (as > > opposed to ECDH only) > > Wouldn't they need to know an extra bit? Given a point on the > Montgomery curve, (u,v), the "v" value is v^2, right? Doesn't that > discard the sign of v? > I don't particularly care about performance differences unless they are at least a factor of 2. Robustness of implementation is another matter. That should be our priority. Do not give any information that the security of the system depends on the receiver checking. If the points can be calculated by the receiver quickly, let them do that. Otherwise we risk giving an attacker leverage by specifying bad points.
- Re: [Cfrg] Elliptic Curves - curve form and coord… Viktor Dukhovni
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Rene Struik
- Re: [Cfrg] Elliptic Curves - curve form and coord… Rene Struik
- Re: [Cfrg] Elliptic Curves - curve form and coord… D. J. Bernstein
- Re: [Cfrg] Elliptic Curves - curve form and coord… Rene Struik
- Re: [Cfrg] Elliptic Curves - curve form and coord… Ilari Liusvaara
- Re: [Cfrg] Elliptic Curves - curve form and coord… Alyssa Rowan
- Re: [Cfrg] Elliptic Curves - curve form and coord… Alyssa Rowan
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Ilari Liusvaara
- [Cfrg] (flaws with Curve25519 DH function, if one… Rene Struik
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Ilari Liusvaara
- Re: [Cfrg] Elliptic Curves - curve form and coord… Viktor Dukhovni
- Re: [Cfrg] Elliptic Curves - curve form and coord… Watson Ladd
- [Cfrg] (flaws with Curve25519 DH function, if one… Rene Struik
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Watson Ladd
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Nico Williams
- Re: [Cfrg] (flaws with Curve25519 DH function, if… David Leon Gil
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Viktor Dukhovni
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Nico Williams
- Re: [Cfrg] (flaws with Curve25519 DH function, if… CodesInChaos
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Salz, Rich
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Watson Ladd
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Ilari Liusvaara
- Re: [Cfrg] (flaws with Curve25519 DH function, if… CodesInChaos
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Watson Ladd
- Re: [Cfrg] Elliptic Curves - curve form and coord… Alexey Melnikov
- [Cfrg] Elliptic Curves - curve form and coordinat… Alexey Melnikov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Watson Ladd
- Re: [Cfrg] Elliptic Curves - curve form and coord… Dan Brown
- Re: [Cfrg] Elliptic Curves - curve form and coord… Alyssa Rowan
- Re: [Cfrg] Elliptic Curves - curve form and coord… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - curve form and coord… Tony Arcieri
- Re: [Cfrg] Elliptic Curves - curve form and coord… Ilari Liusvaara
- Re: [Cfrg] Elliptic Curves - curve form and coord… Mike Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Nadim Kobeissi
- Re: [Cfrg] Elliptic Curves - curve form and coord… Adam Langley
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Adam Langley
- Re: [Cfrg] Elliptic Curves - curve form and coord… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - curve form and coord… Paul Lambert
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Salz, Rich
- Re: [Cfrg] Elliptic Curves - curve form and coord… Adam Langley
- Re: [Cfrg] Elliptic Curves - curve form and coord… Nico Williams
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Dan Brown
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Paterson, Kenny
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Jakob Breier
- Re: [Cfrg] Elliptic Curves - curve form and coord… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - curve form and coord… Rene Struik
- Re: [Cfrg] Elliptic Curves - curve form and coord… Watson Ladd
- Re: [Cfrg] Elliptic Curves - curve form and coord… Rene Struik
- Re: [Cfrg] Elliptic Curves - curve form and coord… Nico Williams
- Re: [Cfrg] Elliptic Curves - curve form and coord… Watson Ladd
- Re: [Cfrg] Elliptic Curves - curve form and coord… Rene Struik
- Re: [Cfrg] Elliptic Curves - curve form and coord… Jakob Breier
- Re: [Cfrg] Elliptic Curves - curve form and coord… Ilari Liusvaara
- Re: [Cfrg] Elliptic Curves - curve form and coord… Watson Ladd
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Rene Struik
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Salz, Rich
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg