Re: [CFRG] [irsg] [Technical Errata Reported] RFC7748 (7879)
Colin Perkins <csp@csperkins.org> Wed, 03 April 2024 22:19 UTC
Return-Path: <csp@csperkins.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F2D9C14F5EC; Wed, 3 Apr 2024 15:19:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=csperkins.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5FCUw1A2SOcG; Wed, 3 Apr 2024 15:19:49 -0700 (PDT)
Received: from mx1.mythic-beasts.com (mx1.mythic-beasts.com [IPv6:2a00:1098:0:86:1000:0:2:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80967C14F5F4; Wed, 3 Apr 2024 15:19:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=csperkins.org; s=mythic-beasts-k1; h=Date:Subject:To:From; bh=CNR+MGezSffrSRFgi8CGUDyVy17OOxtQDGcejmyS0VI=; b=CXWjfS/VQUeZRwXwVi78kk1NZ/ f/r6WjYmbher+nq4t67QqV9YVk3aFmf3v8yryx/qoCgFB2gt7rBQruZmH9CNU/ttTeRSB5cklR/yP tIri5uBobugCE5jFzCRJA55ESfu4EvZSD+dmazrmXw5k03mrx5eC4ZjhPMp9UDxi9S/oSyh/EvzIW 1LKwzqm/knfsOfmUmAlaxn7rbVeApfrLlYKgM5fQm2CtYLEykWrG/JPk78l4WxdHXitUBCEN8Yj9L KLOHb1e2Dhu2WllTI5s0xzMQut6c9+H3LcTups93KZVuIFNENWpLQ2gf00RiJ0/grd7sokcFr5bJc 8O1QwfdQ==;
Received: by mailhub-cam-d.mythic-beasts.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <csp@csperkins.org>) id 1rs8xL-001FWg-FP; Wed, 03 Apr 2024 23:19:43 +0100
From: Colin Perkins <csp@csperkins.org>
To: Mike Hamburg <mike@shiftleft.org>
Cc: RFC Errata System <rfc-editor@rfc-editor.org>, agl@google.com, sean@sn3rd.com, irsg@irtf.org, cfrg@irtf.org, nawrashussein2@gmail.com
Date: Wed, 03 Apr 2024 23:19:32 +0100
X-Mailer: MailMate (1.14r6025)
Message-ID: <5F6CC754-6168-4D98-A4B9-A97785AA781A@csperkins.org>
In-Reply-To: <62303774-46EF-4BBB-A4C4-9E6B59B2C48F@shiftleft.org>
References: <20240402202257.9242D18FFDB3@rfcpa.amsl.com> <62303774-46EF-4BBB-A4C4-9E6B59B2C48F@shiftleft.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_MailMate_F43DD949-656F-48CF-A220-2FD9B1A13CDA_="
Embedded-HTML: [{"plain":[223, 2533], "uuid":"D45491B3-44B1-4586-8E81-9538BEE840BA"}]
X-BlackCat-Spam-Score: 0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/fckzLN6A-OBDcFp2WW7z3rAM1KQ>
Subject: Re: [CFRG] [irsg] [Technical Errata Reported] RFC7748 (7879)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2024 22:19:54 -0000
Hi, To confirm: the outcome here should be to reject the errata, with a note that both the current text in the RFC and the errata are correct, so no update is needed? Colin On 2 Apr 2024, at 22:42, Mike Hamburg wrote: > Hello Nawras, > > Thanks for reporting this. The calculation can be done with either AA > setting “a24” = (A-2)/4, or with BB setting “a24” = (A+2)/4. > Both calculations appear in the literature. We happened to follow the > Curve25519 paper instead of the original Montgomery paper when making > the RFC. > > See eg > https://crypto.stackexchange.com/questions/67942/difference-on-montgomery-curve-equation-between-efd-and-rfc7748 > > Regards, > — Mike > >> On Apr 2, 2024, at 16:22, RFC Errata System >> <rfc-editor@rfc-editor.org> wrote: >> >> The following errata report has been submitted for RFC7748, >> "Elliptic Curves for Security". >> >> -------------------------------------- >> You may review the report below and at: >> https://www.rfc-editor.org/errata/eid7879 >> >> -------------------------------------- >> Type: Technical >> Reported by: Nawras Hussein Sabbry <nawrashussein2@gmail.com> >> >> Section: 5 >> >> Original Text >> ------------- >> z_2 = E * (AA + a24 * E) >> >> Corrected Text >> -------------- >> z_2 = E * (BB + a24 * E) >> >> Notes >> ----- >> In the for loop on page 8, the variable AA should be replaced with BB >> in Z_2. This modification is necessary because the mathematical >> formula for point doubling on the Montgomery curve according to >> (https://en.wikipedia.org/wiki/Montgomery_curve#Montgomery_arithmetic) >> indicates that Z2n (equivalent to Z_2 in this case) is calculated as >> follows: Z2n = 4XnZn((Xn-Zn)^2 + ((A+2)/4)(4XnZn)). It is observed in >> this equation that the operation in the (Xn-Zn)^2 part involves >> subtraction similar to the variable B, while the operation in the >> variable A involves addition. Considering this discrepancy, it is >> suggested to substitute AA with BB for correctness. >> >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". (If it is spam, it >> will be removed shortly by the RFC Production Center.) Please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party >> will log in to change the status and edit the report, if necessary. >> >> -------------------------------------- >> RFC7748 (draft-irtf-cfrg-curves-11) >> -------------------------------------- >> Title : Elliptic Curves for Security >> Publication Date : January 2016 >> Author(s) : A. Langley, M. Hamburg, S. Turner >> Category : INFORMATIONAL >> Source : Crypto Forum Research Group >> Stream : IRTF >> Verifying Party : IRSG
- [CFRG] [Technical Errata Reported] RFC7748 (7879) RFC Errata System
- Re: [CFRG] [Technical Errata Reported] RFC7748 (7… Mike Hamburg
- Re: [CFRG] [irsg] [Technical Errata Reported] RFC… Colin Perkins
- Re: [CFRG] [irsg] [Technical Errata Reported] RFC… Adam Langley
- Re: [CFRG] [irsg] [Technical Errata Reported] RFC… Rebecca VanRheenen
- Re: [CFRG] [irsg] [Technical Errata Reported] RFC… Colin Perkins