[Cfrg] Fwd: New Version Notification for draft-barnes-cfrg-mult-for-7748-00.txt
Richard Barnes <rlb@ipv.sx> Mon, 04 November 2019 23:52 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9638D120123 for <cfrg@ietfa.amsl.com>; Mon, 4 Nov 2019 15:52:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 98qdmE0jy91b for <cfrg@ietfa.amsl.com>; Mon, 4 Nov 2019 15:52:48 -0800 (PST)
Received: from mail-oi1-x22b.google.com (mail-oi1-x22b.google.com [IPv6:2607:f8b0:4864:20::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1849120114 for <cfrg@ietf.org>; Mon, 4 Nov 2019 15:52:47 -0800 (PST)
Received: by mail-oi1-x22b.google.com with SMTP id s71so15839004oih.11 for <cfrg@ietf.org>; Mon, 04 Nov 2019 15:52:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=m1+T3QQP7QrnIIbt041LKFPKOS47tkmO+AsDuQPMokA=; b=H0cN7eOLtb8X+ugHDKmqYAvOSTlyPN15AR/pw2mEFceQDMBxL2ilKjnw1wv+XnMiWw c07njhHYMUvDrgt4YERgr6xLRjyzC9UJCM9Ukcet8+8AUb7cdQtI682+81JC2aIhj+Ka UUkZ4Yxr7WGixkgiwD17B47NsIoUoUq2wfSD35C8Dwl+s+d6SSbj4i/NxCohNHmM/WwK TgtojS+8KQ9qoqdS6hk6nTGZphu5CIith/EpHsny3w+0jKNGllitjiAaOUDfj6SdYyNA nTJJMaZ+Z97jdNEwiofyb5nYgGeGdJ3qQ9mj2lF9l1Ma/kG1K6lX9kMi7GwfZNIFrrap ikfQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=m1+T3QQP7QrnIIbt041LKFPKOS47tkmO+AsDuQPMokA=; b=JzDcDCsbxakqpxN3/dJsMpC7XRYMLuS7SfYXTcIEjRVfQfqIqMcg6/DhRQAVrxla95 LadIdQ0azjbDlNfdXzXFXu4lkFLUxsP1Y5d64j/1ymdWeGCYCr7C1nkwVWpKhuEfd6KL LwNCByNi4qb1N9Zu3YxRSkT9FTZMdlECltyS46ugG0TjY13j3SZjcZ0TW3AqCqMGC+Dv 1rGg0VgJAty+pTjbS/EOLBWP/kxokN3/bgFPeC6/bgToE6RB5UHjuGfWGBsbzPw8R7rD 1OQiVvNAnBG6xQXf8NVrTErJo/MOPYAhA2L5bmj+5TH7bKpSPev0IIVB5Fxnidj1UH2U 9EQg==
X-Gm-Message-State: APjAAAXE44PZ2oF89bVSSsYPVK0mPCsEWK/84i/Y/7L37hqXBRgKu3J+ qGZyhQUDuXNlG/8a09vktqsYRiYEfUweeixN97EgJOfFRGo=
X-Google-Smtp-Source: APXvYqycDgnvHBStfwlaEbzJ4AIcZUTZBa6GbvCSEsprw/K8RJDa2zijjSBUs3gIyZiL2UgIYEN4YgZLpV27ziyu75U=
X-Received: by 2002:a05:6808:2d0:: with SMTP id a16mr1322221oid.149.1572911566749; Mon, 04 Nov 2019 15:52:46 -0800 (PST)
MIME-Version: 1.0
References: <157291108173.13892.5112993721217644254.idtracker@ietfa.amsl.com>
In-Reply-To: <157291108173.13892.5112993721217644254.idtracker@ietfa.amsl.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Mon, 04 Nov 2019 18:52:19 -0500
Message-ID: <CAL02cgSgLaU4VMqnzvFyr_v3vErdc_mv5=E_gjgAofa2dmGg2w@mail.gmail.com>
To: cfrg@ietf.org
Cc: Joel Alwen <jalwen@wickr.com>, Sandro Coretti <corettis@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000330a8c05968e03c4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/fpqnz7K8u_TXZ0SvkJjgOJOT2Tg>
Subject: [Cfrg] Fwd: New Version Notification for draft-barnes-cfrg-mult-for-7748-00.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Nov 2019 23:52:53 -0000
Hi CFRG folks, This draft is a proposal to address a deficiency in X25519 and X448 that has been noted a couple of times on this list (e.g., [1]), namely the fact that multiplication of scalars and point multiplication do not commute. While looking into applications of updateable public-key encryption in the context of MLS [2], my co-authors came upon a solution that while not perfect, works in all but a statistically insignificant number of cases. The draft describes how to do scalar multiplication in a way that is compatible with point multiplication in the X25519 and X448 groups, describes the cases where these algorithms can fail, and provides methods for detecting failure. While "move to Ristretto" is also a solution to this problem, it seemed like a solution for X25519 / X448, even if partial, might have a slightly faster path to deployment. As with any -00 draft, feedback is very welcome! If Go is your preferred medium, we've also implemented the relevant concepts in the corresponding GitHub repo [3]. Thanks, --Richard [1] https://mailarchive.ietf.org/arch/msg/cfrg/JVg30dldjr4pcwZ1perpA1k-OGQ [2] https://eprint.iacr.org/2019/1189 [3] https://github.com/bifurcation/draft-barnes-cfrg-mult-for-7748/ ---------- Forwarded message --------- From: <internet-drafts@ietf.org> Date: Mon, Nov 4, 2019 at 6:44 PM Subject: New Version Notification for draft-barnes-cfrg-mult-for-7748-00.txt To: Richard L. Barnes <rlb@ipv.sx>, Joël Alwen <jalwen@wickr.com>, Sandro Corretti <corettis@gmail.com> A new version of I-D, draft-barnes-cfrg-mult-for-7748-00.txt has been successfully submitted by Richard L. Barnes and posted to the IETF repository. Name: draft-barnes-cfrg-mult-for-7748 Revision: 00 Title: Homomorphic Multiplication for X25519 and X448 Document date: 2019-11-04 Group: Individual Submission Pages: 10 URL: https://www.ietf.org/internet-drafts/draft-barnes-cfrg-mult-for-7748-00.txt Status: https://datatracker.ietf.org/doc/draft-barnes-cfrg-mult-for-7748/ Htmlized: https://tools.ietf.org/html/draft-barnes-cfrg-mult-for-7748-00 Htmlized: https://datatracker.ietf.org/doc/html/draft-barnes-cfrg-mult-for-7748 Abstract: In some contexts it is useful for holders of the private and public parts of an elliptic curve key pair to be able to independently apply an updates to those values, such that the resulting updated public key corresponds to the updated private key. Such updates are straightforward for older elliptic curves, but for X25519 and X448, the "clamping" prescribed for scalars requires some additional processing. This document defines a multiplication procedure that can be used to update X25519 and X448 key pairs. This algorithm can fail to produce a result, but only with negligible probability. Failures can be detected by the holder of the private key. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [Cfrg] Fwd: New Version Notification for draft-ba… Richard Barnes
- Re: [Cfrg] Fwd: New Version Notification for draf… Watson Ladd
- Re: [Cfrg] Fwd: New Version Notification for draf… Joel Alwen