Re: [Cfrg] When's the decision?

"Parkinson, Sean" <sean.parkinson@rsa.com> Thu, 09 October 2014 07:24 UTC

Return-Path: <sean.parkinson@rsa.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DE451A9127 for <cfrg@ietfa.amsl.com>; Thu, 9 Oct 2014 00:24:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id athJsXZJliPs for <cfrg@ietfa.amsl.com>; Thu, 9 Oct 2014 00:24:03 -0700 (PDT)
Received: from mailuogwhop.emc.com (mailuogwhop.emc.com [168.159.213.141]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E98801A0029 for <cfrg@irtf.org>; Thu, 9 Oct 2014 00:24:02 -0700 (PDT)
Received: from maildlpprd02.lss.emc.com (maildlpprd02.lss.emc.com [10.253.24.34]) by mailuogwprd02.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s997NuBO010787 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 9 Oct 2014 03:23:57 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd02.lss.emc.com s997NuBO010787
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=rsa.com; s=jan2013; t=1412839437; bh=FYGh7TtNnVi3v4Eo7RWi1fEA9Yo=; h=From:To:CC:Date:Subject:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=jW7BoYjOK+Sd0jew2Pdj2/prS9D1tKkYkxdBjheKx1HlhvCfyz4/St5m7aXp+E8GB GN5FQ/9A5MXSb1Ww/wEWMJ0t/TeZgJUvlMjMN1XjWKMmJWeY/ltHLMEOsljzpFUAgy CGqmb5dm6FsD1rmBjlSAkr65O0XvnGi7f3QYbyqo=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd02.lss.emc.com s997NuBO010787
Received: from mailusrhubprd52.lss.emc.com (mailusrhubprd52.lss.emc.com [10.106.48.25]) by maildlpprd02.lss.emc.com (RSA Interceptor); Thu, 9 Oct 2014 03:23:03 -0400
Received: from mxhub32.corp.emc.com (mxhub32.corp.emc.com [128.222.70.172]) by mailusrhubprd52.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s997NOKH027018 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 9 Oct 2014 03:23:24 -0400
Received: from mx17a.corp.emc.com ([169.254.1.209]) by mxhub32.corp.emc.com ([128.222.70.172]) with mapi; Thu, 9 Oct 2014 03:23:23 -0400
From: "Parkinson, Sean" <sean.parkinson@rsa.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 9 Oct 2014 03:23:22 -0400
Thread-Topic: [Cfrg] When's the decision?
Thread-Index: Ac/jgMbiloImE2+hTne/4dJE9fpW6gAEQQ/w
Message-ID: <2FBC676C3BBFBB4AA82945763B361DE608F1D066@MX17A.corp.emc.com>
References: <CACsn0cnHDc6_jWf1mXc5kQgj5XEc6dBBZa7K8D2=4uLti5e3aA@mail.gmail.com> <20141008173154.15169.qmail@cr.yp.to> <2FBC676C3BBFBB4AA82945763B361DE608F1D021@MX17A.corp.emc.com> <CACsn0c=6_qBhXsTicPjoQjncf5DoHp+yQZgabS7fGVCjYUc+Yw@mail.gmail.com> <2FBC676C3BBFBB4AA82945763B361DE608F1D036@MX17A.corp.emc.com> <54360428.6090801@shiftleft.org> <CAMm+LwhG9gHYBSm+R9niVz_sk8-9Fm0HeXftZEYDeKy_W6S5yQ@mail.gmail.com>
In-Reply-To: <CAMm+LwhG9gHYBSm+R9niVz_sk8-9Fm0HeXftZEYDeKy_W6S5yQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd52.lss.emc.com
X-RSA-Classifications: public
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/h7hXmCIwa3fvCuUSW6n_eV0nMWw
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] When's the decision?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Oct 2014 07:24:13 -0000

Phillip,
I can agree that stepping just over a power of 2 is only going to hurt performance in the future.

Sean
--
Sean Parkinson | Consultant Software Engineer | RSA, The Security Division of EMC
Office +61 7 3032 5232 | Fax +61 7 3032 5299
www.rsa.com


-----Original Message-----
From: hallam@gmail.com [mailto:hallam@gmail.com] On Behalf Of Phillip Hallam-Baker
Sent: Thursday, 9 October 2014 3:21 PM
To: Mike Hamburg
Cc: Parkinson, Sean; Watson Ladd; cfrg@irtf.org
Subject: Re: [Cfrg] When's the decision?

On Wed, Oct 8, 2014 at 11:42 PM, Mike Hamburg <mike@shiftleft.org> wrote:

>
> This is basically the point of Ed448-Goldilocks.  It's received a 
> mixed response in this forum, since some people would prefer the most 
> constrained curve, for some definition of "constrained" which doesn't 
> consider performance.

I am happy to consider performance but only if the differences are large and consistent.

This is not a competition where more is better. I don't want more than exactly one high strength curve and exactly one exceptionally high curve. I don't want to see any options or parameters either. Either we are all doing the twist again or nobody is. Either we are all doing compression or not.

And if there isn't a clear basis for a decision we can throw darts.


Some performance issues are show stoppers. Anything that is not less than a clean multiple of a power of 2 is going to cause severe performance hits on future architectures. 512 bit memory buses are common in graphics cards, 521 bit buses are not.

If ED448 is twice as fast as the exactly 512 bit curve then there is a decisive performance advantage. Anything less than 20% is noise.


The point is elimination, to vote people off the island so we can have a winner, not to get more people in.