IETF Logo Mail Archive

Re: [Cfrg] Elliptic Curves - poll on specific curve around 256bit work factor (ends on February 23rd)

Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Sun, 22 February 2015 17:28 UTC

Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89ACA1A1BF8 for <cfrg@ietfa.amsl.com>; Sun, 22 Feb 2015 09:28:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.501
X-Spam-Level:
X-Spam-Status: No, score=-0.501 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cAXLUkDt-znM for <cfrg@ietfa.amsl.com>; Sun, 22 Feb 2015 09:28:35 -0800 (PST)
Received: from emh04.mail.saunalahti.fi (emh04.mail.saunalahti.fi [62.142.5.110]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E046D1A1BF3 for <cfrg@irtf.org>; Sun, 22 Feb 2015 09:28:34 -0800 (PST)
Received: from LK-Perkele-VII (a88-112-44-140.elisa-laajakaista.fi [88.112.44.140]) by emh04.mail.saunalahti.fi (Postfix) with ESMTP id 08E521A25D0; Sun, 22 Feb 2015 19:28:30 +0200 (EET)
Date: Sun, 22 Feb 2015 19:28:30 +0200
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Kurt Roeckx <kurt@roeckx.be>
Message-ID: <20150222172830.GA29418@LK-Perkele-VII>
References: <54E46EA4.9010002@isode.com> <20150222163717.GA6342@roeckx.be>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <20150222163717.GA6342@roeckx.be>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/iKuufw6Ddfu6F-8ALvQo8DUDtBY>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Elliptic Curves - poll on specific curve around 256bit work factor (ends on February 23rd)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Feb 2015 17:28:37 -0000

On Sun, Feb 22, 2015 at 05:37:17PM +0100, Kurt Roeckx wrote:
> On Wed, Feb 18, 2015 at 10:51:16AM +0000, Alexey Melnikov wrote:
> > CFRG chairs are starting another poll:
> > 
> > Q3: (For people who want CFRG to recommend a curve at 256bit level) Is
> > bandwidth cost of going to p521 worth the speed win over primes closer to
> > 512 bits?
> 
> So if I understand the question, this is about speed versus
> bandwidth?  I haven't seen anybody argue that bandwidth is a
> concern.  Depending on who you ask you might get a different
> answer, but I doubt many people here care about bandwidth.
> 
> I also have to wonder how much bandwidth difference there would
> be.  If this is in the order of a few bytes per connection I doubt
> you can get many people excited about this.

AFAICT: +4 bytes for ECDHE, +5 for each certificate in chain.

So at most 24 bytes for all even remotely realistic-sounding
scenarios.


And for all applications where 256-level curves are even remotely
feasible, 24 bytes is insignificant.


-Ilari

v2.23.0 | Report a Bug | By Email