Re: [CFRG] Questions regarding draft-irtf-cfrg-hash-to-curve-10
Björn Haase <Bjoern.M.Haase@web.de> Wed, 02 December 2020 21:00 UTC
Return-Path: <Bjoern.M.Haase@web.de>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 467853A153A for <cfrg@ietfa.amsl.com>; Wed, 2 Dec 2020 13:00:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=web.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L2zPHeyuLs7E for <cfrg@ietfa.amsl.com>; Wed, 2 Dec 2020 13:00:56 -0800 (PST)
Received: from mout.web.de (mout.web.de [217.72.192.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2C813A1533 for <cfrg@ietf.org>; Wed, 2 Dec 2020 13:00:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1606942852; bh=TyNq4Bb7FnYFLikjeSVwrLVUlGV5mSkkBKOHXcmOTX0=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References; b=UYpeKA9uMBQHGhaw/QerdSqCivBKTPvOvQtX7KwFVErLwUyr851kc5/R3DMS4FrPG yCurjHdvc5tkuqBMfL+XnH6UxVXLi7c+Qyy5JSsEUrfSk75iJUjR3Jby0iD/6HI6VT nvhkyNVbHN2QJ5QpAgvWcGsC3Z0GNmbQgeIGPOhw=
X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9
Received: from [109.90.104.251] ([109.90.104.251]) by web-mail.web.de (3c-app-webde-bap34.server.lan [172.19.172.34]) (via HTTP); Wed, 2 Dec 2020 22:00:52 +0100
MIME-Version: 1.0
Message-ID: <trinity-88ac791d-f437-4504-b9c8-57aa1119453b-1606942852142@3c-app-webde-bap34>
From: Björn Haase <Bjoern.M.Haase@web.de>
To: Mike Hamburg <mike@shiftleft.org>
Cc: Björn Haase <bjoern.haase@endress.com>, "cfrg@ietf.org" <cfrg@ietf.org>
Content-Type: text/html; charset="UTF-8"
Date: Wed, 02 Dec 2020 22:00:52 +0100
Importance: normal
Sensitivity: Normal
In-Reply-To: <3AE804FF-49CD-41C8-BBE8-138D167F8E92@shiftleft.org>
References: <VE1PR05MB7533515A32908677C520B48283F30@VE1PR05MB7533.eurprd05.prod.outlook.com> <3AE804FF-49CD-41C8-BBE8-138D167F8E92@shiftleft.org>
X-UI-Message-Type: mail
X-Priority: 3
X-Provags-ID: V03:K1:HCwEsBdhoLZEYAooMyfqsx36mJFO9Eo6+pjaccczsszXL45X7uJYwf7ck5k8weDuMvEdI EbR6Ul0G4TYewL5FGpN6gnllaY5vcHYqFAlW3oZsB5Oz0dRdZPyGiMsCIx1IimcxAVyHT53/nI8w ygyYdF0x3/qPaL/GfOfzcIsmzjgYMZ7HO5DST/qcWlls8PORMOC0DddUZIZMrlcz067m795KY5mW 4gXRQHR6ypnr69o8m+BK3+W13lndowrzv0kZcbFGzu3anS4NQgr3fZcgJkCnHS3OrDJ6ZTyaIAuD bo=
X-UI-Out-Filterresults: notjunk:1;V03:K0:yniSsA6ueSE=:+dyw/imKMXRxFTkec1kFzP mepn2yZAtWWqRsY08vnoze7FgdggrsIaJR9lZ4AKHRfroCidR0Ye1ANitJmXKuQ0xkKnddzct Zmm5+atJZtsA6nWInlcjnq4TbPV3zugUT7I8nYpiaX6ZYbgB1QoiA91V/u00/AQb6ETP3gUOy t/6xGrYJeNm3uUY2rq8VjXej+MwfqRYPL12T7MOkS+n1H78nlADfwjP0QufNROZ0TvqZbk5M2 1KDuApDc1KtyNBnPrz0M8aw9wiVOrykZyG1UR7D+UQhOMbq6oyUZUXzSFkNwllFXxVZZxz3c6 Lb94KPIldzHL5etH44BBEx4jEC0m1ZNOVC5vVmBvLIDMehd202gO7vmOMFPJ8EjaCLgMbpfkW DEg1YgoCvobl4WAwyyCerCm2pIdKtdIRqjgGz70e0GxwO+y2UukN7dHCnLMNpj4VcQJChn170 pq/U1XDamnKJ87gHkAhbYhgS8RuuePdrec54f+gR0x6TRKlZpgsX+ANlBOttssC9dCDWyCfIx QCa1zfQLkfu9eCLjqGpHHmpJS32nKL69OW8FY9bHWCfJRpzERJMjK5BVKibqAV0r5tvsvL7gK jAm+Dt90GhILY=
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/ifgMqPJY9B_oK6uu1NBuq-RZNwo>
Subject: Re: [CFRG] Questions regarding draft-irtf-cfrg-hash-to-curve-10
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 21:00:58 -0000
Von: "Mike Hamburg" <mike@shiftleft.org>
An: "Björn Haase" <bjoern.haase@endress.com>
Cc: "cfrg@ietf.org" <cfrg@ietf.org>
Betreff: Re: [CFRG] Questions regarding draft-irtf-cfrg-hash-to-curve-10
On Dec 2, 2020, at 11:58 AM, Björn Haase <bjoern.haase@endress.com> wrote:Hello Riad, Hello Christopher,As requested, I have filed an issue in the GIT draft regarding an update of our CPace security analysis.I am currently reviewing one other aspect regarding the hash_to_curve construction, where the result of two mappings is added.hash_to_curve(msg)Input: msg, an arbitrary-length byte string.Output: P, a point in G.Steps:1. u = hash_to_field(msg, 2)2. Q0 = map_to_curve(u[0])3. Q1 = map_to_curve(u[1])4. R = Q0 + Q1 # Point addition5. P = clear_cofactor(R)6. return PThe important aspect would be, that the result P comes from a uniform distribution.I am aware of a result from Coron, Icart, brier and Madore “Efficient Indifferentiable Hashing into Ordinary Elliptic Curves.” where they saw the need for using rather something of the type of
P = Q0 + x * Q1.In “Indifferentiable Deterministic Hashing to Elliptic and Hyperelliptic Curves” there is a discussion that, even if uniformity could not be guaranteed, at least some weaker property of “well-distributed encodings” holds, which they show for SWU.https://eprint.iacr.org/2010/539.pdf" target="_blank" rel="nofollow">https://eprint.iacr.org/2010/539.pdfI am having now the questions: Are you aware of a result that extends this to Elligator2? If I understood the paper correctly, the case of SSWU should be covered as part of the general properties of SWU. The guarantees seem to be linked to the property of the map that it is “well distributed” (where I did not yet understand the full implication of the character sums definition …).Yours,Björn.Mit freundlichen Grüßen I Best Regards
Dr. Björn Haase
Senior Expert Electronics | TGREH Electronics Hardware
Endress+Hauser Liquid Analysis
Endress+Hauser Conducta GmbH+Co.KG | Dieselstrasse 24 | 70839 Gerlingen | Germany
Phone: +49 7156 209 377 | Fax: +49 7156 209 221
bjoern.haase@endress.com | http://www.ehla.endress.com/" target="_blank" rel="nofollow">www.ehla.endress.com
Endress+Hauser Conducta GmbH+Co.KG
Amtsgericht Stuttgart HRA 201908
Sitz der Gesellschaft: Gerlingen
Persönlich haftende Gesellschafterin:
Endress+Hauser Conducta
Verwaltungsgesellschaft mbH
Sitz der Gesellschaft: Gerlingen
Amtsgericht Stuttgart HRA 201929
Geschäftsführer: Dr. Manfred Jagiella
Gemäss Datenschutzgrundverordnung sind wir verpflichtet, Sie zu informieren, wenn wir personenbezogene Daten von Ihnen erheben.
Dieser Informationspflicht kommen wir mit folgendem https://www.de.endress.com/de/cookies-endress+hauser-website" target="_blank" rel="nofollow">Datenschutzhinweis nach.
Disclaimer:
The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged
material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities
other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer.
This e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer unless explicitly and conspicuously designated or stated as such._______________________________________________
CFRG mailing list
CFRG@irtf.org
https://www.irtf.org/mailman/listinfo/cfrg" target="_blank" rel="nofollow">https://www.irtf.org/mailman/listinfo/cfrg
- [CFRG] Questions regarding draft-irtf-cfrg-hash-t… Björn Haase
- Re: [CFRG] Questions regarding draft-irtf-cfrg-ha… Mike Hamburg
- Re: [CFRG] Questions regarding draft-irtf-cfrg-ha… Björn Haase
- Re: [CFRG] Questions regarding draft-irtf-cfrg-ha… Mike Hamburg
- Re: [CFRG] Questions regarding draft-irtf-cfrg-ha… Mike Hamburg
- Re: [CFRG] Questions regarding draft-irtf-cfrg-ha… Mike Hamburg