IETF Logo Mail Archive

Re: [Cfrg] Call for adoption: draft-yonezawa-pairing-friendly-curves

SAITO Tsunekazu <tsunekazu.saito.hg@hco.ntt.co.jp> Thu, 19 September 2019 11:55 UTC

Return-Path: <tsunekazu.saito.hg@hco.ntt.co.jp>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2886D120104 for <cfrg@ietfa.amsl.com>; Thu, 19 Sep 2019 04:55:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hCxtq8ZKUTC9 for <cfrg@ietfa.amsl.com>; Thu, 19 Sep 2019 04:55:29 -0700 (PDT)
Received: from dish-sg.nttdocomo.co.jp (dish-sg.nttdocomo.co.jp [202.19.227.74]) by ietfa.amsl.com (Postfix) with ESMTP id 1BD921200EF for <cfrg@ietf.org>; Thu, 19 Sep 2019 04:55:29 -0700 (PDT)
X-dD-Source: Outbound
Received: from zssg-mailmd104.ddreams.local (zssg-mailmd900.ddreams.local [10.160.172.63]) by zssg-mailou103.ddreams.local (Postfix) with ESMTP id AAB371200C8 for <cfrg@ietf.org>; Thu, 19 Sep 2019 20:55:28 +0900 (JST)
Received: from zssg-mailcc301.ddreams.local (zssg-mailcc301.ddreams.local [10.160.162.152]) by zssg-mailmd104.ddreams.local (dDREAMS) with ESMTP id <0PY200DIOUGGDWA0@dDREAMS>; Thu, 19 Sep 2019 20:55:28 +0900 (JST)
Received: from zssg-mailcc301 (localhost [127.0.0.1]) by zssg-mailcc301.ddreams.local (unknown) with SMTP id x8JBtSBC007962; Thu, 19 Sep 2019 20:55:28 +0900
Received: from zssg-mailmf102.ddreams.local (unknown [127.0.0.1]) by zssg-mailmf102.ddreams.local (Postfix) with ESMTP id B04217E6032; Thu, 19 Sep 2019 20:55:19 +0900 (JST)
Received: from zssg-mailmf102.ddreams.local (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id ADF668E6052; Thu, 19 Sep 2019 20:55:19 +0900 (JST)
Received: from localhost (unknown [127.0.0.1]) by IMSVA (Postfix) with SMTP id AC5E98E6042; Thu, 19 Sep 2019 20:55:19 +0900 (JST)
X-IMSS-HAND-OFF-DIRECTIVE: localhost:10026
Received: from zssg-mailmf102.ddreams.local (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A5E3E8E6042; Thu, 19 Sep 2019 20:55:18 +0900 (JST)
Received: from zssg-mailua104.ddreams.local (unknown [10.160.172.62]) by zssg-mailmf102.ddreams.local (Postfix) with ESMTP; Thu, 19 Sep 2019 20:55:18 +0900 (JST)
Received: from rcR9101293 (unknown [10.171.96.154]) by zssg-mailua104.ddreams.local (dDREAMS) with ESMTPA id <0PY201D0JUG6JU70@dDREAMS>; Thu, 19 Sep 2019 20:55:18 +0900 (JST)
From: SAITO Tsunekazu <tsunekazu.saito.hg@hco.ntt.co.jp>
References: <2E880A9A-78D2-4CE0-9C73-57AA73582D2D@inf.ethz.ch> <20190909050447.ytsch3nqqrndzrlk@positron.jfet.org> <CAP6aw1D8hjgh+DMNGQHrOrbTS75xAEERj9OJQ9EFQghY5tTRgA@mail.gmail.com>
In-reply-to: <CAP6aw1D8hjgh+DMNGQHrOrbTS75xAEERj9OJQ9EFQghY5tTRgA@mail.gmail.com>
Date: Thu, 19 Sep 2019 20:55:18 +0900
Message-id: <000001d56ee1$1b6330c0$52299240$@hco.ntt.co.jp_1>
MIME-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-index: AQGAnI2JCM2pBVcutDJL+ChfC5VzZAInfmX2AgRzS0ynuycygA==
Content-language: ja
X-TM-AS-GCONF: 00
To: cfrg@ietf.org
X-CC-Mail-RelayStamp: CC/Mail Relayed
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/iop0EyB_PqE9RDRFpUnIVK_e_mY>
Subject: Re: [Cfrg] Call for adoption: draft-yonezawa-pairing-friendly-curves
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Sep 2019 11:55:31 -0000

Dear Riad, Kobi

This is Tsunekazu SAITO.

I also think that it is very important to decide which curve is listed and which is not listed, 
as Riad and Kobi say. We also investigated the implementation of pairing.
There are a large number of pairing implementations:

URL: https://docs.google.com/spreadsheets/d/e/2PACX-1vRhMzGruI5BU3ovp-83CbwG9yrmaU6XIweXv_-0uS3Kl_KUSmPLpmNJzU7mpUwqq-ysKJHSMMRABhU-/pubhtml?gid=1569286446&single=true

At IETF105, Shoko talked in detail about the significance of this draft for pairing, 
here I would like to explain the reasons for selecting the curves listed above.

(1) One reason is because the curve is widely used and is expected to be used in the future. 
Therefore, the BLS12-381 curve originally is cited and selected in the draft of BLS signature and HashingToCruve. 
Furthermore, I think that there is a possibility that it may be used in a signature ECDAA in TCG that is very similar to the BLS signature. 

(2) As the 2nd reason, the curve is selected so that it can be changed 
as smoothly as possible from the parameter BN254 etc. that have been used before. 
If one implemented BN254 curve, the cost of chaning from BN254 to BN462 can be reduced. 
Therfore, BN462 is listed. 

Therefore, we selected the two parameters, BLS12-381 and BN462, for describing 128-bit secure parameters. 
If there will be a curve that matches these reason and has strong influence 
for some protocol in the future, we should describe the detail parameter of the curve under many hum. 
On the other hand, it is very important to decide whether or not to publish for the rapid progress of the draft.

Of course, other curves such as BLS12-377 will be included in the usage list.

Best Regards,
Tsunekazu 

From: Kobi Gurkan <kobigurk@gmail.com> 
Sent: Wednesday, September 11, 2019 7:47 PM
To: Riad S. Wahby <rsw@jfet.org>
Cc: Paterson Kenneth <kenny.paterson@inf.ethz.ch>; cfrg@ietf.org; draft-yonezawa-pairing-friendly-curves.authors@ietf.org; cfrg-chairs@ietf.org
Subject: Re: [Cfrg] Call for adoption: draft-yonezawa-pairing-friendly-curves

Riad makes a good point. Maybe a SNARK-specific draft could be a better place.

On Mon, Sep 9, 2019 at 8:04 AM Riad S. Wahby <mailto:rsw@jfet.org> wrote:
Paterson  Kenneth <mailto:kenny.paterson@inf.ethz.ch> wrote:
> https://datatracker.ietf.org/doc/draft-yonezawa-pairing-friendly-curves/
>
> Please give your views on whether this document should be adopted
> as a CFRG draft, and if so, whether you'd be willing to help work
> on it/review it.

I support adoption of this draft, and I'm happy to help review it
and to make sure it's well synchronized with the hash-to-curve and
BLS signatures efforts (just as Armando has already said).

But I am a bit wary about mission creep. In particular I think we
should want pretty strong justification before adding specialized
constructions like the ZEXE curves and the Coda cycle. I'd prefer
for those to live in their own document(s) since probably they're
unnecessary (and add needless cost) for most applications.

-=rsw

_______________________________________________
Cfrg mailing list
mailto:Cfrg@irtf.org
https://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email