IETF Logo Mail Archive

Re: [Cfrg] Elliptic Curves - signature: shorter signatures versa batch verification (ends on August 21st)

Göran Selander <goran.selander@ericsson.com> Wed, 26 August 2015 06:40 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7E281AC418 for <cfrg@ietfa.amsl.com>; Tue, 25 Aug 2015 23:40:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.779
X-Spam-Level:
X-Spam-Status: No, score=-2.779 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URI_HEX=1.122] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bC5HvqI1u4PX for <cfrg@ietfa.amsl.com>; Tue, 25 Aug 2015 23:40:44 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C07E1AC3D9 for <cfrg@irtf.org>; Tue, 25 Aug 2015 23:40:43 -0700 (PDT)
X-AuditID: c1b4fb25-f79a26d00000149a-ad-55dd5f69d792
Received: from ESESSHC017.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id 7D.92.05274.96F5DD55; Wed, 26 Aug 2015 08:40:42 +0200 (CEST)
Received: from ESESSMB303.ericsson.se ([169.254.3.14]) by ESESSHC017.ericsson.se ([153.88.183.69]) with mapi id 14.03.0210.002; Wed, 26 Aug 2015 08:40:41 +0200
From: Göran Selander <goran.selander@ericsson.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Thread-Topic: [Cfrg] Elliptic Curves - signature: shorter signatures versa batch verification (ends on August 21st)
Thread-Index: AQHQ1n/aBwIip+GPdUqFWg+DVuPWPZ4cfiwAgAFpFQA=
Date: Wed, 26 Aug 2015 06:40:40 +0000
Message-ID: <D20324E6.33901%goran.selander@ericsson.com>
References: <55CDC924.8030703@isode.com> <2A058771-BCC6-41FF-8E2F-376B40842AAB@gmail.com>
In-Reply-To: <2A058771-BCC6-41FF-8E2F-376B40842AAB@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.7.141117
x-originating-ip: [153.88.183.16]
Content-Type: text/plain; charset="utf-8"
Content-ID: <1D40D15735F55C4C8D7C522D710755F6@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprAIsWRmVeSWpSXmKPExsUyM+JvjW5W/N1Qgzk7mC26fxxkslh67AOT A5PHzll32T0mbzzMFsAUxWWTkpqTWZZapG+XwJWx7c0mpoJJohW7l7YxNTCeEeli5OSQEDCR mLe9gQXCFpO4cG89WxcjF4eQwFFGib8dp6GcxYwSj++sZAOpYhNwkXjQ8IgJxBYRUJI4fOUr M4jNLKAssWj9CbC4sECJxPd385khakolrkz8yQhhW0lMaJoIVsMioCrR0rodLM4rYCHx7Ngk sLiQQLTE74+/WEFsTgFbiU3TP4DNYQS67vupNUwQu8Qlbj2ZzwRxtYDEkj3nmSFsUYmXj/+B 9YoK6EmsvN7EBhFXlNh5th2ohgOoV1Ni/S59iDHWEhtuPmGDsBUlpnQ/ZIc4R1Di5MwnLBMY JWYh2TYLoXsWku5ZSLpnIelewMi6ilG0OLU4KTfdyFgvtSgzubg4P08vL7VkEyMwCg9u+a26 g/HyG8dDjAIcjEo8vApnbocKsSaWFVfmHmKU5mBREuedsTkvVEggPbEkNTs1tSC1KL6oNCe1 +BAjEwenVAOjdvkLgV2f91p99jRljQ75vvCmzd2+vhyPCg3V25o715funrhY9kyGSt628L0Z skzmol6MzlrOf+Y6RLR8qolb5sIQw9msuH9l0cS8xMWV0/d+0/K6e+Pvxdm6SrHq3QvLnXX0 bTgO3v+3bYl4vFL538oq93Z218l/rlmcKtooF7H5n7SdfJgSS3FGoqEWc1FxIgBMjFiUowIA AA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/iqofDgvFbcJuMWwfObpCANKn_mk>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Elliptic Curves - signature: shorter signatures versa batch verification (ends on August 21st)
X-BeenThere: cfrg@mail.ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.mail.ietf.org>
List-Unsubscribe: <https://mail.ietf.org/mailman/options/cfrg>, <mailto:cfrg-request@mail.ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@mail.ietf.org>
List-Help: <mailto:cfrg-request@mail.ietf.org?subject=help>
List-Subscribe: <https://mail.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@mail.ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Aug 2015 06:40:46 -0000


On 2015-08-25 13:08, "Yoav Nir" <ynir.ietf@gmail.com> wrote:

>
>> On Aug 14, 2015, at 1:55 PM, Alexey Melnikov
>><alexey.melnikov@isode.com> wrote:
>> 
>> Dear CFRG participants,
>> 
>> Of the various proposals, one ("hamburg", see
>><http://ed25519.cr.yp.to/cfrg/signatures.py>) takes the option of
>>shortening the final signature by using a method known as Schnorr's
>>trick, while the others do not. This means that the "hamburg" scheme
>>enjoys shorter signatures (e.g. 48 bytes instead of 64 bytes at the
>>128-bit security level). But it removes the ability of the scheme to
>>support fast batch verification of signatures. Some concerns about the
>>security implications of the approach adopted in the "hamburg" scheme
>>have also been voiced on list
>
>A little late for the party. My excuse is that I was on vacation. I’m
>also against having shortened (“Hamburg” or “2”) signatures.
>
>Regarding the IoT use cases, I realize that a signature enlarging the
>data so much that in exceeds a single packet is inconvenient. I’m
>wondering, though, what kinds or protocols are we talking about. (D)TLS
>and others all have signatures very rarely. Most packets (or records)
>don’t carry signatures - they carry tags or MACs based on relatively
>long-lived state. Is sending a signature once an hour or once a day that
>is 16 bytes longer still considered prohibitive?  Or are we talking about
>some protocol that signs every message?

One example of type of application is given in
https://tools.ietf.org/html/draft-seitz-ace-core-authz-00#section-2.2

The candidate message format for the work in ACE is developed in the COSE
WG. Key establishment is TBD - the proposed architecture contains trusted
parties that e.g. could act KDC.

Hope that helps.

Göran

>
>Yoav
>
>_______________________________________________
>Cfrg mailing list
>Cfrg@mail.ietf.org
>https://mail.ietf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email