IETF Logo Mail Archive

Re: [Cfrg] Is draft-agl-cfrgcurve-00 incompatible with Ed25519?

Tony Arcieri <bascule@gmail.com> Fri, 09 January 2015 23:17 UTC

Return-Path: <bascule@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C7C21A1A3B for <cfrg@ietfa.amsl.com>; Fri, 9 Jan 2015 15:17:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kwm8skBa5lo0 for <cfrg@ietfa.amsl.com>; Fri, 9 Jan 2015 15:17:28 -0800 (PST)
Received: from mail-oi0-x233.google.com (mail-oi0-x233.google.com [IPv6:2607:f8b0:4003:c06::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EE341A00F5 for <cfrg@irtf.org>; Fri, 9 Jan 2015 15:17:27 -0800 (PST)
Received: by mail-oi0-f51.google.com with SMTP id h136so14031596oig.10 for <cfrg@irtf.org>; Fri, 09 Jan 2015 15:17:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=Dk0SwjcOe76Nq7K8W8Sb0bwzNSC3aqIvswiBWf9N3jQ=; b=yLlLWStdY1Ah4nqBSC9z0GsftzqwkUB3cCA8ei5Sr7hI10rjZdbZ3epoFcXLAZSdrh EmcPHc17jTx0SV8ry4zFdzNtcCVCjuIt4AghiGmlSL+A5eZUJpkid+sNpcPKKvje3nlW NxykNQXtZ/mYC30VyWCCXebYp9qIKusXYRtTqNgqLOqJ8KPg00GGESJlHTzKMS8WTB3X aFLhkmRY2w6yQFy1HokARDzj/7y2S+oGbb9IzJBp85TZZ10AYOzmNIxGxPCkSF6dUMpi wdQBiMqJLhwa7qGazF/suqx+4CYSFPHUZKRxO9kJhEI5Wy23BD857RuKhjnuU/4AMIwW vhRw==
X-Received: by 10.182.148.229 with SMTP id tv5mr10859348obb.41.1420845447027; Fri, 09 Jan 2015 15:17:27 -0800 (PST)
MIME-Version: 1.0
Received: by 10.60.227.225 with HTTP; Fri, 9 Jan 2015 15:17:06 -0800 (PST)
In-Reply-To: <CAMfhd9U4DkYB-BmEo6xz6SZkqnR=_MCiBTrJhXEaoGNxNdYGag@mail.gmail.com>
References: <CAHOTMV+xQV6uqp-tB1Hs8xry5L+od=UW7RgtRYY-Lte4SGwxHA@mail.gmail.com> <CAMfhd9U4DkYB-BmEo6xz6SZkqnR=_MCiBTrJhXEaoGNxNdYGag@mail.gmail.com>
From: Tony Arcieri <bascule@gmail.com>
Date: Fri, 09 Jan 2015 15:17:06 -0800
Message-ID: <CAHOTMVKcZ5rK8RzLwZ7+5xC4N39npa=Cad81pHzKBOxytiLK1w@mail.gmail.com>
To: Adam Langley <agl@imperialviolet.org>
Content-Type: multipart/alternative; boundary="089e013d0a2c26a3ac050c405cce"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/j7Br6HJO-QTMwygAqGW_yIc8kJQ>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Is draft-agl-cfrgcurve-00 incompatible with Ed25519?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jan 2015 23:17:29 -0000

On Fri, Jan 9, 2015 at 3:15 PM, Adam Langley <agl@imperialviolet.org> wrote:

> The Edwards curve recommended in draft-agl-cfrgcurve-00 is the curve
> behind Ed25519. The draft doesn't say anything about EdDSA, or even
> signatures, but I don't think there's an incompatibility—just an
> incompleteness.


EdDSA is a separate can of worms. In the worst case, if Ed25519 public keys
are used, then ECDSA can be used by doing point conversion from Edwards to
Weierstrass. Or perhaps "FrankenECDSA"... but that would be
less-than-ideam, IMO.

I am more specifically concerned about the curve itself, not the signature
algorithm.

-- 
Tony Arcieri

v2.23.0 | Report a Bug | By Email