IETF Logo Mail Archive

Re: [Cfrg] I-D Action: draft-irtf-cfrg-hash-to-curve-00.txt

Dan Brown <danibrown@blackberry.com> Fri, 23 March 2018 14:20 UTC

Return-Path: <danibrown@blackberry.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 146B312D948 for <cfrg@ietfa.amsl.com>; Fri, 23 Mar 2018 07:20:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B2ygI-u9vgz1 for <cfrg@ietfa.amsl.com>; Fri, 23 Mar 2018 07:20:18 -0700 (PDT)
Received: from smtp-p02.blackberry.com (smtp-p02.blackberry.com [208.65.78.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76741127873 for <cfrg@ietf.org>; Fri, 23 Mar 2018 07:20:18 -0700 (PDT)
X-Spoof:
Received: from smtp-pop.rim.net (HELO XCT103CNC.rim.net) ([10.65.161.203]) by mhs213cnc.rim.net with ESMTP/TLS/DHE-RSA-AES256-SHA; 23 Mar 2018 10:20:17 -0400
Received: from XCT114CNC.rim.net (10.65.161.214) by XCT103CNC.rim.net (10.65.161.203) with Microsoft SMTP Server (TLS) id 14.3.319.2; Fri, 23 Mar 2018 10:20:16 -0400
Received: from XMB116CNC.rim.net ([fe80::45d:f4fe:6277:5d1b]) by XCT114CNC.rim.net ([::1]) with mapi id 14.03.0319.002; Fri, 23 Mar 2018 10:20:16 -0400
From: Dan Brown <danibrown@blackberry.com>
To: "cfrg@ietf.org" <cfrg@ietf.org>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] I-D Action: draft-irtf-cfrg-hash-to-curve-00.txt
Thread-Index: AQHTwo+wmevsmO7W9Ei6j6nUcZks1qPd1sNQ
Date: Fri, 23 Mar 2018 14:20:15 +0000
Message-ID: <810C31990B57ED40B2062BA10D43FBF501C4724B@XMB116CNC.rim.net>
References: <152179999076.17610.14543047719044617731@ietfa.amsl.com>
In-Reply-To: <152179999076.17610.14543047719044617731@ietfa.amsl.com>
Accept-Language: en-US, en-CA
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.160.252]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_000A_01D3C290.87FE3760"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/jI8KbY3jbsnFhlz_mzQqLjl17kE>
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-hash-to-curve-00.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Mar 2018 14:20:21 -0000

1) I never understood why this gets called "hashing".  It conflicts with the
2 usual meanings a hash: (a) creating a digest of a long message, (b) being
one-way (some application actually require the reverse operation, i.e.
"unhashing"?).  Can we devise a better term?

I suggest re-using the verb-pair "encoding/decoding", but flipping the input
nouns and output nouns.   So, traditional ECC encodes points to a byte
string, and decodes a byte string to a point.  By contrasting, this
"hashing" method does the opposite: it encodes byte string to a point, and
decodes a point as byte string.  I guess "embed/extract" could be used if
encode/decode is deems too overloaded.

I do not recall seeing verb "hash" on every paper on this topic, so (just)
maybe others might agree with me that some alternative is warranted.

2) For what little it's worth, (I think that) none of the algorithms
specified in this I-D work for 2y^2=x^3+x/GF(8^91+5), because p=1 mod 3, p=1
mod 4, and j=1728.  

For this special curve, I sketched a modification of Elligator 2, which I
called Elligator i, in Sections 5.2 (math) and C.10 (pseudocode) of
https://datatracker.ietf.org/doc/draft-brown-ec-2y2-x3-x-mod-8-to-91-plus-5/
though I am not sure which set of curves it would generalize to.  (I admit I
don't recall trying Icart or SWU on this special curve: maybe some
variations of these would have worked just as well.)




-----Original Message-----
From: Cfrg [mailto:cfrg-bounces@irtf.org] On Behalf Of
internet-drafts@ietf.org
Sent: Friday, March 23, 2018 6:13 AM
To: i-d-announce@ietf.org
Cc: cfrg@ietf.org
Subject: [Cfrg] I-D Action: draft-irtf-cfrg-hash-to-curve-00.txt


A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Crypto Forum RG of the IRTF.

        Title           : Hashing to Elliptic Curves
        Authors         : Nick Sullivan
                          Christopher A. Wood
	Filename        : draft-irtf-cfrg-hash-to-curve-00.txt
	Pages           : 18
	Date            : 2018-03-23

Abstract:
   This document specifies a number of algorithms that may be used to
   hash arbitrary strings to Elliptic Curves.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-irtf-cfrg-hash-to-curve/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-00
https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-00


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
Cfrg mailing list
Cfrg@irtf.org
https://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email