IETF Logo Mail Archive

Re: [Cfrg] Efficient side channel resistance for X25519..

Phillip Hallam-Baker <phill@hallambaker.com> Tue, 12 November 2019 17:38 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B92C412090C for <cfrg@ietfa.amsl.com>; Tue, 12 Nov 2019 09:38:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.645
X-Spam-Level:
X-Spam-Status: No, score=-1.645 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UUoMxp5qM2WS for <cfrg@ietfa.amsl.com>; Tue, 12 Nov 2019 09:38:44 -0800 (PST)
Received: from mail-ot1-f48.google.com (mail-ot1-f48.google.com [209.85.210.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB12D12090A for <cfrg@irtf.org>; Tue, 12 Nov 2019 09:38:43 -0800 (PST)
Received: by mail-ot1-f48.google.com with SMTP id 5so1216477otk.1 for <cfrg@irtf.org>; Tue, 12 Nov 2019 09:38:43 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=EpSYd+2grMuDxC5RDbqtUx5p/2epfhIl0nMsBNtoMb4=; b=bAswLzSrq7A2vWqNW1Axe0nsg6Z55BYjthM9XrBc9lBr2h0RuNvr5SBoBoyugvRXJ3 A60xLEXNVWF29wPVb0QjtYJGz9LA66HeQuN4Z4Dq9LFQggy3I/u3Bbe0OgYRIkhKI/mA Tliwf7UNe4UZhkDaRbaUn0P7YJlWemjKYDg0Hlbaz4daiyE/fy1Z+vw7nwCjHkKZm1c0 vc6X6KHfL5136KCFW13EmeKYO2KStUyVKKE3pGiQqeBeR00nLtYoID0NtMLvajWYN4K2 9m5fTKolzVmFwn0h7WOUQlgTOQeK+XYF9l/3GMjnQS48WcA4Cc3Hnd4IHP9RbyDW/OP+ 9Q1A==
X-Gm-Message-State: APjAAAWZVt4kc/CkqPUaDyxL8Ezgg7l8rgccVgQREs15/XlnXtQQgzR1 DL+zIom5CkpXVm1mP44AtxSUuc4iJrW9Hny3ubk=
X-Google-Smtp-Source: APXvYqwhf/yBhnvJX7dn5LNHRtiaDL04x7PT9yZV6oJBX83zxQgf9HdcLSDPjIU58Y01Zz0PvsdV5nI5hbTulaq7LS0=
X-Received: by 2002:a9d:7441:: with SMTP id p1mr24835579otk.87.1573580322946; Tue, 12 Nov 2019 09:38:42 -0800 (PST)
MIME-Version: 1.0
References: <CAMm+LwiB6cpcnb_gpfXueU-A5w=jJ-4U5hhH_xkH5ERx1budoQ@mail.gmail.com> <20191109190705.j4b7chrjfev3lwig@positron.jfet.org> <CAMm+LwhRA3zTMdMM0U-qbC47i80LF8PyN9hX3bzVy_kddHisCw@mail.gmail.com> <810C31990B57ED40B2062BA10D43FBF501E82D65@XMB116CNC.rim.net> <CA+jiKjP1aQ_dYGUdiU==GRKuN392z-z884jfCmDRHoMRFnbLLA@mail.gmail.com>
In-Reply-To: <CA+jiKjP1aQ_dYGUdiU==GRKuN392z-z884jfCmDRHoMRFnbLLA@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Tue, 12 Nov 2019 12:38:33 -0500
Message-ID: <CAMm+LwiajA8Tu4A=+wY_dFbrNP9u3T8pjBMnMieTo5sdoPdEQA@mail.gmail.com>
To: Henry de Valence <ietf@hdevalence.ca>
Cc: Dan Brown <danibrown@blackberry.com>, "rsw@jfet.org" <rsw@jfet.org>, "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="0000000000002cc4a5059729b8dc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/k48vxX6mELGOI61Bo922T-BngHE>
Subject: Re: [Cfrg] Efficient side channel resistance for X25519..
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Nov 2019 17:38:46 -0000

Thanks,

It looks to me as if Algorithm 5 should do what I need. Though I will have
to work out the correspondence between Algorithm 4 and RFC 7748.

Probably not happening till I get back from Singapore.



On Mon, Nov 11, 2019 at 5:17 PM Henry de Valence <ietf@hdevalence.ca> wrote:

> On Sun, Nov 10, 2019 at 6:56 AM Dan Brown <danibrown@blackberry.com>
> wrote:
> >
> > Recovering y at end of Montgomery ladder is something I heard about from
> Scott Vanstone, so it is likely published.
>
> Section 4.3 of https://arxiv.org/pdf/1703.01863.pdf may be helpful.
>
> Cheers,
> Henry
>

v2.23.0 | Report a Bug | By Email