Re: [Cfrg] patent situation regarding hash2curve as used in some PAKE nominations

"Riad S. Wahby" <rsw@jfet.org> Mon, 21 October 2019 15:55 UTC

Return-Path: <rswatjfet.org@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4818E120044 for <cfrg@ietfa.amsl.com>; Mon, 21 Oct 2019 08:55:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.647
X-Spam-Level:
X-Spam-Status: No, score=-1.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A0Opa0HUcPrx for <cfrg@ietfa.amsl.com>; Mon, 21 Oct 2019 08:55:38 -0700 (PDT)
Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03DA71200CE for <cfrg@irtf.org>; Mon, 21 Oct 2019 08:55:37 -0700 (PDT)
Received: by mail-pl1-f174.google.com with SMTP id t10so6810952plr.8 for <cfrg@irtf.org>; Mon, 21 Oct 2019 08:55:37 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=wq7see6pLSm83o44QZU3lzTgYlFWQeljvQGrKrWoHjQ=; b=IHWWiSPemFAtVS2VVmRFgEowWM5aO8u7K48ZmAf5Z+N7+g/ycwpqyQT7Zyi/VK3PN7 7YF8ZB/izt1UCVhoflJbjVcj+eD7j1noEs4AlI2zJEAmbRGQhAekjp7JOqMjegZiRj04 Skmi/2kB+cn/NryRzn2DTTeM0kWoIIqzRm6zIA/9A9z6PTgaMoybeMSSBei4vSG/3NcB 3/d8cLKWj1BzE9df41qdlZx8TIHdEtyCPDV17C2hWTn6/QJ1Dw0WCxRDQe/LeFpzZ152 AvlZLC3VYp1U2tboi9lTejxtLP72r2+yafhcd4o8jW1ctkRm8KKvdARzkabMt2/OMezO MymA==
X-Gm-Message-State: APjAAAXWxHMzUdmNC3EHVr5Akuq5FhYn3gaxzBzHiwICP4wURiDWXoTT ExxqqtJQ9wwXOPDwOQ/xFVg=
X-Google-Smtp-Source: APXvYqxCvfXREUVt8Rr+o3eBiyX6lt0QuCIb0mOSaa+ysX35DdITC9IcluFOFPEgK+Ly71O3XKdLBQ==
X-Received: by 2002:a17:902:6ac8:: with SMTP id i8mr24173396plt.164.1571673337488; Mon, 21 Oct 2019 08:55:37 -0700 (PDT)
Received: from localhost (positron.stanford.edu. [171.67.76.114]) by smtp.gmail.com with ESMTPSA id d4sm14977351pjs.9.2019.10.21.08.55.36 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 21 Oct 2019 08:55:36 -0700 (PDT)
Date: Mon, 21 Oct 2019 08:55:35 -0700
From: "Riad S. Wahby" <rsw@jfet.org>
To: Bjoern.M.Haase@web.de, cfrg@irtf.org
Message-ID: <20191021155535.ochgmoti5cgwdopp@positron.jfet.org>
References: <5e1610c6-2038-31ce-6bb8-a6e18f40434d@web.de> <ac0ed5bf-cc4b-14e6-59c6-f24c7cb43f1a@web.de> <20191016202223.lbuavuery4yj6qib@positron.jfet.org> <trinity-77782fb3-2939-452c-85d8-95592c7829b8-1571301291317@3c-app-webde-bs25> <VI1PR0501MB22556D3FA849989AAFFFD1FA836D0@VI1PR0501MB2255.eurprd05.prod.outlook.com> <VI1PR0501MB22555DA1CD400E64259EA39D836D0@VI1PR0501MB2255.eurprd05.prod.outlook.com> <VI1PR0501MB2255C90CDB1AA88516A1CFDC836D0@VI1PR0501MB2255.eurprd05.prod.outlook.com> <20191020214602.veecj2ft2v6czjye@positron.jfet.org> <trinity-549479d5-9427-41ad-987b-e35871e9cfeb-1571639953515@3c-app-webde-bap26>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <trinity-549479d5-9427-41ad-987b-e35871e9cfeb-1571639953515@3c-app-webde-bap26>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/kHSMMAh8Kcq-qQY-hBOo9Wq5GjQ>
Subject: Re: [Cfrg] patent situation regarding hash2curve as used in some PAKE nominations
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2019 15:55:40 -0000

Hello Bjorn,

As I pointed out off-list, and to be completely explicit: X3(t)=Z is
not a counter-argument to my prior message since Skalba's inequality
requires a polynomial X3(t) such that

    f(X1(t)) * f(X2(t)) * f(X3(t)) == U(t)^2

and the point of choosing Z as we have is that there does not exist
any polynomial X3(t) such that f(X3(t)) == Z.

"\"Björn Haase\"" <Bjoern.M.Haase@web.de> wrote:
>    - We might be better still including "plain" SWU as an option for mapping
>    in the hash2curve draft.

As I've said in the past, there is no reason to ever use "plain" SWU.
The map of Shallue and van de Woestijne has exactly the same cost and
is strictly more general. (We will certainly include the S-vdW map.)

Regards,

-=rsw