Re: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncurves-00.txt
Laura Hitt <LHitt@21CT.com> Thu, 23 January 2014 20:50 UTC
Return-Path: <hitt36@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0A0D1A019A for <cfrg@ietfa.amsl.com>; Thu, 23 Jan 2014 12:50:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.027
X-Spam-Level:
X-Spam-Status: No, score=-1.027 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MEDAW9X8U29b for <cfrg@ietfa.amsl.com>; Thu, 23 Jan 2014 12:50:45 -0800 (PST)
Received: from mail-qc0-x22f.google.com (mail-qc0-x22f.google.com [IPv6:2607:f8b0:400d:c01::22f]) by ietfa.amsl.com (Postfix) with ESMTP id C64561A0161 for <cfrg@irtf.org>; Thu, 23 Jan 2014 12:50:44 -0800 (PST)
Received: by mail-qc0-f175.google.com with SMTP id x13so3271447qcv.34 for <cfrg@irtf.org>; Thu, 23 Jan 2014 12:50:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=icmFqDcznoJhVqXEPAYEtUxGoFpTCTn33VZe3nksQdQ=; b=DxUCmTu1n4KHpA/YwnUuHe7C1zVN1Ux9hZeHcmqWfTBFHrYz0M93rHpQLijXwGg2H+ BkOI3pPNzAq8ljAS+aDhZYYDZrOmA/yThpNxC37q1WrF9kxhlVkenNCv6eKRPPxb+F7v 9q7eIa1gSKmnESoZq7wgZcrG/ewAZeqPPN3a7gtCGcilWCZ4kQepTi0GgWn+yF4SqC8i fkICuTDBN8LlqC/kqp7l6vXNPwEdnCxXhoQ2Jm8crE0kZ+UAuKkktL/e5Alv6OK+3fVj AnTiO9HOR21Un6Jyqa+m4deNH3HSxpnzME3pCkiuViY77Megm7D9Gm8dPCiluJj7Y4yG rdrw==
MIME-Version: 1.0
X-Received: by 10.224.88.70 with SMTP id z6mr15070400qal.14.1390510243668; Thu, 23 Jan 2014 12:50:43 -0800 (PST)
Sender: hitt36@gmail.com
Received: by 10.96.148.99 with HTTP; Thu, 23 Jan 2014 12:50:43 -0800 (PST)
Date: Thu, 23 Jan 2014 14:50:43 -0600
X-Google-Sender-Auth: sHGVDuL2sgiUr-nVTvNaG7F7fyM
Message-ID: <CALvuEy517aggG7HvLKfEn_0CPC_xEbf-KBv27MCA0WENS3S4oQ@mail.gmail.com>
From: Laura Hitt <LHitt@21CT.com>
To: cfrg@irtf.org, kasamatsu.kohei@po.ntts.co.jp
Content-Type: multipart/alternative; boundary="001a11c3e84c2169d304f0a9658d"
Subject: Re: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncurves-00.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2014 20:52:51 -0000
Hi Kohei, Regarding your statement in Section 6, "The elliptic curve that supports a bilinear map requires the hardness of solving following problems, since the security of pairing-based cryptographic primitives is based on hardness of these problems." You then list the ECDLP, ECDHP, BDHP, and ECDLP with auxiliary inputs. I would be hesitant to suggest all pairing-based cryptographic primitives are based on the hardness of only those problems...it's conceivable that a pairing-based scheme could be based on another hard problem, such as solving the isogeny problem or co-gap DH. (See, for example, Section 6 of "Evaluating Large Degree Isogenies and Applications to Pairing Based Cryptography" by Broker, Charles, Lauter, or "Improved algorithm for the isogeny problem for ordinary elliptic curves" by Galbraith & Stolbunov.) Best, Laura -----Original Message----- From: Cfrg [mailto:cfrg-bounces@irtf.org] On Behalf Of Kohei Kasamatsu Sent: Wednesday, January 22, 2014 6:04 PM To: cfrg@irtf.org Cc: kobayashi.tetsutaro@lab.ntt.co.jp; kawahara.yuto@lab.ntt.co.jp Subject: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncurves-00.txt Hi cfrg folks, Elliptic curves with a special map called a pairing allow cryptographic primitives to achieve functions or efficiency which cannot be realized by conventional mathematical tools. For example, ZSS signature is one of these primitives. We have recently submitted an I-D on Barreto-Naehrig curves (BN-curves) which provide efficient operations of a pairing. The I-D specifies parameters of BN-curves which are particularly useful for realization of efficient cryptographic schemes based on pairing and parameters of BN-curves which are compliant with ISO/IEC 15946-5. We will propose I-Ds on computation of pairing and pairing-based primitives in order to contribute to IETF community in the near future. We would appreciate your comments and suggestions on our I-D and works. Best, Kohei KASAMATSU -------- Original Message -------- Subject: I-D Action: draft-kasamatsu-bncurves-00.txt Date: Thu, 09 Jan 2014 21:13:03 -0800 From: internet-drafts@ietf.org Reply-To: internet-drafts@ietf.org To: i-d-announce@ietf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Barreto-Naehrig Curves Authors : Kohei Kasamatsu Satoru Kanno Tetsutaro Kobayashi Yuto Kawahara Filename : draft-kasamatsu-bncurves-00.txt Pages : 15 Date : 2014-01-09 Abstract: Elliptic curves with pairing are useful tools for constructing cryptographic primitives. In this memo, we specify domain parameters of Barreto-Naehrig curve (BN-curve) [5]. The BN-curve is an elliptic curve suitable for pairings and allows us to achieve high security and efficiency of cryptographic schemes. This memo specifies domain parameters of two 254-bit BN-curves [1] [2] which allow us to obtain efficient implementations and domain parameters of 224, 256, 384, and 512-bit BN-curves which are compliant with ISO/IEC 15946-5[3]. Furthermore, this memo organizes differences between types of elliptic curves specified in ISO document and often used in open source softwares, which are called M-type and D-type respectively[21]. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-kasamatsu-bncurves/ There's also a htmlized version available at: http://tools.ietf.org/html/draft-kasamatsu-bncurves-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft<https://www.ietf.org/mailman/listinfo/i-d-announceInternet-Draft>directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt _______________________________________________ Cfrg mailing list Cfrg@irtf.org http://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncurves-… Kohei Kasamatsu
- Re: [Cfrg] I-D Action: draft-kasamatsu-bncurves-0… Michael Hamburg
- Re: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncur… Laura Hitt
- Re: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncur… Kohei Kasamatsu
- Re: [Cfrg] I-D Action: draft-kasamatsu-bncurves-0… Kohei Kasamatsu
- Re: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncur… Kohei Kasamatsu
- Re: [Cfrg] I-D Action: draft-kasamatsu-bncurves-0… Mike Hamburg
- Re: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncur… Laura Hitt
- Re: [Cfrg] I-D Action: draft-kasamatsu-bncurves-0… Kohei Kasamatsu