Re: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncurves-00.txt

Laura Hitt <> Thu, 23 January 2014 20:50 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id C0A0D1A019A for <>; Thu, 23 Jan 2014 12:50:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.027
X-Spam-Status: No, score=-1.027 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id MEDAW9X8U29b for <>; Thu, 23 Jan 2014 12:50:45 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:400d:c01::22f]) by (Postfix) with ESMTP id C64561A0161 for <>; Thu, 23 Jan 2014 12:50:44 -0800 (PST)
Received: by with SMTP id x13so3271447qcv.34 for <>; Thu, 23 Jan 2014 12:50:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=icmFqDcznoJhVqXEPAYEtUxGoFpTCTn33VZe3nksQdQ=; b=DxUCmTu1n4KHpA/YwnUuHe7C1zVN1Ux9hZeHcmqWfTBFHrYz0M93rHpQLijXwGg2H+ BkOI3pPNzAq8ljAS+aDhZYYDZrOmA/yThpNxC37q1WrF9kxhlVkenNCv6eKRPPxb+F7v 9q7eIa1gSKmnESoZq7wgZcrG/ewAZeqPPN3a7gtCGcilWCZ4kQepTi0GgWn+yF4SqC8i fkICuTDBN8LlqC/kqp7l6vXNPwEdnCxXhoQ2Jm8crE0kZ+UAuKkktL/e5Alv6OK+3fVj AnTiO9HOR21Un6Jyqa+m4deNH3HSxpnzME3pCkiuViY77Megm7D9Gm8dPCiluJj7Y4yG rdrw==
MIME-Version: 1.0
X-Received: by with SMTP id z6mr15070400qal.14.1390510243668; Thu, 23 Jan 2014 12:50:43 -0800 (PST)
Received: by with HTTP; Thu, 23 Jan 2014 12:50:43 -0800 (PST)
Date: Thu, 23 Jan 2014 14:50:43 -0600
X-Google-Sender-Auth: sHGVDuL2sgiUr-nVTvNaG7F7fyM
Message-ID: <>
From: Laura Hitt <>
Content-Type: multipart/alternative; boundary=001a11c3e84c2169d304f0a9658d
Subject: Re: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncurves-00.txt
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 23 Jan 2014 20:52:51 -0000

 Hi Kohei,

Regarding your statement in Section 6, "The elliptic curve that supports a
bilinear map requires the hardness of solving following problems, since the
security of pairing-based cryptographic primitives is based on hardness of
these problems."  You then list the ECDLP, ECDHP, BDHP, and ECDLP with
auxiliary inputs.

I would be hesitant to suggest all pairing-based cryptographic primitives
are based on the hardness of only those's conceivable that a
pairing-based scheme could be based on another hard problem, such as
solving the isogeny problem or co-gap DH. (See, for example, Section 6 of
"Evaluating Large Degree Isogenies and Applications to Pairing Based
Cryptography" by Broker, Charles, Lauter, or "Improved algorithm for the
isogeny problem for ordinary elliptic curves" by Galbraith & Stolbunov.)


-----Original Message-----
From: Cfrg [] On Behalf Of Kohei Kasamatsu
Sent: Wednesday, January 22, 2014 6:04 PM
Subject: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncurves-00.txt

Hi cfrg folks,

Elliptic curves with a special map called a pairing allow cryptographic
primitives to achieve functions or efficiency which cannot be realized by
conventional mathematical tools. For example, ZSS signature is one of these

We have recently submitted an I-D on Barreto-Naehrig curves (BN-curves)
which provide efficient operations of a pairing.
The I-D specifies parameters of BN-curves which are particularly useful for
realization of efficient cryptographic schemes based on pairing and
parameters of BN-curves which are compliant with ISO/IEC 15946-5.

We will propose I-Ds on computation of pairing and pairing-based primitives
in order to contribute to IETF community in the near future.

We would appreciate your comments and suggestions on our I-D and works.

-------- Original Message --------
Subject: I-D Action: draft-kasamatsu-bncurves-00.txt
Date: Thu, 09 Jan 2014 21:13:03 -0800

A New Internet-Draft is available from the on-line Internet-Drafts

         Title           : Barreto-Naehrig Curves
         Authors         : Kohei Kasamatsu
                           Satoru Kanno
                           Tetsutaro Kobayashi
                           Yuto Kawahara
        Filename        : draft-kasamatsu-bncurves-00.txt
        Pages           : 15
        Date            : 2014-01-09

    Elliptic curves with pairing are useful tools for constructing
    cryptographic primitives.  In this memo, we specify domain parameters
    of Barreto-Naehrig curve (BN-curve) [5].  The BN-curve is an elliptic
    curve suitable for pairings and allows us to achieve high security
    and efficiency of cryptographic schemes.  This memo specifies domain
    parameters of two 254-bit BN-curves [1] [2] which allow us to obtain
    efficient implementations and domain parameters of 224, 256, 384, and
    512-bit BN-curves which are compliant with ISO/IEC 15946-5[3].
    Furthermore, this memo organizes differences between types of
    elliptic curves specified in ISO document and often used in open
    source softwares, which are called M-type and D-type

The IETF datatracker status page for this draft is:

There's also a htmlized version available at:

Please note that it may take a couple of minutes from the time of
submission until the htmlized version and diff are available at

Internet-Drafts are also available by anonymous FTP at:

I-D-Announce mailing list
Internet-Draft<>directoriestories: or

Cfrg mailing list