Re: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncurves-00.txt

Laura Hitt <LHitt@21CT.com> Thu, 23 January 2014 20:50 UTC

Return-Path: <hitt36@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0A0D1A019A for <cfrg@ietfa.amsl.com>; Thu, 23 Jan 2014 12:50:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.027
X-Spam-Level:
X-Spam-Status: No, score=-1.027 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MEDAW9X8U29b for <cfrg@ietfa.amsl.com>; Thu, 23 Jan 2014 12:50:45 -0800 (PST)
Received: from mail-qc0-x22f.google.com (mail-qc0-x22f.google.com [IPv6:2607:f8b0:400d:c01::22f]) by ietfa.amsl.com (Postfix) with ESMTP id C64561A0161 for <cfrg@irtf.org>; Thu, 23 Jan 2014 12:50:44 -0800 (PST)
Received: by mail-qc0-f175.google.com with SMTP id x13so3271447qcv.34 for <cfrg@irtf.org>; Thu, 23 Jan 2014 12:50:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=icmFqDcznoJhVqXEPAYEtUxGoFpTCTn33VZe3nksQdQ=; b=DxUCmTu1n4KHpA/YwnUuHe7C1zVN1Ux9hZeHcmqWfTBFHrYz0M93rHpQLijXwGg2H+ BkOI3pPNzAq8ljAS+aDhZYYDZrOmA/yThpNxC37q1WrF9kxhlVkenNCv6eKRPPxb+F7v 9q7eIa1gSKmnESoZq7wgZcrG/ewAZeqPPN3a7gtCGcilWCZ4kQepTi0GgWn+yF4SqC8i fkICuTDBN8LlqC/kqp7l6vXNPwEdnCxXhoQ2Jm8crE0kZ+UAuKkktL/e5Alv6OK+3fVj AnTiO9HOR21Un6Jyqa+m4deNH3HSxpnzME3pCkiuViY77Megm7D9Gm8dPCiluJj7Y4yG rdrw==
MIME-Version: 1.0
X-Received: by 10.224.88.70 with SMTP id z6mr15070400qal.14.1390510243668; Thu, 23 Jan 2014 12:50:43 -0800 (PST)
Sender: hitt36@gmail.com
Received: by 10.96.148.99 with HTTP; Thu, 23 Jan 2014 12:50:43 -0800 (PST)
Date: Thu, 23 Jan 2014 14:50:43 -0600
X-Google-Sender-Auth: sHGVDuL2sgiUr-nVTvNaG7F7fyM
Message-ID: <CALvuEy517aggG7HvLKfEn_0CPC_xEbf-KBv27MCA0WENS3S4oQ@mail.gmail.com>
From: Laura Hitt <LHitt@21CT.com>
To: cfrg@irtf.org, kasamatsu.kohei@po.ntts.co.jp
Content-Type: multipart/alternative; boundary=001a11c3e84c2169d304f0a9658d
Subject: Re: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncurves-00.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2014 20:52:51 -0000

 Hi Kohei,

Regarding your statement in Section 6, "The elliptic curve that supports a
bilinear map requires the hardness of solving following problems, since the
security of pairing-based cryptographic primitives is based on hardness of
these problems."  You then list the ECDLP, ECDHP, BDHP, and ECDLP with
auxiliary inputs.

I would be hesitant to suggest all pairing-based cryptographic primitives
are based on the hardness of only those problems...it's conceivable that a
pairing-based scheme could be based on another hard problem, such as
solving the isogeny problem or co-gap DH. (See, for example, Section 6 of
"Evaluating Large Degree Isogenies and Applications to Pairing Based
Cryptography" by Broker, Charles, Lauter, or "Improved algorithm for the
isogeny problem for ordinary elliptic curves" by Galbraith & Stolbunov.)

Best,
Laura



-----Original Message-----
From: Cfrg [mailto:cfrg-bounces@irtf.org] On Behalf Of Kohei Kasamatsu
Sent: Wednesday, January 22, 2014 6:04 PM
To: cfrg@irtf.org
Cc: kobayashi.tetsutaro@lab.ntt.co.jp; kawahara.yuto@lab.ntt.co.jp
Subject: [Cfrg] Fwd: I-D Action: draft-kasamatsu-bncurves-00.txt

Hi cfrg folks,


Elliptic curves with a special map called a pairing allow cryptographic
primitives to achieve functions or efficiency which cannot be realized by
conventional mathematical tools. For example, ZSS signature is one of these
primitives.

We have recently submitted an I-D on Barreto-Naehrig curves (BN-curves)
which provide efficient operations of a pairing.
The I-D specifies parameters of BN-curves which are particularly useful for
realization of efficient cryptographic schemes based on pairing and
parameters of BN-curves which are compliant with ISO/IEC 15946-5.

We will propose I-Ds on computation of pairing and pairing-based primitives
in order to contribute to IETF community in the near future.

We would appreciate your comments and suggestions on our I-D and works.

Best,
Kohei KASAMATSU
-------- Original Message --------
Subject: I-D Action: draft-kasamatsu-bncurves-00.txt
Date: Thu, 09 Jan 2014 21:13:03 -0800
From: internet-drafts@ietf.org
Reply-To: internet-drafts@ietf.org
To: i-d-announce@ietf.org


A New Internet-Draft is available from the on-line Internet-Drafts
directories.


         Title           : Barreto-Naehrig Curves
         Authors         : Kohei Kasamatsu
                           Satoru Kanno
                           Tetsutaro Kobayashi
                           Yuto Kawahara
        Filename        : draft-kasamatsu-bncurves-00.txt
        Pages           : 15
        Date            : 2014-01-09

Abstract:
    Elliptic curves with pairing are useful tools for constructing
    cryptographic primitives.  In this memo, we specify domain parameters
    of Barreto-Naehrig curve (BN-curve) [5].  The BN-curve is an elliptic
    curve suitable for pairings and allows us to achieve high security
    and efficiency of cryptographic schemes.  This memo specifies domain
    parameters of two 254-bit BN-curves [1] [2] which allow us to obtain
    efficient implementations and domain parameters of 224, 256, 384, and
    512-bit BN-curves which are compliant with ISO/IEC 15946-5[3].
    Furthermore, this memo organizes differences between types of
    elliptic curves specified in ISO document and often used in open
    source softwares, which are called M-type and D-type
    respectively[21].


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-kasamatsu-bncurves/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-kasamatsu-bncurves-00


Please note that it may take a couple of minutes from the time of
submission until the htmlized version and diff are available at
tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft<https://www.ietf.org/mailman/listinfo/i-d-announceInternet-Draft>directoriestories:
http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt


_______________________________________________
Cfrg mailing list
Cfrg@irtf.org
http://www.irtf.org/mailman/listinfo/cfrg