Re: [Cfrg] Curve manipulation, revisited
Adam Langley <agl@imperialviolet.org> Sat, 27 December 2014 09:38 UTC
Return-Path: <alangley@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BEA21AD4B4 for <cfrg@ietfa.amsl.com>; Sat, 27 Dec 2014 01:38:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JjEbUOGFjA6z for <cfrg@ietfa.amsl.com>; Sat, 27 Dec 2014 01:38:11 -0800 (PST)
Received: from mail-la0-x22e.google.com (mail-la0-x22e.google.com [IPv6:2a00:1450:4010:c03::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0ABE1AD4B3 for <cfrg@irtf.org>; Sat, 27 Dec 2014 01:38:10 -0800 (PST)
Received: by mail-la0-f46.google.com with SMTP id q1so9544083lam.19 for <cfrg@irtf.org>; Sat, 27 Dec 2014 01:38:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=VesJ6NWbrNLM4TNVSReV5B4y5P3Hr1/G9KbSIJm9ymM=; b=Vin2G2XNGxvK6W8fxtMOnwNf+AdbodZBUIo+FvPapcKAesHdmID8tG+hHl6ugMePhC h2UGsHmyc/rEOC7FuOEv7thQqRBvFfMsYy1NG3fa3DmYyJLht+gVWLWfssfbMG16suxG CPQz8J9pUUgt4ytMY79Bab83dVo9zGjCOR8Q7D6/yzBv+gk3bPa4FxhdTH1iXhbXBQ4z 66qdsRbKsgdPrcmJu8xOj4GR7/iX7/S16RaEb+1cjl6U06sdBnEE7gJiUnc3gq40neSM xRgmSwC+ng7ATTEz5fSVn0GlhgVvAiq7GfUUnTzCJHKTUWEXivOrn2Lcuaj81b/eqmGK ryAA==
MIME-Version: 1.0
X-Received: by 10.112.125.202 with SMTP id ms10mr9530156lbb.33.1419673088880; Sat, 27 Dec 2014 01:38:08 -0800 (PST)
Sender: alangley@gmail.com
Received: by 10.112.114.225 with HTTP; Sat, 27 Dec 2014 01:38:08 -0800 (PST)
In-Reply-To: <1223557431.954984.1419630657780.JavaMail.yahoo@jws100194.mail.ne1.yahoo.com>
References: <1223557431.954984.1419630657780.JavaMail.yahoo@jws100194.mail.ne1.yahoo.com>
Date: Sat, 27 Dec 2014 01:38:08 -0800
X-Google-Sender-Auth: NkbGwihlL7rByYM2z4VJw1h8ONg
Message-ID: <CAMfhd9UKM1gKrsq7voKyZwUGv+ix3pX+p_Y7soeyjqtCj15EPA@mail.gmail.com>
From: Adam Langley <agl@imperialviolet.org>
To: David Gil <dgil@yahoo-inc.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/lKMurDUMzlUgfytkLXteYIDfISY
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Curve manipulation, revisited
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Dec 2014 09:38:12 -0000
On Fri, Dec 26, 2014 at 1:50 PM, David Gil <dgil@yahoo-inc.com> wrote: > I assume that you mean finite fields, not curves? > > (This would seem to be just as good of an argument for generating > Edwards curves over the Salinas primes, which are rather widely > implemented...) Sharing the underlying field certainly helps reduce implementation effort, but there's still lots more work than that, including all of the duplication of test cases that inherently comes from each additional curve. (Not to mention that I consider the Salinas primes to be a bug-magnet to such an extent that replacing the field in that case would probably still be a net-positive for correctness.) > Alas, no, I don't have that advantage: WebCrypto [has more-or-less > decided][w3c_curves] that they will only implement CFRG-recommended > curves. I need WebCrypto support -- for non-extractable keys. > But I also need to have something that is relatively clean to > implement in JS, for support of legacy-ish browsers. I would currently expect Chrome to be in the "legacy" set if you want WebCrypto support for a larger CFRG curve. Cheers AGL
- [Cfrg] Curve manipulation, revisited D. J. Bernstein
- Re: [Cfrg] Curve manipulation, revisited Adam Langley
- Re: [Cfrg] Curve manipulation, revisited Watson Ladd
- Re: [Cfrg] Curve manipulation, revisited David Gil
- Re: [Cfrg] Curve manipulation, revisited Adam Langley
- Re: [Cfrg] Curve manipulation, revisited Salz, Rich
- Re: [Cfrg] Curve manipulation, revisited David Gil
- Re: [Cfrg] Curve manipulation, revisited Adam Langley
- Re: [Cfrg] Curve manipulation, revisited David Gil
- Re: [Cfrg] Curve manipulation, revisited Adam Langley
- Re: [Cfrg] Curve manipulation, revisited Alyssa Rowan
- Re: [Cfrg] Curve manipulation, revisited Benjamin Black
- Re: [Cfrg] Curve manipulation, revisited Salz, Rich
- Re: [Cfrg] Curve manipulation, revisited Adam Langley
- Re: [Cfrg] Curve manipulation, revisited Watson Ladd
- Re: [Cfrg] Curve manipulation, revisited Yoav Nir
- Re: [Cfrg] Curve manipulation, revisited Benjamin Black
- Re: [Cfrg] Curve manipulation, revisited Benjamin Black
- Re: [Cfrg] Curve manipulation, revisited Salz, Rich
- Re: [Cfrg] Curve manipulation, revisited Michael Hamburg
- Re: [Cfrg] Curve manipulation, revisited Yoav Nir
- Re: [Cfrg] Curve manipulation, revisited Salz, Rich
- Re: [Cfrg] Curve manipulation, revisited Benjamin Black
- Re: [Cfrg] Curve manipulation, revisited Benjamin Black
- Re: [Cfrg] Curve manipulation, revisited Salz, Rich
- Re: [Cfrg] Curve manipulation, revisited Watson Ladd
- Re: [Cfrg] Curve manipulation, revisited Yoav Nir
- Re: [Cfrg] Curve manipulation, revisited Watson Ladd
- Re: [Cfrg] Curve manipulation, revisited Benjamin Black
- Re: [Cfrg] Curve manipulation, revisited Mike Hamburg
- Re: [Cfrg] Curve manipulation, revisited Benjamin Black
- Re: [Cfrg] Curve manipulation, revisited Rob Stradling
- Re: [Cfrg] Curve manipulation, revisited Salz, Rich
- Re: [Cfrg] Curve manipulation, revisited Benjamin Black
- Re: [Cfrg] Curve manipulation, revisited Tony Arcieri
- Re: [Cfrg] Curve manipulation, revisited Adam Langley
- Re: [Cfrg] Curve manipulation, revisited Rob Stradling
- Re: [Cfrg] Curve manipulation, revisited Watson Ladd
- Re: [Cfrg] Curve manipulation, revisited Salz, Rich
- Re: [Cfrg] Curve manipulation, revisited Paul Hoffman
- Re: [Cfrg] Curve manipulation, revisited Nico Williams
- Re: [Cfrg] Curve manipulation, revisited Watson Ladd
- Re: [Cfrg] Curve manipulation, revisited Salz, Rich
- Re: [Cfrg] Curve manipulation, revisited Paul Hoffman
- Re: [Cfrg] Curve manipulation, revisited Alyssa Rowan
- Re: [Cfrg] Curve manipulation, revisited Peter Dettman
- Re: [Cfrg] Curve manipulation, revisited Harry Halpin
- Re: [Cfrg] Curve manipulation, revisited Michael Hamburg
- Re: [Cfrg] Curve manipulation, revisited Peter Dettman