Re: [Cfrg] ECC mod 8^91+5

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sat, 21 October 2017 22:18 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 278EF1337FD for <cfrg@ietfa.amsl.com>; Sat, 21 Oct 2017 15:18:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.401
X-Spam-Level:
X-Spam-Status: No, score=-1.401 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, GB_AFFORDABLE=1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zrpSUntItGEj for <cfrg@ietfa.amsl.com>; Sat, 21 Oct 2017 15:18:39 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5341513371A for <cfrg@irtf.org>; Sat, 21 Oct 2017 15:18:38 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id E1704BED9; Sat, 21 Oct 2017 23:18:36 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7z1PZoPbT180; Sat, 21 Oct 2017 23:18:33 +0100 (IST)
Received: from [10.244.2.100] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id E09BCBED6; Sat, 21 Oct 2017 23:18:32 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1508624313; bh=IvguoDSccCAv9OYgMs5qTwb0JhW+NDRL8LGTaFGSbSw=; h=Subject:To:References:From:Date:In-Reply-To:From; b=j8iiYGG4t4lhg5PIcJ8BgKB6quV27mvp7NdHpqHAi0YiAOsCp+wzb6dJKgwRIkphk RCQIkyhlDYpYeqAb0AUvlaYKhB8KWvux1gCPyv3krX+G5/awuPSazkeNvFnpEaVRUW 3OZHjefbyNPvPnXoRzsik2cQeEbvwJcTv2GkKouY=
To: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>, "cfrg@irtf.org" <cfrg@irtf.org>
References: <D6114263.A22F9%kenny.paterson@rhul.ac.uk>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <7de7999a-97ec-8ea7-6abb-69b18c784374@cs.tcd.ie>
Date: Sat, 21 Oct 2017 23:18:31 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <D6114263.A22F9%kenny.paterson@rhul.ac.uk>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="F6BNA42lG8aaSe81Gj6VE55xJKFbirCn9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/lnS8Bk4CN94aZC_XOjL4Zo4yKVk>
Subject: Re: [Cfrg] ECC mod 8^91+5
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Oct 2017 22:18:42 -0000

I'd have no objection to CFRG producing an RFC for
this, if there is support. I don't support doing so
myself, but if the RG do go ahead with that I would
really hope that the resulting RFC is clearly cast
as not being as "preferred" as the curves already
documented.

If additional curves were to be documented by CFRG
without such distinctions, then I would object to
that on the grounds that the inevitable confusion
arising would devalue CFRG for the IETF at least.

So, while I'm not qualified wrt the crypt details
myself, I'd prefer to not see this adopted. If it
is adopted, I'd strongly argue that it be flagged
as being less preferred vs. the currently documented
curves.

S.

On 21/10/17 18:28, Paterson, Kenny wrote:
> Dear CFRG,
> 
> Dan has specifically asked for CFRG adoption of his draft. Any support for
> this from the group?
> 
> Cheers,
> 
> Kenny 
> 
> On 16/10/2017 16:08, "Cfrg on behalf of Dan Brown" <cfrg-bounces@irtf.org
> on behalf of danibrown@blackberry.com> wrote:
> 
>> Hi CFRG,
>>
>> For those still interested, I've uploaded an Internet-Draft on ECC on
>> 2y^2=x^3+x/GF(8^91+5):
>>
>> https://tools.ietf.org/html/draft-brown-ec-2y2-x3-x-mod-8-to-91-plus-5-00
>> https://datatracker.ietf.org/doc/draft-brown-ec-2y2-x3-x-mod-8-to-91-plus-
>> 5/
>>
>> It is very much a work-in-progress, maybe more so than a typical I-D.
>>
>> If I have incorporated some CFRG list comments into the draft, then I
>> hope to properly acknowledge in the next update.
>>
>> The main point of this curve is to use it in a system of multiply-applied
>> diverse crypto, where its security features (special CM curve, minimal
>> room for trapdoor) could complement those of other crypto algorithms
>> (including PQC and other ECC algorithms).  Using this variant of ECC as
>> the sole (PK) crypto would be risky (due to lack of
>> track-record/aegis/scrutiny/etc.).
>>
>> If the IETF and CFRG intend to generally pursue and encourage support of
>> multiply-applied diverse crypto, at least where it is affordable (in the
>> higher user-to-user network layers?), then I would ask the CFRG to
>> consider this I-D as a work item.  Otherwise, maybe this I-D should stay
>> on the individual submission stream.
>>
>> Best regards,
>>
>> Dan
>>
>> -----Original Message-----
>> From: Dan Brown 
>> Sent: Tuesday, May 16, 2017 1:36 PM
>> To: cfrg@irtf.org
>> Subject: ECC mod 8^91+5
>>
>> Hi all,
>>
>> I'm considering writing an I-D on doing ECC over the field of size
>>   8^91+5    (=2^273+5),
>> because it:
>> ...
>>
>> For ECC with this field, I am also considering the special curve
>>   2y^2=x^3+x,
>> because it:
>> ...
>>
>>
>>
>> _______________________________________________
>> Cfrg mailing list
>> Cfrg@irtf.org
>> https://www.irtf.org/mailman/listinfo/cfrg
> 
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>