Re: [Cfrg] [saag] A proposal for compact representation of an elliptic curve point (ECC point compression)
Rene Struik <rstruik.ext@gmail.com> Wed, 12 December 2012 14:17 UTC
Return-Path: <rstruik.ext@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F48821F861D for <cfrg@ietfa.amsl.com>; Wed, 12 Dec 2012 06:17:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bOMT1cKAHnLU for <cfrg@ietfa.amsl.com>; Wed, 12 Dec 2012 06:17:23 -0800 (PST)
Received: from mail-ia0-f173.google.com (mail-ia0-f173.google.com [209.85.210.173]) by ietfa.amsl.com (Postfix) with ESMTP id 10C1F21F8A38 for <cfrg@irtf.org>; Wed, 12 Dec 2012 06:17:23 -0800 (PST)
Received: by mail-ia0-f173.google.com with SMTP id w21so929241iac.32 for <cfrg@irtf.org>; Wed, 12 Dec 2012 06:17:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=L2ncPzH57WVqzbmXY/27Cbx1PZyk6WS0u39QrRgUeRw=; b=wNBuFaenznZLOcgOUfzM6U2GaSoe4XcuiokJtSC0hUdCnn3+lPwdoLGi8ymOjOfp6y d5yCT6yqhC7bqsKVelCbX500Y3w4FrXV9qr2LQ230lgz84CT53WQEtfYHWJa9d2Xg/rT mlggK40tuOeL2r7SQ8dwbCgHu3OFuCOuhsLypn345V21VEFg2xn5y8Dwrva2y7jKyhFX B7AGwXtu/foiefMA+1FcpcA/Zmc92cPf7t6nEKzHaPJksveUopC8K6rkJfW5DHY6YPMG ubN2Gi9XuElu60GcRG1yMl5exfAGCEmTMOWOV9A4tPO2JbxEdIazoRgAYs4zLB1HZxVc HNZw==
Received: by 10.50.33.147 with SMTP id r19mr13461385igi.73.1355321842136; Wed, 12 Dec 2012 06:17:22 -0800 (PST)
Received: from [192.168.1.103] (CPE0013100e2c51-CM001cea35caa6.cpe.net.cable.rogers.com. [99.231.4.27]) by mx.google.com with ESMTPS id wg2sm1853537igb.13.2012.12.12.06.17.21 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 12 Dec 2012 06:17:21 -0800 (PST)
Message-ID: <50C891E7.4000009@gmail.com>
Date: Wed, 12 Dec 2012 09:17:11 -0500
From: Rene Struik <rstruik.ext@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: Andrey Jivsov <openpgp@brainhub.org>
References: <E1TiZ2u-0004cU-P0@login01.fos.auckland.ac.nz> <50C7C3AC.7010405@brainhub.org>
In-Reply-To: <50C7C3AC.7010405@brainhub.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: cfrg@irtf.org, saag@ietf.org, Peter Gutmann <pgut001@cs.auckland.ac.nz>
Subject: Re: [Cfrg] [saag] A proposal for compact representation of an elliptic curve point (ECC point compression)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Dec 2012 14:17:24 -0000
Hi Andrey: One can already implement the x-coordinate only representation of an elliptic curve point simply by converting the affine representation into compressed representation and randomizing the compression "bit". The reverse operation then yields the point or its inverse (which have the same x-coordinate). To my knowledge, this does not require any changes to data formatting (nor additional bytes). Best regards, Rene On 12/11/2012 6:37 PM, Andrey Jivsov wrote: > On 12/11/2012 03:15 PM, Peter Gutmann wrote: >> Andrey Jivsov <openpgp@brainhub.org> writes: >> >>> I thought that it would be useful for the Internet community to have >>> an IETF >>> document that describes how to encode an ECC point. >> >> Maybe I'm missing something here, but wouldn't this just consist of: >> >> -- Snip -- >> >> See [1]. >> >> [1] X9.62-2005, "Public Key Cryptography for the Financial Services >> Industry: >> The Elliptic Curve Digital Signature Standard (ECDSA)", November, 2005. >> >> -- Snip -- >> >> That's what every existing RFC that uses ECC seems to be using. >> >> Peter. >> > > Hello Peter. > > "X9.62-2005" in the search engine lends me on a page that asks for > $100. I think http://www.secg.org/collateral/sec1_final.pdf [SEC1] is > more popular as a reference (assuming they are identical regarding the > point compression method). > > I claim that what I submitted is better in many respects than SEC1. > > Let me expand on one of the benefits not covered in the spec. It's > very likely that an employee of a commercial company thinking about > using [SEC1] compression with any ECC method would get an order from > the legal department to stay away from compression. The fact that > somebody on the Internet posted something to the contrary has little > weight for them. My contribution is an attempt towards a compact > representation that is actually usable in practice. It's the most > direct extension to the 1985 idea by [Miller] (see my document for > details). > > Thank you. > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag -- email: rstruik.ext@gmail.com | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
- Re: [Cfrg] [saag] A proposal for compact represen… Rene Struik
- Re: [Cfrg] [saag] A proposal for compact represen… Scott Fluhrer (sfluhrer)
- Re: [Cfrg] [saag] A proposal for compact represen… Dan Brown
- Re: [Cfrg] [saag] A proposal for compact represen… Russ Housley
- Re: [Cfrg] [saag] A proposal for compact represen… Rene Struik
- Re: [Cfrg] [saag] A proposal for compact represen… Scott Fluhrer (sfluhrer)
- Re: [Cfrg] [saag] A proposal for compact represen… Vadym Fedyukovych