Re: [Cfrg] Safecurves draft
Watson Ladd <watsonbladd@gmail.com> Thu, 09 January 2014 00:58 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44B751ADEA0 for <cfrg@ietfa.amsl.com>; Wed, 8 Jan 2014 16:58:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 51dMo_tMRB01 for <cfrg@ietfa.amsl.com>; Wed, 8 Jan 2014 16:58:34 -0800 (PST)
Received: from mail-wi0-x236.google.com (mail-wi0-x236.google.com [IPv6:2a00:1450:400c:c05::236]) by ietfa.amsl.com (Postfix) with ESMTP id 987A61AD9AB for <cfrg@irtf.org>; Wed, 8 Jan 2014 16:58:34 -0800 (PST)
Received: by mail-wi0-f182.google.com with SMTP id en1so2844579wid.9 for <cfrg@irtf.org>; Wed, 08 Jan 2014 16:58:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=E3b9yuMe+H/JiwtjEztpkBWrLhiy8pgqsfnk4Qmrlbg=; b=NY7uSANdYru+MYDTBKYSzV+yD58Oes64u7FX1Ww9EeiZ4atgfzrN2r7VQxkW8OLt5v 5qLhj03XaDaqxwsb3g7lpHHVXq47lrnlJ89iaUC56a9a0J7h0LIxRXZDNk6sOwEgyG7J 2bHhBpf/oKVTQttuMEij7kvMrl9hJrn3CDZxa1xTy6eG7eohxiW97SYK+4esBGB2GPv/ blMDUjDe4ZP23AqrhmpgPMRQ1hXINWDoFnZZT8PPwxJP1jZBfQ1in9bEEyztOY+vQp/V 0zDLYtCRcSorUTCkwIHoXw/+s7ae1RJcAMeqjMatfpoP0sf3pNUqSyRJX3Qndd39JiGi Pdcw==
MIME-Version: 1.0
X-Received: by 10.194.187.101 with SMTP id fr5mr178532wjc.76.1389229104743; Wed, 08 Jan 2014 16:58:24 -0800 (PST)
Received: by 10.194.242.131 with HTTP; Wed, 8 Jan 2014 16:58:24 -0800 (PST)
In-Reply-To: <7BAC95F5A7E67643AAFB2C31BEE662D018B7ED700E@SC-VEXCH2.marvell.com>
References: <CACsn0cmPj-=bfwCLJXvHSbOS_U5AfZH2vTWfrVsXwOXF4Y9hcg@mail.gmail.com> <52CD8931.9050909@cs.tcd.ie> <CACsn0ck8Vh1t1CKCYy06X0ifW2HYZzB3RXEaQ8f1hF5JhSXFfQ@mail.gmail.com> <e36cdd6ad77b7fcdd7ede78142abf004.squirrel@www.trepanning.net> <7BAC95F5A7E67643AAFB2C31BEE662D018B7ED6F89@SC-VEXCH2.marvell.com> <CACsn0ckY0-k2ajX5W+pesVuBSTDoBcfOB2M-Rp2cZvStbU8MbA@mail.gmail.com> <7BAC95F5A7E67643AAFB2C31BEE662D018B7ED700E@SC-VEXCH2.marvell.com>
Date: Wed, 08 Jan 2014 16:58:24 -0800
Message-ID: <CACsn0cnYeFw+PngYVc2aop0CgAHe3xZ-9cf-QGW-L6XM2SUG_Q@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Paul Lambert <paul@marvell.com>
Content-Type: text/plain; charset="UTF-8"
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Safecurves draft
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jan 2014 00:58:36 -0000
On Wed, Jan 8, 2014 at 4:30 PM, Paul Lambert <paul@marvell.com> wrote: >> > You should also look at: RFC 6090 >> > The math for Small Wierstrass curves is defined well - you need the >> > equivalent of >> > 6090 for Edwards curves. Do note the authors of this excellent RFC >> > Include both chairs of this list. >> >> First, is this advising me on next steps, or is it an objection to the >> draft? > Next steps. I'm very supportive of the inclusion of these curves into the main stream. > >> The group is [l]Jac(E(F_q)). There, done. In fact, this is in the >> introduction. >> The equivalent to RFC 6090 is the Bernstein paper on addition on >> Edwards (and twisted Edwards curves). >> It's readily available. If you want to reformat it as an I-D, go right >> ahead. > Academic papers are not appropriate directly. Clear and concise algorithm > descriptions and guidelines are required. But the explicit formulas aren't actually required for intereop. I'll put them as informational because it took me a few minutes to write them down in the draft, and I don't mind that much. We don't define how TCP clients should maintain the buffer of sent information efficiently, or how routers should maintain the routing tables. OSPF doesn't explain how to maintain a binomial heap. This sort of information might belong in an RFC. But its lack doesn't make a standard insufficient. Anyway, this is totally immaterial: the next version, which fixes some typos, adds E-521, and removes a badly designed curve (secure but slow), adds in a section explaining the formulas will hit the RFC editor some time next week: I want to collect more comments and resolve them. Take a good look for typos: that's what can really mess this whole thing up. Anyway, once I get the next version up, I think we'll pretty much be ready on this, assuming no major dealbreakers appear. > > >> >> Is it really that bad to have the EFD get cited for the formulas, or to >> advise implementers to read Handbook of Elliptic and Hyperelliptic >> Curve Cryptography? > Yes. They are not standards. They are not always precise and subject to > Interpretation and bad implementation. > They are not complete ... Dan's point about OIDs and the like required > to actually use the curves. One of the big obstacles to the curves you mentioned was the lack of vetting. That's gone now: you can point to it in an RFC when this gets published. As a result when it comes to designing or revising old standards, it won't be harder than putting any other curve now. I'm very much against protocol design that involves lots of options: I like these curves because they have great implementations with liberal licensing available now. You can use these curves today with just a choice of big or little endian, and software that sets speed records. Adding in the apparatus in each protocol is obviously going to take longer, depending on how bad the protocol is to work with. But I don't think CFRG is the right place for that. > > > > Paul -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
- [Cfrg] Safecurves draft Watson Ladd
- Re: [Cfrg] Safecurves draft Stephen Farrell
- Re: [Cfrg] Safecurves draft Watson Ladd
- Re: [Cfrg] Safecurves draft Manuel Pégourié-Gonnard
- Re: [Cfrg] Safecurves draft Watson Ladd
- Re: [Cfrg] Safecurves draft Manuel Pégourié-Gonnard
- Re: [Cfrg] Safecurves draft Dan Harkins
- Re: [Cfrg] Safecurves draft Manuel Pégourié-Gonnard
- Re: [Cfrg] Safecurves draft Paul Lambert
- Re: [Cfrg] Safecurves draft Watson Ladd
- Re: [Cfrg] Safecurves draft Alyssa Rowan
- Re: [Cfrg] Safecurves draft Stephen Farrell
- Re: [Cfrg] Safecurves draft Alyssa Rowan
- Re: [Cfrg] Safecurves draft Stephen Farrell
- Re: [Cfrg] Safecurves draft Watson Ladd
- Re: [Cfrg] Safecurves draft Paul Lambert
- Re: [Cfrg] Safecurves draft Watson Ladd
- Re: [Cfrg] Safecurves draft Paul Lambert
- Re: [Cfrg] Safecurves draft Isaac Chua
- Re: [Cfrg] Safecurves draft Dan Brown
- Re: [Cfrg] Safecurves draft Manuel Pégourié-Gonnard
- [Cfrg] Fwd: Re: Safecurves draft Alyssa Rowan
- Re: [Cfrg] Fwd: Re: Safecurves draft Manuel Pégourié-Gonnard
- Re: [Cfrg] Safecurves draft Adam Back
- Re: [Cfrg] Fwd: Re: Safecurves draft Robert Ransom
- Re: [Cfrg] Fwd: Re: Safecurves draft Manuel Pégourié-Gonnard
- Re: [Cfrg] Safecurves draft Johannes Merkle
- Re: [Cfrg] Safecurves draft Bodo Moeller
- Re: [Cfrg] Safecurves draft Robert Ransom
- Re: [Cfrg] Safecurves draft Bodo Moeller
- Re: [Cfrg] Safecurves draft Robert Ransom
- Re: [Cfrg] Safecurves draft Bodo Moeller
- Re: [Cfrg] Fwd: Re: Safecurves draft Robert Ransom
- Re: [Cfrg] Safecurves draft Mike Hamburg
- Re: [Cfrg] Safecurves draft Watson Ladd
- Re: [Cfrg] Safecurves draft Jon Callas
- Re: [Cfrg] Safecurves draft Paul Lambert
- Re: [Cfrg] Safecurves draft Paul Lambert
- Re: [Cfrg] Safecurves draft Watson Ladd
- Re: [Cfrg] Safecurves draft Bodo Moeller
- Re: [Cfrg] Fwd: Re: Safecurves draft Manuel Pégourié-Gonnard
- Re: [Cfrg] Safecurves draft Robert Ransom
- Re: [Cfrg] Fwd: Re: Safecurves draft Robert Ransom