Re: [Cfrg] "Abandoning ECC" — Any replies to "A riddle wrapped in a curve"?
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 23 October 2015 04:27 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97BC91B2BF2 for <cfrg@ietfa.amsl.com>; Thu, 22 Oct 2015 21:27:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.978
X-Spam-Level:
X-Spam-Status: No, score=-0.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1VZ8fTPufUxw for <cfrg@ietfa.amsl.com>; Thu, 22 Oct 2015 21:27:28 -0700 (PDT)
Received: from mail-lf0-x22f.google.com (mail-lf0-x22f.google.com [IPv6:2a00:1450:4010:c07::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 591B21B2B98 for <cfrg@irtf.org>; Thu, 22 Oct 2015 21:27:28 -0700 (PDT)
Received: by lfaz124 with SMTP id z124so70469800lfa.1 for <cfrg@irtf.org>; Thu, 22 Oct 2015 21:27:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=NPGyjycLub2kqCPK2OeeqVAzPrZYMlD5PxoBzEdVzmk=; b=ViJRo7xFy9IGzLp8hDwF0JJjxyiBPHYm5aKvDutzlswIcJ2h3pnlU4RJdZHkoseJBc 0lwkEaBZG+B50ZMRuxPDi+ygw37ApBGL7qAboQ2CKxCciUvKe76If2b3mGU88fdr+4F0 2R3Ixgnf1v+Kf6eWVWrS8SBLiOy/eFnAtBkvAYXl6SBvCX34tEJjJsFAuj3QT4g03Ysw ItkZYDkz2MAZ8k03qZMe+UqIi5JcEsfzaZWQOqZD5Ut9gepoDB0d2q0mZ2XYLCFkvP69 LUykph/LmD1gnLq85N5jb04qXnqAxs4FyueIlheBkiSt7QJPaj+fmON2ttzXCbQVce7d a1vw==
MIME-Version: 1.0
X-Received: by 10.112.14.9 with SMTP id l9mr10243185lbc.91.1445574446385; Thu, 22 Oct 2015 21:27:26 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.213.75 with HTTP; Thu, 22 Oct 2015 21:27:25 -0700 (PDT)
In-Reply-To: <2A7031F3-0C0A-4C5F-A893-B63021CCAD16@taoeffect.com>
References: <95750F19-2233-4CE9-BD91-6B1AA0C91F16@taoeffect.com> <CAHOTMVJ2hoq5=Hh2tjGUWe3FGn-xX-gr5Gvn2h_RW8TwC3d8jA@mail.gmail.com> <2A7031F3-0C0A-4C5F-A893-B63021CCAD16@taoeffect.com>
Date: Fri, 23 Oct 2015 00:27:25 -0400
X-Google-Sender-Auth: boy8JDyV_fKv7fgP1lL9jC3IVt4
Message-ID: <CAMm+LwhJewu3ocOb+v+QyM5bwReaS-mQw2=aUmT2wTTDVxFeaw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Tao Effect <contact@taoeffect.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/oCJPN38-gyEh68Zc2W-WKPN0450>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] "Abandoning ECC" — Any replies to "A riddle wrapped in a curve"?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Oct 2015 04:27:29 -0000
On Fri, Oct 23, 2015 at 12:17 AM, Tao Effect <contact@taoeffect.com> wrote: > Hey Tony, > > Thanks very much, that was very well written. > > I am not sure why you are quoting the phrase "Abandoning ECC" in the subject > line of your email as it appears in neither the Matt Green blog post or the > Koblitz paper > > > I didn’t mean it as a direct quote, but rather I quoted it to … quote the > idea, the concept. To indicate, in other words, that I was not personally > advocating that such a thing be done. The original premise looks bogus to me. First off we have seen attacks that involve quite large numbers of weak keys. 1/2^48 is much smaller. More importantly, there might well be something about the enumeration attack that allows someone to construct a curve from a set of parameters that guarantee the desired property. Alternatively, they might be able to perform the attack on more than one candidate at once. Finally, don't make too many assumptions about 1990s computing capabilities available to the NSA and GCHQ.
- [Cfrg] "Abandoning ECC" — Any replies to "A riddl… Tao Effect
- Re: [Cfrg] "Abandoning ECC" — Any replies to "A r… Tony Arcieri
- Re: [Cfrg] "Abandoning ECC" — Any replies to "A r… Tao Effect
- Re: [Cfrg] "Abandoning ECC" — Any replies to "A r… Phillip Hallam-Baker
- Re: [Cfrg] "Abandoning ECC" — Any replies to "A r… Peter Gutmann
- Re: [Cfrg] "Abandoning ECC" ‹ Any replies to "A r… Paterson, Kenny