Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Consensus and a way forward]

Tanja Lange <tanja@hyperelliptic.org> Tue, 23 December 2014 01:54 UTC

Return-Path: <tanja@hyperelliptic.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51FBE1ACC8A for <cfrg@ietfa.amsl.com>; Mon, 22 Dec 2014 17:54:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.895
X-Spam-Level: **
X-Spam-Status: No, score=2.895 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 32UfGslT2iSi for <cfrg@ietfa.amsl.com>; Mon, 22 Dec 2014 17:54:28 -0800 (PST)
Received: from calvin.win.tue.nl (calvin.win.tue.nl [131.155.70.11]) by ietfa.amsl.com (Postfix) with SMTP id 78E4E1ACC84 for <cfrg@irtf.org>; Mon, 22 Dec 2014 17:54:28 -0800 (PST)
Received: (qmail 13075 invoked from network); 23 Dec 2014 01:54:46 -0000
Received: from pcdhz005.win.tue.nl (HELO hyperelliptic.org) (131.155.71.33) by calvin.win.tue.nl with SMTP; 23 Dec 2014 01:54:46 -0000
Received: (qmail 31207 invoked by uid 1000); 23 Dec 2014 01:54:30 -0000
Date: Tue, 23 Dec 2014 02:54:30 +0100
From: Tanja Lange <tanja@hyperelliptic.org>
To: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
Message-ID: <20141223015430.GC28778@cph.win.tue.nl>
References: <CA+Vbu7ye3bytMZ-j8pfZixrjF8irTOoWmRo_GwjB0LphwjXq+Q@mail.gmail.com> <20141202092847.29027.qmail@cr.yp.to> <CA+Vbu7yQoYf3ei3MADhJ1iV6BcuqVUmkg8SkQ4ud=8m7pz7AvQ@mail.gmail.com> <D0B0DC9F.39BD0%kenny.paterson@rhul.ac.uk> <CACsn0c=uyPT6xa4CsXPeAV31QeeO+HfsCXAxt7Ba6NOt_Y2hiA@mail.gmail.com> <CABqy+sr1T-VwQx1NaRA+xvnqVn7smjs2+YrG2Uz1Q+8M6c3hng@mail.gmail.com> <D0B8EDCF.3A504%kenny.paterson@rhul.ac.uk> <CACsn0cnkdjEPGZ5Q1Nm+6OZJVdoj6X-ksc0X_atavQ+610MkXA@mail.gmail.com> <D0B9A74B.3A60D%kenny.paterson@rhul.ac.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <D0B9A74B.3A60D%kenny.paterson@rhul.ac.uk>
User-Agent: Mutt/1.5.11
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/ojqiBSet-xCWvbnlMo2hXYzy46c
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] draft-black-rpgecc-00-.txt [was: Consensus and a way forward]
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Dec 2014 01:54:30 -0000

Dear Kenny,
This is a late reply to your reply to Watson. 

> >> >* Adoption of draft-black-rpgecc-00 would reward its authors, both by
> >> >  crediting them as authors of CFRG's resulting document and by giving
> >> >  them greater control over CFRG's product.  It is inappropriate for
> >> >  IETF to reward the authors of draft-black-rpgecc-00 for submitting a
> >> >  document to CFRG that they knew to be inferior to a previous
> >> >  submission.
> >>
> >> This is not about rewards. It's about meeting the request of the TLS WG.
> >> And I contend that it's not inferior to
> >> draft-turner-thecurve25519function-01,
> >> but a different beast entirely.
> >
> >Which one is closer to meeting the express desires of the TLS WG? The
> >TLS WG does not want a generation method, but rather new curves. And
> >they don't want new "curves" but rather want us to do the hard work of
> >specifying a better mechanism. We've already ruled out random primes,
> >and short Weierstrass cofactor 1, in some cases in the face of
> >determined opposition. What's so special about the minority holding
> >out for slow choices of c that we need to appease them also?
> 
> I don't think it's really a minority - things seem more balanced than that
> to me, based on my reading of the list.
> 
> A minute ago you said that it was not hard work to specify multiple curves
> and algorithms - just a matter of changing some constants! If that's the
> case, then great, I'd hope you'd get involved in developing
> draft-black-rpgecc-00-.txt and help do that work there, to turn it into
> what you think we need to deliver.
> 
To me this sounds like an ideal moment to follow through on the plans
made earlier. Is there a final requirements list? Is there a date when
the list of curves to evaluate will be stable? What will be the deadline
for comparing performance of arithmetic in different prime fields and
comparing performance of arithmetic on different curve shapes? What
will be the deadline for quantifying wiggle room in generation
procedures?

We will not get optimal results by tweaking one meta proposal when 
creating a meta proposal was not the original mission and there has 
been very little discussion about requirements for meta proposals
while we discussed requirements for curves. We will not receive 
transparency by engaging in horse trading.

'Compromise' is a word that should be banned from this discussion; we
already have (potentially) compromised curves!

> I'd be grateful if the folks from the MGN team could say more on the list
> why they chose this particular prime, and give some insight into the
> performance impact of choosing it over near neighbours such as 2^389-21.
> 
> Others should chime in too - for example, people should feel free to
> repeat performance numbers from earlier in our discussions (they are out
> there in the archive somewhere!).
> 
> Please let's collaborate and see if we can swiftly resolve whether there
> is a significant performance impact or not.
> 
I think a competition has more to offer than a 'collaboration' where 
parties get more influence by having more people send emails to the list.
What should count are the merits of papers, implementations, and internet 
drafts so that proposals get more influence by being objectively better.

So, I would very much like to support what Kenny said:
> Let's get past instinct to hard numbers.
> 
... but I think this needs clear requirements, deadlines etc.

	Tanja