IETF Logo Mail Archive

Re: [CFRG] compact representation and HPKE

Billy Brumley <bbrumley@gmail.com> Tue, 16 February 2021 06:39 UTC

Return-Path: <bbrumley@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AF403A0E7E for <cfrg@ietfa.amsl.com>; Mon, 15 Feb 2021 22:39:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.099
X-Spam-Level:
X-Spam-Status: No, score=-7.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gm7LRkaoHiOv for <cfrg@ietfa.amsl.com>; Mon, 15 Feb 2021 22:39:43 -0800 (PST)
Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0BF3A3A0E7C for <cfrg@irtf.org>; Mon, 15 Feb 2021 22:39:42 -0800 (PST)
Received: by mail-wm1-x32e.google.com with SMTP id w4so8113024wmi.4 for <cfrg@irtf.org>; Mon, 15 Feb 2021 22:39:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :content-transfer-encoding; bh=esxFPqIwJZsI9h2Ymbnd5k2w82/K4E6+LjZoYAjvXh0=; b=EwkFg/MN5a5/42w0xwSWChjirIc712zkZj+9U1mYpu+uXXyHG6+J0skxjKQgow1Xb+ CUdNhjU8FL0usy534mayp4r0sW1soVkwvhN/d4096WiA96dCZeZPR4Yx1J2Gym8mT4qB /xiwvwHHjS8Vrur7m9UG1R48QVc4GMUztSOgNwtvbqrOlrsKexoCT78eUTUU+E/316n8 2ro0xuYmS3q/gswmiv8uIyGBNa9JyyQAPyo45yYAVJeqTup1CPG2MyyoHqdl3gP4pkjr 346QR6i1NvHW59kLJIlpYhzL3XOnwm17lK5P6DqCFTDk+SlnYtLfl5h2olIbj64wWPrf J77Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:content-transfer-encoding; bh=esxFPqIwJZsI9h2Ymbnd5k2w82/K4E6+LjZoYAjvXh0=; b=BVe3XeiB2QGQpGURVR0WaNRC0UYj7GkFNJE1auDsS/WCLEEKAJSSe9weNk8Fec9+xk EGQ4hjy3MEAHApJh8VTPLJSS5wiz1+PSg7ZB7UiYuMFTpWGA6g+gNS2nkx/e6E6bzPu0 oU/gQtjzmts4KnbQKNMUFeXteFhQN+3L24+WZyZJd0DVOZ4klVv8EDORt509JsqFEm50 2KUk2RFFKu/OQmj9J+dmUPJx5RAThGhTpLsg4WKAwJ26A6oFq189w0Kd8KEu2qDivpeb 22Aif17qOtw26ME9PY/Wxeauq/Z5IzUKISY9VTnFBDdZhlD0cmIOkQ/uVs0W3zgKmsbI TmrA==
X-Gm-Message-State: AOAM530ujv8UMXIyRj4QhWFc1vwaOz2yE+mz4Zrj8ckFH8vfvYeoDP7v sLvY03kVQTOUhknorwm6M+PHW+t+XRS4m4bfslYd3AM+/A==
X-Google-Smtp-Source: ABdhPJykKExcRhrbPwQV3ZtQv4cbEhj5WmzqzifsOAtCWq91YHvLNvEjw+QjDqhDRgcSUa3JZ5FkLJeX1EGg5hC2wp8=
X-Received: by 2002:a1c:7312:: with SMTP id d18mr1786169wmb.155.1613457581171; Mon, 15 Feb 2021 22:39:41 -0800 (PST)
MIME-Version: 1.0
References: <0fcfb0ed-249b-7cd3-09ba-ed1c73122383@lounge.org> <CABcZeBMGJQ7sAKovy3japXVVLWRB8ydpsDzZxhijvFCtXptsZQ@mail.gmail.com> <e19e3ca1-e209-40c6-82e3-24c6d330bff8@www.fastmail.com> <24202a57-0fff-1a56-480c-dfb59989ab8e@lounge.org> <D2A7FD5D-7261-4908-8675-3C7EE2626E8D@inria.fr> <CAL02cgRwrzVHShr3uSd6mkzo_2RULKCDzKBfLz-YxTizWq63_g@mail.gmail.com>
In-Reply-To: <CAL02cgRwrzVHShr3uSd6mkzo_2RULKCDzKBfLz-YxTizWq63_g@mail.gmail.com>
From: Billy Brumley <bbrumley@gmail.com>
Date: Tue, 16 Feb 2021 08:39:30 +0200
Message-ID: <CAFeDd5Z152yMCKHd8NK57KNGfajU4GuzA+u4tjtHaDVhKv0rVg@mail.gmail.com>
To: CFRG <cfrg@irtf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/pKoOtTLR2VSpV_WEL8_zY_aQSKE>
Subject: Re: [CFRG] compact representation and HPKE
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Feb 2021 06:39:44 -0000

> I think Karthik is on the right track here.  While the compact representation undoubtedly has its benefits, it seems like there is no disagreement that it is not widely supported in either standards or crypto libraries.  So there is a sizable community for whom a requirement to use the compact format would render HPKE unusable.

In the case of OpenSSL, I disagree.

If you (=application developer) are dealing with points directly in
OpenSSL, you are probably already doing it wrong.

Using the correct abstractions in OpenSSL, whether a "point" has 1, 2,
3, or 42 coordinates shouldn't matter. In fact when using the correct
abstraction in OpenSSL, you shouldn't know it's a point at all. Just a
byte string.

So I support this one, in the spirit of forward thinking, rather than
propagating ideas from two decades old standards

> (1) A technically superior approach (x-coordinate only)

I would suggest soliciting an opinion from the OpenSSL OTC before
making any decision based on perceived API difficulties.

My 2c, having never even read the HPKE draft.

BBB

v2.23.0 | Report a Bug | By Email