IETF Logo Mail Archive

Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve25519function-00.txt

Paul Lambert <paul@marvell.com> Wed, 30 July 2014 18:50 UTC

Return-Path: <paul@marvell.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CA061A032E for <cfrg@ietfa.amsl.com>; Wed, 30 Jul 2014 11:50:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.266
X-Spam-Level:
X-Spam-Status: No, score=-2.266 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2_PFHXJDQ0qB for <cfrg@ietfa.amsl.com>; Wed, 30 Jul 2014 11:50:30 -0700 (PDT)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 269771A0190 for <cfrg@irtf.org>; Wed, 30 Jul 2014 11:50:30 -0700 (PDT)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.14.5/8.14.5) with SMTP id s6UIoOfX001660; Wed, 30 Jul 2014 11:50:24 -0700
Received: from sc-owa04.marvell.com ([199.233.58.150]) by mx0b-0016f401.pphosted.com with ESMTP id 1nenh8k97f-3 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 30 Jul 2014 11:50:24 -0700
Received: from SC-vEXCH2.marvell.com ([10.93.76.134]) by SC-OWA04.marvell.com ([fe80::e56e:83a7:9eef:b5a1%16]) with mapi; Wed, 30 Jul 2014 11:50:23 -0700
From: Paul Lambert <paul@marvell.com>
To: Benjamin Black <b@b3k.us>, Phillip Hallam-Baker <phill@hallambaker.com>
Date: Wed, 30 Jul 2014 11:50:20 -0700
Thread-Topic: [Cfrg] Fwd: I-D Action: draft-turner-thecurve25519function-00.txt
Thread-Index: Ac+sJx3tPQ8w5eYuQ52UwOwt8TyhPg==
Message-ID: <CFFE8B84.478D8%paul@marvell.com>
References: <20140729195926.2156.45746.idtracker@ietfa.amsl.com> <0D69E8E1-336C-4884-A87F-7656432AEB15@ieca.com> <m2bns6yb5u.wl%randy@psg.com> <CAMm+LwhKvb1Yf=PM5r8dZmFp+xB68OMaN41AooHS5vRfTyMSGw@mail.gmail.com> <CA+Vbu7xLjdPzN-0OUdbwiqCNUx00d6+pMBhePjBaFo0YL1Q7cg@mail.gmail.com>
In-Reply-To: <CA+Vbu7xLjdPzN-0OUdbwiqCNUx00d6+pMBhePjBaFo0YL1Q7cg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.3.140616
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_CFFE8B84478D8paulmarvellcom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.12.52, 1.0.14, 0.0.0000 definitions=2014-07-30_07:2014-07-30,2014-07-30,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1407300220
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/pdC9tjOUE6XjmfqGlF8JtRqdlLQ
Cc: Sean Turner <TurnerS@ieca.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Fwd: I-D Action: draft-turner-thecurve25519function-00.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jul 2014 18:50:33 -0000

On Wed, Jul 30, 2014 at 11:16 AM, Phillip Hallam-Baker <phill@hallambaker.com<mailto:phill@hallambaker.com>> wrote:
On Wed, Jul 30, 2014 at 2:05 PM, Randy Bush <randy@psg.com<mailto:randy@psg.com>> wrote:
> sean, we also need signatures.  would you consider adding ed25519 to
> this draft or doing a parallel draft?
+1

We do need signatures, but do we need curve 25519 signatures?


Using the same curve across kx and signatures simplifies specification, implementation, and deployment.
Yes!


RSA allows one key to be used for encryption and signature easily. But
that is still terrible security practice.
Not always.  First, using the same curve could be with different keys.
Option should also be allowed to have same key support key establishment
and signatures.  There are improvements in protocol design/usability that are possible.

Paul




I don't see how this is relevant to using the same curves in different algorithms.

Looking through the sets of requirements we have, a curve optimized
for encryption may not be best for signatures. And writing up how to
do signatures from a curve is non-trivial (unless its 'do DSA with
this curve')


Specific to Randy's request, EdDSA is specified in the same paper as ed25519.

Given that the EC keys are short, we could have a combined 'encryption
and signature' certificate  but with different curves for each one.


The discussion is about using the same curves in different algorithms. Curves are not keys.


b

v2.23.0 | Report a Bug | By Email