Re: [Cfrg] I-D Action: draft-irtf-cfrg-hash-to-curve-04.txt

Björn Haase <bjoern.haase@endress.com> Tue, 16 July 2019 13:36 UTC

Return-Path: <bjoern.haase@endress.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7BC9120408 for <cfrg@ietfa.amsl.com>; Tue, 16 Jul 2019 06:36:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.001, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=endress.com header.b=MUJY1YRL; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=endress.com header.b=J5e99zSR
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pJPGs28lA164 for <cfrg@ietfa.amsl.com>; Tue, 16 Jul 2019 06:36:43 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30082.outbound.protection.outlook.com [40.107.3.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8CD0412018C for <cfrg@irtf.org>; Tue, 16 Jul 2019 06:36:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=endress.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=B5k29GbMDOPXTB6RINQvxmb88OB4gjhoV9V9rm4FzSY=; b=MUJY1YRLLKyyWInxOvmGnINj6Mw6DS7ThMpO+LIWJbszYn7hMVZbkMEDp31SnOBHa5S+TuBVG6tYbNiXImpXbXcCSEoD9lwEfmzJtp9cbmyIodUojnWmst5N8punIACsyNRb4jZ+U4/tjkRMcQFGjQKsiQgCCj2edGeDSxBGUCU=
Received: from AM3PR05CA0089.eurprd05.prod.outlook.com (2603:10a6:207:1::15) by AM0PR05MB5233.eurprd05.prod.outlook.com (2603:10a6:208:e9::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2073.14; Tue, 16 Jul 2019 13:36:40 +0000
Received: from AM5EUR03FT010.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e08::209) by AM3PR05CA0089.outlook.office365.com (2603:10a6:207:1::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2073.11 via Frontend Transport; Tue, 16 Jul 2019 13:36:40 +0000
Authentication-Results: spf=pass (sender IP is 40.68.44.165) smtp.mailfrom=endress.com; irtf.org; dkim=fail (body hash did not verify) header.d=endress.com;irtf.org; dmarc=pass action=none header.from=endress.com;
Received-SPF: Pass (protection.outlook.com: domain of endress.com designates 40.68.44.165 as permitted sender) receiver=protection.outlook.com; client-ip=40.68.44.165; helo=iqsuite.endress.com;
Received: from iqsuite.endress.com (40.68.44.165) by AM5EUR03FT010.mail.protection.outlook.com (10.152.16.134) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2052.18 via Frontend Transport; Tue, 16 Jul 2019 13:36:39 +0000
Received: from mail pickup service by iqsuite.endress.com with Microsoft SMTPSVC; Tue, 16 Jul 2019 15:36:39 +0200
Received: from EUR01-HE1-obe.outbound.protection.outlook.com ([104.47.0.51]) by iqsuite.endress.com over TLS secured channel with Microsoft SMTPSVC(8.5.9600.16384); Tue, 16 Jul 2019 15:36:38 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BRjsfCZPVVWO4AF7SjhuWt4F7bL7mSCHD7CffzorMm/B3DzE1HU+s8kl1e3fGCmMqVNz43Gg+UF/51v1NS0SqGHp6wZvZD0DN7eSognDN1AOcVJuhJ1S9CHaV+6fRdBwJZkMtVDafFm9F6iTX6ov9rPcEqmwooN34X5z2Sz8lzJMUlZO4kvYDEGlynMaaMCUr7cr2VK8oek3LJLCmCo3SpIpBDTqRZgPHUlc13/nf+/4vmGWvzKF6uF00ECN+4iZziQmgy92Jb+h5Qtsm/2w2a95bf16NqqpxXw47cQDJvTcQZM+roOFofgKqZKDBgrMgcLFNaA+P7XgwW8BSn8tXQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LWsVrKEzKfd+O7/xu1MXGf50EamehHSEid8hhyHIX84=; b=fhK3zU59r8dWuNZVgcsNGkC3o0EdPkQs/eL701JmCItacRsKiY6UOAbUn99yy3W+TxSFqdsgCPHH6vqFHGxuD24GB1kAWzGJcIrwxyM45ItFiyDvcvstnWIe75umMdpKDs29K9yX0Tkm6ixWz6IxPiNIw58WtjB1PPoWAWH+IX+mdRklOp+F3ho/kyK/ubOm1YOFYmso+7YUfTa/hirBdRGJMzv//kFUjNNwgw1p71meojoG0houXNjpq+4WteoU4nPGk2ISTsPo3WFRzpNMryz1ziWvaScCEUUrp1CRfDcp1iSpeNDkd3Wog+Amhus33HVbXIv8Emi9DMex7VI4Eg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=endress.com;dmarc=pass action=none header.from=endress.com;dkim=pass header.d=endress.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=endress.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LWsVrKEzKfd+O7/xu1MXGf50EamehHSEid8hhyHIX84=; b=J5e99zSRUpVmd6UBxSRDlVDVi5HSF5xiMxXMJUikSz/yVH9W2Voq0s6Ga+8bYU23pjbrxZSWvIGg6mH2R/l/mkNN0oFu/dA37sP8rjN99HHM8X3mkRLasUeKWlod9Q1OLTqb9mLr7Vfr9hQ1qnQc5t0YtDm8fRQIlvI+o+N2ywU=
Received: from VI1PR0501MB2255.eurprd05.prod.outlook.com (10.169.135.11) by VI1PR0501MB2592.eurprd05.prod.outlook.com (10.168.139.137) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2073.14; Tue, 16 Jul 2019 13:36:37 +0000
Received: from VI1PR0501MB2255.eurprd05.prod.outlook.com ([fe80::d802:c0a5:12ac:dc2d]) by VI1PR0501MB2255.eurprd05.prod.outlook.com ([fe80::d802:c0a5:12ac:dc2d%6]) with mapi id 15.20.2073.012; Tue, 16 Jul 2019 13:36:37 +0000
From: Björn Haase <bjoern.haase@endress.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
CC: Dan Harkins <dharkins@lounge.org>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] I-D Action: draft-irtf-cfrg-hash-to-curve-04.txt
Thread-Index: AQHVNeYO05gPRfpvLk+KIGHfcuu7QqbNBR0AgAA78qCAAAh6gIAAACUw
Content-Class:
Date: Tue, 16 Jul 2019 13:36:37 +0000
Message-ID: <VI1PR0501MB22551F9789C35716A2292C1983CE0@VI1PR0501MB2255.eurprd05.prod.outlook.com>
References: <156262877252.887.17736027249172849204@ietfa.amsl.com> <ed63dbe8-4a7e-8c0d-ffe2-90cc99bb9a6e@lounge.org> <VI1PR0501MB22557A164EED31B2C17EB44983CE0@VI1PR0501MB2255.eurprd05.prod.outlook.com> <26E7C662-6D58-48E0-855F-5E5B2D36AF92@ll.mit.edu>
In-Reply-To: <26E7C662-6D58-48E0-855F-5E5B2D36AF92@ll.mit.edu>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Enabled=True; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_SiteId=52daf2a9-3b73-4da4-ac6a-3f81adc92b7e; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Owner=bjoern.haase@endress.com; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_SetDate=2019-07-16T13:36:35.9386219Z; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Name=Not Protected; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Application=Microsoft Azure Information Protection; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_ActionId=b2d9f41b-e76d-4e60-9b14-dfa81dcac947; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Extended_MSFT_Method=Automatic
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=bjoern.haase@endress.com;
x-originating-ip: [193.158.100.19]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: 7d4a0bcc-9c89-46eb-ad5d-08d709f2a1f8
X-Microsoft-Antispam-Untrusted: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:VI1PR0501MB2592;
X-MS-TrafficTypeDiagnostic: VI1PR0501MB2592:|AM0PR05MB5233:
X-MS-Exchange-PUrlCount: 7
X-Microsoft-Antispam-PRVS: <AM0PR05MB5233E59009E48BC11ACC522283CE0@AM0PR05MB5233.eurprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:8882;
x-forefront-prvs: 0100732B76
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(396003)(376002)(346002)(366004)(136003)(189003)(199004)(26234003)(85202003)(256004)(25786009)(14454004)(486006)(33656002)(68736007)(446003)(26005)(7736002)(186003)(11346002)(102836004)(6506007)(7696005)(305945005)(6116002)(74316002)(8936002)(8676002)(54906003)(476003)(66574012)(53546011)(316002)(99286004)(81156014)(81166006)(76176011)(6306002)(55016002)(9686003)(2171002)(2906002)(4326008)(53936002)(85182001)(66066001)(6436002)(71190400001)(71200400001)(6916009)(5660300002)(15974865002)(966005)(478600001)(52536014)(3846002)(14444005)(45080400002)(76116006)(66946007)(86362001)(64756008)(66446008)(66556008)(66476007); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0501MB2592; H:VI1PR0501MB2255.eurprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: endress.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info-Original: KJjmeSIU50pks48Krwd5ILnS4rF6krVkpPlDi4E1vkDLY3HLrDo94R8R1tcCnK7SPhwtKJfVqyCwudvZoaIqn3RUYBGyvfpLPPL2JKQfYMv59IA7aB3QQm5US5P7Tg/py3OR6myoB3Nk3h8eHP6419RMfJIujb8WeUY5lwm26Sk4K22AOiPk1rRwTl0j2yANRKUsXdihBZLnRhmn2Tckv95Q3x64EtJ5xBNl3fZqaQZF3yf2h56QOtJqjxsDk1l/DLaDimPF/xZ+ByKU9pJe1xVVo8DQJ0l6w0WxYU/QVRVN21nEiUvmO6XmaVAima60H9BjxTI8vWtHBnNuLIu3dF4v3nCjXcfoDElYzgcHnroiB5vPPtE3oCQQdYk+OFSBdBpVbsSr4dZ2WVNto9EjpMdMAtLfQUrQWrj3F8Hsac0=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0501MB2592
X-OriginalArrivalTime: 16 Jul 2019 13:36:38.0150 (UTC) FILETIME=[7E619A60:01D53BDB]
X-Trailer: 1
X-GBS-PROC: h6Y5KL0imaaBeOlh9oQP95nwEBtprcZ2G9RVVJ2HBSY=
X-GRP-TAN: IQWE01@4D7E0E2141974D8AB6110042DB761F01
X-iqsuite-process: processed
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT010.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:40.68.44.165; IPV:CAL; SCL:-1; CTRY:NL; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(136003)(39860400002)(396003)(376002)(346002)(2980300002)(26234003)(199004)(189003)(26005)(102836004)(76176011)(2906002)(85182001)(6116002)(3846002)(5660300002)(6506007)(53546011)(70206006)(14454004)(70586007)(52536014)(76130400001)(356004)(336012)(66066001)(186003)(68736007)(7696005)(69596002)(47776003)(2486003)(23676004)(86362001)(66574012)(15974865002)(14444005)(53936002)(85202003)(25786009)(9686003)(2171002)(55016002)(7736002)(74316002)(305945005)(6306002)(45080400002)(446003)(436003)(476003)(81166006)(8936002)(81156014)(50466002)(478600001)(33656002)(966005)(126002)(26826003)(8676002)(11346002)(106002)(486006)(4326008)(54906003)(99286004)(6862004)(316002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR05MB5233; H:iqsuite.endress.com; FPR:; SPF:Pass; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 1efc9a9c-66ea-42ce-71cb-08d709f2a068
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(710020)(711020)(4605104)(4709080)(1401327)(2017052603328)(7193020); SRVR:AM0PR05MB5233;
X-Forefront-PRVS: 0100732B76
X-Microsoft-Antispam-Message-Info: dYsMy9uE4+B3U6vD2N/Gehw6VC6EexS/LW7HM7N60G5t2ejt89ETXVNZdwGoQgyViBDP4MU6oo0gDOPIadYF4U02MS7Q2qXlzPDOYkDTguV1LaaVsIRc8FkI9SPXpbsOMRJlMzANAV/LxfDfxwMXiS61h6+6vEBBWUwbznVVsQfHzgCloOx3d5t2uwJjtlLrT1Mm56Lg1HUhhhoxg3WhhhNOPLG6eoFElfgzMw0V61pMZdQqmmy4S/PzTAiq8VF3NQTRbftkCz+1Kc/d2/xyB/+Ldgu6l5QQHzxErZaE1Xrkouhvd17u4c4HwFFypyRgSU8J8XFrs2xXOq+VwDs9xOGKMU/P/D1aU2tIa/Zjf/3qQ76IXMw2Ko7AZCqKFIsr5hFB31y0uuJgcIHf5CKwDyy6m5tsrGWbVeUVHC6g5nw=
X-OriginatorOrg: endress.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Jul 2019 13:36:39.9718 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 7d4a0bcc-9c89-46eb-ad5d-08d709f2a1f8
X-MS-Exchange-CrossTenant-Id: 52daf2a9-3b73-4da4-ac6a-3f81adc92b7e
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=52daf2a9-3b73-4da4-ac6a-3f81adc92b7e; Ip=[40.68.44.165]; Helo=[iqsuite.endress.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR05MB5233
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/s6QLfHOScWmSg5gr0FBYtha6298>
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-hash-to-curve-04.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2019 13:36:47 -0000

... and another bad news might be the following: I fear that

P384-SHA512-ICART-NU

might be covered by the patent family of FR0950189 (including US8666066B2) ☹. 

Yours,

Björn.





Mit freundlichen Grüßen I Best Regards 

Dr. Björn Haase 

Senior Expert Electronics | TGREH Electronics Hardware
Endress+Hauser Conducta GmbH+Co.KG | Dieselstrasse 24 | 70839 Gerlingen | Germany
Phone: +49 7156 209 377 | Fax: +49 7156 209 221
bjoern.haase@endress.com |  www.conducta.endress.com 





Endress+Hauser Conducta GmbH+Co.KG
Amtsgericht Stuttgart HRA 201908
Sitz der Gesellschaft: Gerlingen
Persönlich haftende Gesellschafterin:
Endress+Hauser Conducta Verwaltungsgesellschaft mbH
Sitz der Gesellschaft: Gerlingen
Amtsgericht Stuttgart HRA 201929
Geschäftsführer: Dr. Manfred Jagiella

 
Gemäss Datenschutzgrundverordnung sind wir verpflichtet, Sie zu informieren, wenn wir personenbezogene Daten von Ihnen erheben.
Dieser Informationspflicht kommen wir mit folgendem Datenschutzhinweis (https://www.endress.com/de/cookies-endress+hauser-website) nach.

 



Disclaimer: 

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer. This e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer unless explicitly and conspicuously designated or stated as such.
 


-----Ursprüngliche Nachricht-----
Von: Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu> 
Gesendet: Dienstag, 16. Juli 2019 15:31
An: Björn Haase <bjoern.haase@endress.com>
Cc: Dan Harkins <dharkins@lounge.org>; cfrg@irtf.org
Betreff: Re: [Cfrg] I-D Action: draft-irtf-cfrg-hash-to-curve-04.txt

I am with Dan and Björn. Please add plain SWU back.

Regards,
Uri

Sent from my iPhone

> On Jul 16, 2019, at 09:18, Björn Haase <bjoern.haase@endress.com> wrote:
> 
> Hi to all,
> 
> One of the clear advantages of using the less-efficient "plain" SWU method with the three calculations of the Legendre symbol as defined in section
> 
> "5.3.2.  Shallue-Woestijne-Ulas Method"
> 
> of the older draft -03 is that we keep safely away from the patents. Yes, its less efficient, but frankly speaking, in my opinion people really concerned about efficiency should use Montgomery or (twisted) Edwards curves anyway (and use Elligator2) and likely for most real-world-protocols the mapping will be not the bottleneck but rather the scalar multiplications.
> 
> This might be a reason to stick with plain SWU or at least include plain SWU as an option in the RFC.
> 
> Björn.
> 
> 
> 
> 
> 
> Mit freundlichen Grüßen I Best Regards 
> 
> Dr. Björn Haase 
> 
> Senior Expert Electronics | TGREH Electronics Hardware
> Endress+Hauser Conducta GmbH+Co.KG | Dieselstrasse 24 | 70839 Gerlingen | Germany
> Phone: +49 7156 209 377 | Fax: +49 7156 209 221
> bjoern.haase@endress.com |  www.conducta.endress.com 
> 
> 
> 
> 
> 
> Endress+Hauser Conducta GmbH+Co.KG
> Amtsgericht Stuttgart HRA 201908
> Sitz der Gesellschaft: Gerlingen
> Persönlich haftende Gesellschafterin:
> Endress+Hauser Conducta Verwaltungsgesellschaft mbH
> Sitz der Gesellschaft: Gerlingen
> Amtsgericht Stuttgart HRA 201929
> Geschäftsführer: Dr. Manfred Jagiella
> 
>  
> Gemäss Datenschutzgrundverordnung sind wir verpflichtet, Sie zu informieren, wenn wir personenbezogene Daten von Ihnen erheben.
> Dieser Informationspflicht kommen wir mit folgendem Datenschutzhinweis (https://www.endress.com/de/cookies-endress+hauser-website) nach.
> 
>  
> 
> 
> 
> Disclaimer: 
> 
> The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer. This e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer unless explicitly and conspicuously designated or stated as such.
> 
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: Cfrg <cfrg-bounces@irtf.org> Im Auftrag von Dan Harkins
> Gesendet: Dienstag, 16. Juli 2019 11:26
> An: cfrg@irtf.org
> Betreff: Re: [Cfrg] I-D Action: draft-irtf-cfrg-hash-to-curve-04.txt
> 
> 
>   Hello,
> 
>   This draft seems like a departure from the direction -03 was going,
> which is unfortunate.
> 
>   Version -03 had several methods of hashing whose preconditions made them
> appropriate for certain curves. Importantly, though, it had SWU which will
> work with basically any Weierstrass curve. Now it seems the focus is on 
> highly
> optimized and curve-specific methods and ciphersuites which fix the curve
> and hash algorithm. SWU is now optimized to work only on certain 
> pairing-friendly
> curves.
> 
>   Would it be possible to add back the -03 SWU as a generic template that
> can be instantiated with a curve and a hash function? That was how I was
> planning on using this soon-to-be RFC.
> 
>   And a comment on -04. The Simple SWU method now has a check whether u=0
> to prevent divide-by-zero. In the event it is, the algorithm outputs
> B/(Z * A) as x. Doesn't this leak information? If I, as a passive observer,
> notice x = B/(Z * A) then I know that hash_to_curve(m) returned 0. I know
> the probability of u=0 is astronomically small but if the possibility is
> going to be addressed why not reduce the output of the hash modulo (p-2)
> and then add 2 to always place 1 < u < p?
> 
>   regards,
> 
>   Dan.
> 
>> On 7/8/19 4:32 PM, internet-drafts@ietf.org wrote:
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>> This draft is a work item of the Crypto Forum RG of the IRTF.
>> 
>>         Title           : Hashing to Elliptic Curves
>>         Authors         : Armando Faz-Hernandez
>>                           Sam Scott
>>                           Nick Sullivan
>>                           Riad S. Wahby
>>                           Christopher A. Wood
>>    Filename        : draft-irtf-cfrg-hash-to-curve-04.txt
>>    Pages           : 60
>>    Date            : 2019-07-08
>> 
>> Abstract:
>>    This document specifies a number of algorithms that may be used to
>>    encode or hash an arbitrary string to a point on an elliptic curve.
>> 
>> 
>> The IETF datatracker status page for this draft is:
>> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-irtf-cfrg-hash-to-curve%2F&amp;data=02%7C01%7Cbjoern.haase%40endress.com%7Cae3fd8bde95d49afaef008d709cfa996%7C52daf2a93b734da4ac6a3f81adc92b7e%7C1%7C0%7C636988659817711977&amp;sdata=DTtAtT0Ec2pyscnrisBC7dJkkgcNqGSe6pl8IrTHfP8%3D&amp;reserved=0
>> 
>> There are also htmlized versions available at:
>> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-irtf-cfrg-hash-to-curve-04&amp;data=02%7C01%7Cbjoern.haase%40endress.com%7Cae3fd8bde95d49afaef008d709cfa996%7C52daf2a93b734da4ac6a3f81adc92b7e%7C1%7C0%7C636988659817711977&amp;sdata=UdjS%2BluBqR%2F6%2FFSTRaevzruWEU8xqWVcGZBZ5PDX4lI%3D&amp;reserved=0
>> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-irtf-cfrg-hash-to-curve-04&amp;data=02%7C01%7Cbjoern.haase%40endress.com%7Cae3fd8bde95d49afaef008d709cfa996%7C52daf2a93b734da4ac6a3f81adc92b7e%7C1%7C0%7C636988659817711977&amp;sdata=LCWM4Q8iXV3phnMTTMg0E9HuVgR%2BHHZCvI9lg4I8ILU%3D&amp;reserved=0
>> 
>> A diff from the previous version is available at:
>> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-irtf-cfrg-hash-to-curve-04&amp;data=02%7C01%7Cbjoern.haase%40endress.com%7Cae3fd8bde95d49afaef008d709cfa996%7C52daf2a93b734da4ac6a3f81adc92b7e%7C1%7C0%7C636988659817721981&amp;sdata=CR%2F43lACEBS0g8uW7GNEL7H4aZHQxqnmeEWD%2Ft8bRmk%3D&amp;reserved=0
>> 
>> 
>> Please note that it may take a couple of minutes from the time of submission
>> until the htmlized version and diff are available at tools.ietf.org.
>> 
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>> 
>> _______________________________________________
>> Cfrg mailing list
>> Cfrg@irtf.org
>> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.irtf.org%2Fmailman%2Flistinfo%2Fcfrg&amp;data=02%7C01%7Cbjoern.haase%40endress.com%7Cae3fd8bde95d49afaef008d709cfa996%7C52daf2a93b734da4ac6a3f81adc92b7e%7C1%7C0%7C636988659817721981&amp;sdata=1PEi9s085HZljfmE1Tl%2Bam7h5h7BldmYEXy%2FOmbQN3s%3D&amp;reserved=0
> 
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.irtf.org%2Fmailman%2Flistinfo%2Fcfrg&amp;data=02%7C01%7Cbjoern.haase%40endress.com%7Cae3fd8bde95d49afaef008d709cfa996%7C52daf2a93b734da4ac6a3f81adc92b7e%7C1%7C0%7C636988659817721981&amp;sdata=1PEi9s085HZljfmE1Tl%2Bam7h5h7BldmYEXy%2FOmbQN3s%3D&amp;reserved=0
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg