Re: [Cfrg] Another perspective on the Curve256/255 problem
"Salz, Rich" <rsalz@akamai.com> Thu, 31 July 2014 17:43 UTC
Return-Path: <rsalz@akamai.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FF151A02E3 for <cfrg@ietfa.amsl.com>; Thu, 31 Jul 2014 10:43:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4C3eNGPWJEFh for <cfrg@ietfa.amsl.com>; Thu, 31 Jul 2014 10:43:58 -0700 (PDT)
Received: from prod-mail-xrelay02.akamai.com (prod-mail-xrelay02.akamai.com [72.246.2.14]) by ietfa.amsl.com (Postfix) with ESMTP id 215F71B2954 for <cfrg@irtf.org>; Thu, 31 Jul 2014 10:43:58 -0700 (PDT)
Received: from prod-mail-xrelay02.akamai.com (localhost [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 9FE7128654; Thu, 31 Jul 2014 17:43:57 +0000 (GMT)
Received: from prod-mail-relay06.akamai.com (prod-mail-relay06.akamai.com [172.17.120.126]) by prod-mail-xrelay02.akamai.com (Postfix) with ESMTP id 8DDD928651; Thu, 31 Jul 2014 17:43:57 +0000 (GMT)
Received: from usma1ex-cashub.kendall.corp.akamai.com (usma1ex-cashub4.kendall.corp.akamai.com [172.27.105.20]) by prod-mail-relay06.akamai.com (Postfix) with ESMTP id 89E082027; Thu, 31 Jul 2014 17:43:57 +0000 (GMT)
Received: from USMBX1.msg.corp.akamai.com ([172.27.107.26]) by USMA1EX-CASHUB4.kendall.corp.akamai.com ([172.27.105.20]) with mapi; Thu, 31 Jul 2014 13:43:57 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Date: Thu, 31 Jul 2014 13:43:56 -0400
Thread-Topic: [Cfrg] Another perspective on the Curve256/255 problem
Thread-Index: Ac+s5Bc3VrmbbAxqTQWAaJCEW0eZoQAAfYfw
Message-ID: <2A0EFB9C05D0164E98F19BB0AF3708C718599EE460@USMBX1.msg.corp.akamai.com>
References: <CAMm+LwgZp4sgLaFZeWV05UDvN=x7FUNbM5Gi32fJRRrKmais+A@mail.gmail.com>
In-Reply-To: <CAMm+LwgZp4sgLaFZeWV05UDvN=x7FUNbM5Gi32fJRRrKmais+A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/sQlDDSnhiVs4Udvmn2z39sHzmss
Subject: Re: [Cfrg] Another perspective on the Curve256/255 problem
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Jul 2014 17:43:59 -0000
> [I am using WF128 to remind ourselves that this is a 2^128 Work Factor which > is what really matters here.] I like this notation. > So PKIX, S/MIME and OpenPGP should just use WF256. Which means that a > TLS stack is going to need the ability to do WF256. Can you explain this? I don't see the "which means" justification, which means I'm missing something. > DJB: Speed! Speed! Speed! That's not how I would characterize it. One of Dan's slides said something about removing the friction between security and performance. I wish I wrote it down, it was a brilliant insight. The first time I've seen a real systems approach to crypto (which probably says more about my ignorance of the field than anything else). For example, Curve25519 requires the top bit to be set, so that implementers don't expose timing attacks by skipping down until they find the first bit set. I think everyone agreed with rigidity as a good principle to follow. Caesar's wife must be above suspicion. -- Principal Security Engineer Akamai Technologies, Cambridge MA IM: rsalz@jabber.me Twitter: RichSalz
- [Cfrg] Another perspective on the Curve256/255 pr… Phillip Hallam-Baker
- Re: [Cfrg] Another perspective on the Curve256/25… Salz, Rich
- Re: [Cfrg] Another perspective on the Curve256/25… Phillip Hallam-Baker
- Re: [Cfrg] Another perspective on the Curve256/25… Salz, Rich
- [Cfrg] A few good primes D. J. Bernstein
- Re: [Cfrg] A few good primes Michael Hamburg