IETF Logo Mail Archive

[CFRG] Re: Pairing-Friendly Curves: Open Questions Before Draft Update

"Bellebaum, Thomas" <thomas.bellebaum@aisec.fraunhofer.de> Tue, 16 December 2025 11:12 UTC

Return-Path: <thomas.bellebaum@aisec.fraunhofer.de>
X-Original-To: cfrg@mail2.ietf.org
Delivered-To: cfrg@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id B933E9B31BBD for <cfrg@mail2.ietf.org>; Tue, 16 Dec 2025 03:12:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.297
X-Spam-Level:
X-Spam-Status: No, score=-4.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=aisec.fraunhofer.de header.b="NBGxQMcv"; dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com header.b="nvgrSTU7"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5xxU7XuYxytg for <cfrg@mail2.ietf.org>; Tue, 16 Dec 2025 03:12:05 -0800 (PST)
Received: from mail-edgeMUC218.fraunhofer.de (mail-edgemuc218.fraunhofer.de [192.102.154.218]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 07E749B31BB2 for <cfrg@irtf.org>; Tue, 16 Dec 2025 03:12:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1765883525; x=1797419525; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=H8QThswfa0EkpMXjs1TdnqBpDEhtR6yT3FwV+uqW/ZA=; b=NBGxQMcvoA/OyMHz0RhdO9GdHNVD9e0HJbxKE/5QfHi0UXo7631VAPIe lVJzY6UDKZqVYOa/dTKZrEMp0Kw0vfUBXoaeVF+p3VE4Wjy/yvn8ATiMa N1TuPfILJNI0wI6SoHBcAIGjM1xw80wemlLA4G/HVan0y5JQXtxMb7TG+ 6iLT8tofVpFBlEZh/D/fcVme5bdf5SAAbgDujVLCGsUoj5JXk1T2fXmcQ 93tP+rzSBqB2T2w1mM7l5xPg385D0Ja3j868v38tFcNInv6MKjIzJVwZK c8DunSK4jcWaR75dWFNd7hn3Icfg4HNOJ/64d2TbcuiO4DVtaKtHDr6FR A==;
X-CSE-ConnectionGUID: k366Y7vATXWg+t3djJzvYA==
X-CSE-MsgGUID: JboJSEQ7TJ2PpO0MtZxYxQ==
Authentication-Results: mail-edgeMUC218.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com
X-ThreatScanner-Verdict: Negative
X-IPAS-Result: A2HqAgBMVK1o/8ejZsBRCRwBAQEBAQEHAQESAQEEBAEBQIFTgkBAAUCBZYRVkXEDl3+BO4M1glADVw8BAQEBAQEBAQEHAQE9FAQBAQMEhQACFowRJzgTAQEBAQMBAQEBAQIFAQEBAQEBAQEBAQELAQEGAQIBAQEECAECgR2GCUYNgluBLIEmAQEBAQEBAQEBAQEBHQINKFYBBAEjEQwBATcBBAsCAQgaAiYCAgIvFRACBAENgwiCJAQSAw8mFLoQgTKBAYIMAQEGgUYE2V8YgkcDBgkBgREug3yEVAGBboN1gk2CM4IMQ4EVNYJ1PoJKFwSBMiwVg0aCaYImgQIUiBqIGxOKFQlJeBwDWSwBVRMXCwcFXkIQMwMgCjQVHAIUDSIPGgUtHXMMKBJnhBWEHytPghtygQEPAWRBGT+DUx4Gaw8GgRUZSQICAgUCQz6BcQYeBh8SAgMBAgKBEBACbkADC209NwYOG0OUbYMnCBJUFD0CgRFObwIPlnmMJ6MvAwQDgjWBZ6FxM4QEjRMEhkWSJGeZBiKCNqY+AgQCBAUCEAiBf4F/cYM2UhkPjiGEAIUTtR14AjoCBwsBAQMJkWwtBYFLAQE
IronPort-PHdr: A9a23:Tg+ffBwKYdjoDuDXCzKfwVBlVkEcU1XcAAcZ59Idhq5Udez7ptK+Z xeZva4m1QCVAN6TwskHotSVmpioYXYH75eFvSJKW713fDhBpOMo2icNO4q7M3D9N+PgdCcgH c5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9HiTezb75+N gm6oAveusULg4ZvJaY8xxXUqXZUZupawn9lKl2Ukxvg/Mm74YRt8z5Xu/Iv9s5AVbv1cqElR rFGDzooLn446tTzuRfMVQWA6WIQX3sZnBRVGwTK4w30UZn3sivhq+pywzKaMtHsTbA1Qjut8 aFmQwL1hSgdNj459GbXitFsjK9evRmsqQBzz5LSbYqIMvd1Y6HTcs4ARWdZXshfSTJMDJ6gb 4UBDOQBM+RXoJXyqVQBtha+GRKjCfnzxjNUmnP736s32PkhHwHc2wwgGsoDvHrJodrrMKcSV f66w7LSwjXeavNZ3C/x45XWfBAhpvGMWKh/cdHfxUIyEA7FklWQqYvgPzyPzeQBqXOU4PRkV eKrlWEosBt+oiWqxso3kIbJh5kVxU7Y+iljzoY1P8e3SFN9Yd6kF5tQuT+VN5FsTsw/XW5lo SA3waAJtpCnZiYF0ognxwLBZPyddYiF+gzvWemfLzpmgH9oeLOyiRiv/UauyODyVtS43EhIo ydBkdTBtW0A2wLR58aITvZw8Vms1DaP2Q7T9+xKLk85mK7dJpU8zLAwkZ8Tvl7CHi/wgEj2l qGWeVk99ue29uvnY6nmppiGN4NujQH+KKsul8qiCuo7KggDR3WX9OCi2LH54EH1XKtGgucrn qTYvp3WP9kXq6q9DgNNzIou6gqzAjmj3dgFgXUINlNIdReagIT0OFzDJfX1Dfm+jlmtljpg2 urIMaf7AprXK3jOiLLhfbFg5EFC0Acz1tVf545MCrEGPfLzRlf9tNzGAR89NAy52+PnB8981 oMaQG6PB7OZP7nPvFGL++4iJ+2BaJUbuDbnMfcl+vjujX8+mV8TY6apx4EbZ22mEfh+IkWZZ 2TjgssZHGsXugcyUvbmhECeXTJNfXq+QqMx6z8hBI67CYrOQpihgLmb0ye6Gp1WaHpGCleJE Xrwa4WEW/AMaCeILc96iDALTqauS4sl1R6wrwD10adnLu/P9yICtJLjz8Z66PHJmRE87zx7F dmd02eNT2FzkGMHWSU20LpirkNj0luDy7R3g+REFdxP4PNESho1OoTCz+x7Ft//Qg3McsuTR 1aiQdWpGzUxTtM3w9AQekp9ANKijhTe3yq2Ar8VkLqLBIcu/q3A2HjxIt1wxGvD1KY7lVkpX tFDNWy4ia5j+QjfHYnJk1+Wl6qyb6QTwDbN9HufzWqJpExXTABwUb/KXX0EZ0vWt8j55k3YQ 7+pE7QnPRNNydSeJatSdt3pkVJGSe/lONTff22xm2CwBRKSybOXdobqYHgd3CHZCEgFjQAc5 3CGOBMxBiekuW3eDThuGUjzbEPr9OlysHW7QVQswAGQc0Jhz6a1+gIShfGERf4fxqgEtzk/q zt3Bliwx9fWBMCBpwplZalcZM89701c2mLYqgBwOpitI7pshl4EaQt3okXu1xVwCoVOj8cqt mkmwxdsJq6AzVxBdDKY3ZXoN7PNNmT84Q2hZ7bL1VHbytmW4LsA5ewgpVv6pA+nGVIu825/0 9lby3aS/ozEAhIdX8G5bkFivRRzubDWN3Vl7ofX3HltN6TxqTjGxs4oA+0+jB2nev9TNaqeH 0nzHtEUQc+0J6Ziz1SgcBMIabwK/ao3NsencfbDw6mvIfphmzS9y29A5ahx10uW/Gx9R/LGm ZEfzKfclkGBVjz8i1OoqYbshIRAZC8bGEKwzCHlAMhaYag4NdINCGyuJMm+3ZNlmprpWmBR8 nasAloH3Imifh/EPHLn2ggFn24apXiqkyKlyng8rzEuq6OElmSa3+TlcRMcfGRGQG1vh17xJ KC9jssXVw6mdQE0khui60vggaRW8vcsZ1LPSFtFKnClZ1ppVbG94+Lqi7Nn9sZx4m1eBf6na BWBSren/kVJmyi2BWZazSA2e3awt5HwjxF22wf/ZHomomDQZMdwwhnS/prbQ/tQ1SABXy52l X/cAV3vd8L85tiQmpzftfrkEmy7X4BVcS7lwJnFsy2+5GZwBga4kez2kdriQm1YmS+u+cNtU HfkpQrxMLL23aa3Ov41W0RzH1bz5o9bNtNVlY0siZcMnEQLnpjH2FsivCLNPM9A2KX4PkpIY AVO7s7e4AHj10AmFX+Py4/jf1m2wsZqZIrfACsc2ncdv/l2CLyL4rUcsChth2q6tlvtbf5kt C8x5Psy0iALv7onpzRu0zyiRYI7SBo9X2TmwhKW4MqFkJgIPl6kQ52M9xRut9StHe6F/1tZY 3vnJdQkQSlUstlQMHOPy2bx5oT1VsLbVc4KtDnLlVTOsspaCcgNu/ZT3CBoZWbs4yYBztdjt gZp7ailo8/AAT107PiGLg9CChTSfPJI+TT/oqFmkt+uxqeKRbY9Nz8EQqTSEd6KCS1Rkar1H D6hFhYGjn6LFYKFEjOe5WZis23iSai1JXOGKVgLlOpaVgmTARkMyBBRXS89mIY+DBzv3sH6b UNlsygY/UWrwvMt4udhNh26X2vQqSKVQW1tGN6RNhNL6AFF6UrPd8CTvap/HCBdq4WotxfFa neaaAJBEXwTVwSaCkriMLij6ZiI8+WRCuekafqbSbuUoPFYV/CGyIjp1Y1j/j2WMd6IMGUkB Po+snc=
X-Talos-CUID: 9a23:8LCYDmgMI3zO/+4cqRC7ty8kOTJucSaDkkaPPWaEOVlmC6HORV2y6r1Vup87
X-Talos-MUID: 9a23:Vv3GPAX7M2Hacdbq/B3mgxNZGf4334b0MFgqybAaidm1JRUlbg==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.18,214,1751234400"; d="scan'208";a="14923319"
Received: from mail-mtabi199.fraunhofer.de ([192.102.163.199]) by mail-edgeMUC218.fraunhofer.de with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 16 Dec 2025 12:11:57 +0100
X-CSE-ConnectionGUID: oIf3NkkzR8alI9o609+CBg==
X-CSE-MsgGUID: OX/qyffwQOWti3wrA9n8HQ==
IronPort-SDR: 69413e7c_HinYKaraoQ/8yfL4XE3q89+Txi3FXhKazKVwY1G0WAln0gK RBncWveEsPF1VY7ZDIaqXcPSWw04ZQ1sCdX/JSg==
X-IPAS-Result: A0DxBQCnPUFp/3+zYZlRCR4BAQsSDEAlgxlSQAFFYYEJhFSDTAOFLIh5A5d/gTuDNYJQA1cPAQMBAQEBAQcBAT0UBAEBhQcCFoxTJzgTAQIBAQIBAQEBAwIDAQEBAQEBAQEBAQELAQEFAQEBAgEBBgWBDhOGTw2GWwEBAQIBEhERDAEBNwEECwIBCBoCJgICAi8VEAIEAQ0ngmGCJAQSAw8nAgICDqV1AYFAAoslgTKBAYIMAQEGBASBPgTZYhiCRwMGCQGBEy6DfIRXAYFug3eCToIzggxDgRU1gnU+gkoXBIEyLINbgmmCJnoUhh8Tk0UJSXgcA1ksAVUTFwsHBWFCEDMDIAo0LQIUDSIPGgUtHXAMJxIPHRcTYD0XQINJGAZoDwaBERlJAgICBQJAOoFmBhwGHBICAwECAjpVC4F2AgICAoIYfoIKD4c+gQEFLnolMgMLbT03Bg4bQ5UTToIrCBJUFD0CgRFObwIPlnmMJ6MvAwQDgjWBZ6FxM4QEjRMEhkWSJGeZBiKCNqY9AgQCBAUCEAEBBoF/JYFZcYM2TwMZD44hhACFE8RIRTMCOgIHCwEBAwmRbC2BTgEB
IronPort-PHdr: A9a23:y6AKvRJIwyCW8pYEDtmcuDdnWUAX0o4cQyYLv8N0w7sbaL+quo/iN RaCu6YlhwrTUIHS+/9IzPDbt6nwVGBThPTJvCUMapVRUR8Ch8gM2QsmBc+OE0rgK/D2KSc9G ZcKTwp+8nW2OlRSApy7aUfbv3uy6jAfAFD4Mw90Lf7yAYnck4G80OXhnv+bY1Bmnj24M597M BjklhjbtMQdndlHJ70qwxTE51pkKc9Rw39lI07Wowfk65WV3btOthpdoekg8MgSYeDfROEVX bdYBTIpPiUO6cvnuAPqYSCP63AfAQB02hBIViiV1S36RYj/u3PXtfJY6CuBZPH6S6keQRiP7 7tRFg7U0wkYCX0k6V6QuOUl38c56Bj0oQJw2bXoXd7PDPFMW5/+I8MwQWZQAcEMDSl6D53jL I1TCc5dIclYjsrmvFkCqAqQHgKUGPrt7mBOxXHL/6IbidgMHVif1gN8G8NQ61DRlY3OLqAia P+qi+7ilSzTNcx6yC3Bwa/TQ0sipOOjWop8aPLI7mx0NF/ohFqOlra5ExGMyacp7Xqw18Vmf tiLgn4rk1t+njmi58MwlaSTvpwHyEHJ1Dcg/74nNdOdHR0zcZulCpxWryaAK85sT9g/R309o C8h0e5uUf+TeSELzNEi2xf1SqXWIs6G+Bv+UuaWLzpiwn5oK/qzhBe3pFCp0fa0FtK131BDs jdfn5HSu2oM2R3e5onPSvZ08kq7nzfa/w7J4/xCIUc6mLCdLJgkw7UqkYEUv1iFFSjz8Hg=
IronPort-Data: A9a23:K/oB0K1B5cCcDcK2rfbD5Sp0kn2cJEfYwER7XKvMYLTBsI5bpzEOy 2VKCzrXbqrYNDPzfdBzaojnpBsPusKBn9JhSgJk3Hw8FHgiRegpqji6wuccGwvIc6UvmWo+t 512huHodZ5yFjmF4E/0Y9ANlFEkvYmQXL3wFeXYDS54QA5gWU8JhAlq8wIDqtcAbeORXUXX4 Lsen+WFYAX4gmQtbDpOg06+gEoHUMra6GtwUmMWOKgjUG/2zxE9EJ8ZLKetGHr0KqE8NvK6X evK0Iai9Wrf+Ro3Yvv9+losWhRXKlJ6FVHmZkt+A8BOsDAbzsAB+vpT2M4nVKtio27hc+ada jl6ncfYpQ8BZsUgkQmGOvVSO3kW0aZuoNcrLZUj2CCe5xWuTpfi/xlhJEYXM9Y++eVlOzFH8 d1JL25VP1Oore3jldpXSsE07igiBNLuIJtZt2FrzXfXF/87R5DETajQo9NVtNsyrpkTRrCPO IxANmspNU6fC/FMEg9/5JYWgOevg3DkNTdVrFaYr6Mq5kDazRd82/7jKtPIfNyNS8hP2EqVz o7D1z+iWktLbYzEodaD2lWcwfbeky3kYaUtCLzj6eRD0VvD5lVGXXX6UnP++5FVkHWWV9tBK kBBpnInqas78E2tQ5zmWBmlvH+DuAVaUN1VO+E/4RuGjKvZ/wjfAXILJhZHadcms8s/Xnoxy 1uNns3gAxRgtbSUTTSW8bL8hTi8Iyc9LHUea2kDVwRt3jX4iIwjiVfPX9x5EaLwhNyzED3rh T6QpTU4h7IdgNRN26jTEU37vg9Ab6PhF2YdzgvNV3+j7gR3aZTjYIqt6FPB6u1HIprfRV6E1 EXoUeDHhAzXJcjVy3zfc/ZHB7yz+feOPRvVhFMlTdFr9C2g9zTnNcpc6S13bhUheMsVWy7bU GmKsyNo5bhXICSLa41zaNmPEMgE9/XrOunkcfH2VeBwRKZNWjWJxhwzWn7I7VvRyBAttYodJ aakdd2dCCdGKKZ/kxuzaeQv8Z4q4SEcnWr8FIzK/zG64L+gf3S6d7Y0AGWSV88X9Kjengfx9 uROBvu01hxwAejMUgjKw6EuLHQhD3syNbbpoeN5K8+BJQtHHjk6KvnzmLkORa1sr553pMzpo E6vaxR980Xuo0HHJSGhSGFRWJm2UblR9XsEbDERZ3C20H0dUKOTxaY4dapvW4I49eZmnMVGf 9Ncd+quWv1wGyn6oRIDZpzAratnRhShpSSKGwGHODEfXZpRdzbly+/eXDnE1XcxV3KslM4Ev bef+BvRQsMDSyRcHc/mUq+T4G3rj0cNutBZfhXuGcZSSnXO4YIxCi3Wj90LGe8uByjH5AOn0 1exPU9Fi8jL+5Q44fvYt5Ci9o2JKdZzLmBePmvc7Iu1CxXkw3qe8ddAftqlLTH5f0HoyZqmf tRQnq3dMuVYvVNksLhcMrdMzIAs7evVuJtf8FhVRnrWXVKJCr9ff36Mh/tLvawQxY1imBCXX 3iX8YJwIoS5O8LCEX8QKjE6b++F6+ompznK4dkxI2T4/CVR/rGXdWlzZj6i0Dd8KplxO6Mbm dYRgtYcsVGDu0B7I+S4gTBx3EXSCH45CoEMlIwQWa3vgSoVkmByW4TWUHLK0cveeud3ExcYJ xGPj/D/nJVa/E3JdkQzGVXr3eZwgZcvughA/GQdJmamy8b0ufsq4CJ/qTgHbBxZ7hFi4dJBP mJGM05UJ6LX2xxKgMNFfX6nGiAfJRm/13Hy9WA0lzzifxH1blDOEWwzAvbS3UY792kHQCNX0 ovFw0nYUBHrXvrL4A0MZWBfpcfOd+dBrj/5pJj/HuCuPYULXj7+s6r/OUsKs0TGBO0ytm3mp M5r3r55RvznBB41vpw+NZKQ+ooReSC6OFVtb+lqpp0LOWTuaQCC5yWHBBG0SPNsOs7lzE6cI O5tL/JpSB6R+nuvrDcaPKsyOLVbov8Y1OQeXpjBGGcp4qeunh9ovqnP9yP4unQZftV2nes5K aLTbzikEGeAoVd1wkjj9NJlPEi8avk6PDzM5vi/qrg1JshSodNSflEX+ZrqmXesaS9M3Q+e5 SHHbI/ol91S85xmxdbQI/8SFjePCI3BUcqT+1qOqPVIV9TENPnOuy4zqlXKOwd3P6Mba+9ol Iai4cLG40fYgIkYC2zpuYGNN61s1/WAWOB6NsHWLn4DuQCgXMTqwQUI+kHmCJhvve5e2PKaR FqDWJPtTeIWZtZT+iQEIWwWWRMQEL/+YarctDuw5abEQAQU1Qvcasir7zn1ZGVcbTUFIID6F hSygfu1+9REt85ZMXfo3R2970NQezcPgZcbSuA=
IronPort-HdrOrdr: A9a23:B55SJ6vDU/BigCuHcZ7mp6h97skCVIMji2hC6mlwRA09TyXGra +TdaUguSMc1gx9ZJh5o6H8BEGBKUmskKKdkrNhQYtKPTOW8VdASbsN0WKM+UyYJ8STzJ8/6U 4kSdkFNDSSNykzsS+Z2njBLz9I+rDum8rI5ds2jU0dNj2CA5sQqjuRYTzrdnGeMTM2Y6bRY6 DsgfavyQDQG0j+DayAdz44t7epnayTqHqCCSR2QyIP2U2rt3eF+bT6Gx+X0lM1SDVU24ov9m DDjkjQ+rijm+vT8G6W60bjq7Bt3PfxwNpKA8KBzuIPLC/3twqubIN9H5WfoTEOpv214lpCqq iHn/5gBbU/15riRBD7nfLf4Xiv7N/o0Q6i9basuwqunSU+fkN7NyMOv/MbTvKT0TtegDg16t M044syjesUfEv9dWLGlp71vlhR5zuJiGtnnugJg3NFV4wCLLdXsIwE5UtQVIwNBSTg9ekcYZ 9T5W7nlYNrmH6hHgTkV1NUsauRt1gIb2W7qxI5y7yoOhBt7QNE83c=
X-Talos-CUID: 9a23:NvcnL25Qt2vtq81eJdss828aQeYmcW/nnH7UAh6/Vz44C5a/RgrF
X-Talos-MUID: 9a23:sFyyXgZ3CLxvVOBTkA+rnSBsOthRxJuyCRsSi7xXvZmkDHkl
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.21,153,1763420400"; d="scan'208";a="33029183"
Received: from exo-hybrid-bi.ads.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaBI199.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Dec 2025 12:11:57 +0100
Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.29; Tue, 16 Dec 2025 12:11:56 +0100
Received: from FR6P281CU001.outbound.protection.outlook.com (40.93.78.7) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.29 via Frontend Transport; Tue, 16 Dec 2025 12:11:56 +0100
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=BhXkOk4kq9gBj1NHQbBWv4txaCE3J9WDVJ+wqXH970H/haySV1TL6S7/xDBX0bd+MAuLxqY1HX2huvjIcmnXH4AMEfqeKn3uGqTDlhZ0FofYzq+sJcztgCs8PnmQyXBJ9aXDiXqyGUtNaScFNxBvstwhOT6DBdTimG0xreX7YmSbSvJVF8ASqaCCyNaHCqBTX0mP5EV+vnKgW73AKTRMCjAM3RgxIPs/aq2tt4hd32r4saCoXBhOA2FUWfx5y9ld3FSpQcdpM6A5cSPW56d8WXOVKbvOel5P2GcWDCOFL4PmHPd/Y+Jag9GWxz8iDz7PAjYUbMv+KVkiiIli0UPNZQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=H8QThswfa0EkpMXjs1TdnqBpDEhtR6yT3FwV+uqW/ZA=; b=YuIgVJIodMudzwL7tJjuu4qgS0F4TpwcJ5Yo+reOfnB2NqtZMzNEGrzNrgF5TVZ9Uj965WLxk7v3ZRNMSWJG6n87pOVF7yJXDgmRaJ5UIvZBZxDSfNOl5driDCVK6frnj6av6u/Q5Ceqkgkvz9ZWV5f7701Des016u7zwqhDo7MXJi9NDI99JUTWNBrMb1HIcPrcTcqFe6AB5XaVp0F0BBKAI86x04EP6jxhZKkwDdeGdARM1LIgN9qpDwQkseVFnfbFP/VEqe3HYLeU2y6E2fLMEfrrBhrhQ5lzY09lvFMv//SeOdSvVzHAy2HoFkeI7O7PwgWL70u2N9Ey2o2l/Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=H8QThswfa0EkpMXjs1TdnqBpDEhtR6yT3FwV+uqW/ZA=; b=nvgrSTU72PcZMTK6xBldy7o52mSev7+n4nL4tGhI+ssjdmyFscPtqjL7n+fUJgI2TEd11bg4ly63LmQ0SroXQww//B0qx2WDyrTAOsY3kmzGoPdqPqOM3K4EbgvWR4DJqw+L6zCPGnCRLaxdP2gTieIltwE2PvzjyeIz1WPzxfM=
Received: from FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d18::f66) by BEZP281MB2533.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:2a::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9434.6; Tue, 16 Dec 2025 11:11:55 +0000
Received: from FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM ([fe80::8d96:d427:50b0:8ad6]) by FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM ([fe80::8d96:d427:50b0:8ad6%3]) with mapi id 15.20.9412.011; Tue, 16 Dec 2025 11:11:54 +0000
From: "Bellebaum, Thomas" <thomas.bellebaum@aisec.fraunhofer.de>
To: "david=40alkaline-solutions.com@dmarc.ietf.org" <david=40alkaline-solutions.com@dmarc.ietf.org>, "nicholas.sullivan@gmail.com" <nicholas.sullivan@gmail.com>
Thread-Topic: [CFRG] Re: Pairing-Friendly Curves: Open Questions Before Draft Update
Thread-Index: AQHcbhu6N6pg/Su87U2D7u49ZFeZcrUkDkKAgAAPGAA=
Date: Tue, 16 Dec 2025 11:11:54 +0000
Message-ID: <37c06354ae8224a39a8a49c13609b95c09671cfa.camel@aisec.fraunhofer.de>
References: <CAOjisRy=_=+rGpjX-3=1uDNfhBrzKggrw+Ts8QVdebeGAtU3xg@mail.gmail.com> <B70B1FC1-BEF1-4C18-B5EB-B42703A9BE7C@alkaline-solutions.com> <e1a6085dc6762f407af67cdf5d54751e2975b744.camel@aisec.fraunhofer.de>
In-Reply-To: <e1a6085dc6762f407af67cdf5d54751e2975b744.camel@aisec.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: FR1PPF809320EF6:EE_|BEZP281MB2533:EE_
x-ms-office365-filtering-correlation-id: d5b407e6-2664-46f7-9efd-08de3c93ebed
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|38070700021;
x-microsoft-antispam-message-info: orvtxoGOR9HDEU2uqzvHYZnXIzu3aT64hOF1Uq5R2Bes5OePN9DyiUkFhAYqHe2oKKkFGnbAtyjElIBvAHfN7gDBwo82Kop9MNU3G2f2VWWrYXp4zU1TCgtpN4LsiyQwrHLIc+8gGfIpQLDKx9y0OMpYv7AWNZKffVmviCMzF+fv/+cI/ChJ5vhnVjI/qNhZyIZub1LbfcAdeHTDJl8NBTUodLYcfTOnaTZsnKTVR0UosKsaVQAUD6bTwmcFSG6YXar4ktbS7jz0IGSXe9z8m43i87P5f/KACkcVOD+wJjZDNZNmKS+GAfllqY0ETVqi9IFhn9z0YwbEaEPGyVAkYCZomyirE82H05gQM+hkyv3Zl4jWEoRlIwMzB0wVsPXT9gSt/NJDol93N0P8EaJqc9dqY1lTSm+pZgqJUKpXDsEiS3gO6dmDAdc0ThyQ0lWRpcM2syLTF00uuZI1L7Y90jNsriAwoy8R1Nxdbkpiq6RXL/q9u/07fQ9IXA3fnulWpg0vtaxWG0NgYuMef+8BIeASlhCWk5jRzIY+J0vgo0c7vjN17xag42FKpD/9fMnxvcEg2Od2/3GQBl0s5656H988aSvv3jSzG9csmJRn9nOXGZ1f5aHIaTTbIVicjoQEKlHwZY6hs/fYY9IiXQUP+UVgq3gl1AKY+qAHyn2NxtRfu7NYLtBGHEcNQJJDKUJnA3ZIgMga7jJX1qlcAUUp8/Ky2wVWzOMfJFnWHDVjqC4F/qqXNsP+4gruXJZ4JI5lb47kjgdfALHTE9OW8EY5f2cdYHHi+OrpJssi/i2mbxTHWswDMjA76Ev7oE3C/cVuVM8+xZESD14AzMB1VGg7H3GIB+BQOmAePJk1wp2dER9WBTHZl0Jg3lceYQpyvuXHMoGwGBydHHHYAegWn4gvkZxG4/lMaRm5QWCfHIXnaCJew5indg2w41dwZeW8/mMHd1/tqc+79Ixd2RvR9lztHLxGT8dkaFsiihtCBFwSX6w8mSkmzt40du+lXGcrUuKOJrxeio+oGdc7TKgqOyiLe11pbKyAEruL/BaXk5edellTignInPG8uFP5B3+sOPYutL85SBIQuhHY4Fh23I9qVKf4Ribw8DdPlvGW5XwORJz0OBfFfZDaHEIITR1UGZAoO5uKENQu5cSKB1cn8T5Y3qVN0EW2E5EfVHe1WwSDXVr5IgvQS1DpF1f7RvG4RV15ue/ElSJUbygZ4qOGVLVfgcq3JTtzk0Y0NIVpxv5BKt0Q7ldv6vPeqU5Px9FZP9fg6Wmidjr2DYmNdZNPc3NJAHcdMMvwQd+1Z4SuwAmkttx5XUmB4p9bSLiuze1gbw8FNmzFyfSmisBEwcoj+LPJn6JPzubmFfIio27YEJjrY6QUlTWCdhT7cc6uCg+qSYDz359R52HCx6xGlnLHu4PsZQ3wnKaT8SFMDPewXTazTJugfh1fs2TnJLxaVOnIh+q33fo2T25tlBqQAiNNzzrDDolTSpckYPeY3H6/RGIWZyeFGBK3zwbX+zIJPW3KReG4
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(38070700021);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: blDfoEk4KaEIl3L17Y3gfyiBli++Sek2WPRkxAmEj+wUnsxvcqHvm0w124E7spla1yfBxtTHuv2nr4VzNrSd1aBvumVMxHgk1wgoijlabJqmlEJ9Rpb8zzPeu95i9ljmE5Q34Mrq4EDoVW2B22x9BND9QxHDa3xMRvV4vabJhxLsVURh30pjLgL2HR0TsbvoijkvJr0wBVQwBu9mvxUcegO92iUWfMI9V3UZa0ajPl5Nb3k6R39wdIPZi3A8xQZsHHnYjVetIDuZLpvLa+CTxy60WfMrOOGECogATal9j/K+V3c1at5KztCoZo907RLTQo0UMommkU66AWClNPKBwJ7OZt4DzsE1wlc6cm0Du0cwkSMs+S+37GrkfAklWAsCor4itNN88bKonhY8fb7eItRwKsxLN6OJdDoLZbSnUN4kMKurtTqrMUQPnjQhefZzYeUea6HAfF5wgnC486xE3R5CUvHrybJI0mHzDPYZNFuVZ0SvDl1foYFabrhvViOpYD4hCk0Mbpds5zAXyjWnPJewUK9rjk6uFAqOpMZik1LtcUTv+e2YkA96QlOAd02sJP00hxq/hRsuIV6qom1Ir7YQT0y8u2b6O+15TpukpTXcqtMf0cPdBWOarPNqXAdAIUofqzdwZsBMA69wocbWgtlaGGa3nA9CB27Zkq25eDCNkj6t1ueV6OQfBmoH/JDCbGSNGEuyAAyFTNsMFHKoQDgO5SmeCyMxvF5yiI9x7XQ1Vbmq/WgebTNfT/d0WDhu95569m0XHkfS0/cAvUv+wN1XjfhfCdHEG6I9X4ndgdbfKWgK3yBSx0JfyUZ+j2ATSUg/bXxsssWJJKhZYGbOTxjSnd2ErvhcLGwuxutQJhjUAQRRoxi932Bv9qtrLpo2wMtYEw25XNs88ON4vRVpV3F1SMOY32z041zi2wQKMwadP5A7GYCNwAr7urqHJjScMTr/I0lX1NfGBD8ioQt/CE/NDbTEzE323qDPCsEXim64z6ohfmztHEaUllkwNeDFn1Mh4aJB2pyHFrOh+9Y6jCzU9YKAAtB+a0S8FEjcz9vRxk8109FFLbnbOdJjjU+NlI/oyg0xk99F8m2GJZxaMKEvjx5pMkHzwq21/4+SkwrdwtDmGKc1D6vxZR7ZZNRyRWR0jcDW/av6SMISeQkym9pnngGl4Fd3IslyLMwsCc8J3yFrxGoSeOSsXVQ0/VTn9+mh5eElc2x1q7GQyFpbVWm45unXl9rpZJUuAXVwuGIL/DNKPrj2opPfrB1Jz/hIvBf9P+szLVvmG4eX62C3PpXOOJXEz0sarCR90WhxUoyCsAlIofQQqpWW5nuFuOQj0CHatBWp6PvIQjvKwn8hdPlh+pCljmc8AMaH1c8KiOAOjQu/79qZDB0ujP48kJb2vTxV8W74lgPc5/cJsnn4ztEe1GltokngvWW+q+7FiOo3zORZA8wqYV8ZgfV+1dOhu7KelnDdTuQgtuNUt+Se4+ZcrLMbIbmKS2hUntuHu5XFSV5SNvc4oBLTwVTDl5gNE3FfyeEy4uRp3tjKCkn81VW+i7JYWQv7sJF0Pua07ypiUIrIaDb/RWHL7+fRjqktr9po4KDYuOJNOe2SSlebS0uvB4YcnuUQKyAySirLmhM=
Content-Type: text/plain; charset="utf-8"
Content-ID: <1C342C3ADC57F44682BA0685D6E63D4C@DEUP281.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: d5b407e6-2664-46f7-9efd-08de3c93ebed
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Dec 2025 11:11:54.9129 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: k6/GITTKFhf1zNnkPVzr85j7OfuSDm/sbjg3D7/B8cAZY8iRogk6wqtG+7mxogk8BXQkdXXuM0gT2mjrGG8TT27cOSxJ4ytZJVb8mo2xGE/3nR0kioN28YLmgmnNx9fN
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BEZP281MB2533
X-OriginatorOrg: aisec.fraunhofer.de
Message-ID-Hash: RWH6M2CN3N45TSDQ4E5HB66TQFW7OSG4
X-Message-ID-Hash: RWH6M2CN3N45TSDQ4E5HB66TQFW7OSG4
X-MailFrom: thomas.bellebaum@aisec.fraunhofer.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; header-match-cfrg.irtf.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "cfrg@irtf.org" <cfrg@irtf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [CFRG] Re: Pairing-Friendly Curves: Open Questions Before Draft Update
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/sg23wpZS8fbafbXeTNxAnosnkWE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

// Including the blind signatures authors here. May I ask you to please confirm this attack or point out the error?

> For blind signatures:
> 
> - The commitment C is validated to not be Identity_G1 in octets_to_commitment_with_proof, line 6. There is no subgroup check, which may or may not be an oversight. There is an implicit subgroup check provided by the associated proof (which asserts that the prover knows how to generate C through the set of generators), but if we go for this logic then there is no need to perform a subgroup check for all three of Abar, Bbar and D above...

Actually, no. I think there is a bug. The cofactor h for BLS12-381 G1 is less than 2^64 according to
https://www.rfc-editor.org/rfc/rfc9380.html#name-bls12-381-g1

By taking any point of order at most h (except for the identity) as "commitment" and setting s^ = m^_i = 0 for all i, the verifier will basically check that

cp == calculate_blind_challenge(commitment, commitment * (-cp), blind_generators, api_id)

The prover exploits that as follows:
Pick x at random and set Cbar <- commitment * x. and cp = calculate_blind_challenge(commitment, Cbar, blind_generators, api_id).
Now check that Cbar == commitment * -cp, which is true with probability roughly 1/order_of_commitment assuming calculate_blind_challenge is a random function. Repeat if this is not the case.

Now (0,...,0,cv) is a valid proof for "commitment", and the signer would accept a non-subgroup point for signing.

-- TBB

v2.46.0 | Report a Bug | By Email | System Status