Re: [Cfrg] Elliptic Curves - curve form and coordinate systems (ends on March 12th)
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 13 March 2015 12:43 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6826B1A1A8B for <cfrg@ietfa.amsl.com>; Fri, 13 Mar 2015 05:43:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.017
X-Spam-Level:
X-Spam-Status: No, score=-1.017 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jv-zmAvVWAEa for <cfrg@ietfa.amsl.com>; Fri, 13 Mar 2015 05:43:12 -0700 (PDT)
Received: from mail-lb0-x22b.google.com (mail-lb0-x22b.google.com [IPv6:2a00:1450:4010:c04::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53A001A1A3C for <cfrg@irtf.org>; Fri, 13 Mar 2015 05:43:08 -0700 (PDT)
Received: by lbjb6 with SMTP id b6so22375934lbj.9 for <cfrg@irtf.org>; Fri, 13 Mar 2015 05:43:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=pnCEQpFDffoORfiXFGR9sVCfESZswLw+PJ6Z9atYB+w=; b=q/QUcwjRPJFLdOzEYRIzlaj0VXvULjlh7Ir4eSKQwNc92WmvtDN8xNN6RAu8aXqw6D 3FNyOHwiuMpH6nmEP2YEtDFBZoKy00QsTMpM8oyyptjSSGF34882Fnn4g9quSN7XcPAI 823wuZv5AuVPlAXMC16Xkz8xQJ+QjWpvwIZztSnq/sDkpcrHZEpcdGmyOhFdL9HQIJfY sRowWXwRRkoO9Cvx2M0tz1ue4/V/1tSRN+URVU9ne2te93RZhUxxLP4WClVqb95cskq2 rWAQfIamoqT46/Oqf+2X7CNlI09fhJ+i7DAC4DfRqRbCf2GbJRjsRnL0afj53GGFMZb0 vblA==
MIME-Version: 1.0
X-Received: by 10.152.191.135 with SMTP id gy7mr42244057lac.91.1426250586723; Fri, 13 Mar 2015 05:43:06 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.45.203 with HTTP; Fri, 13 Mar 2015 05:43:06 -0700 (PDT)
In-Reply-To: <5502D58F.3030806@rwth-aachen.de>
References: <54F8E735.2010202@isode.com> <5501E6A5.5040608@brainhub.org> <5502D58F.3030806@rwth-aachen.de>
Date: Fri, 13 Mar 2015 08:43:06 -0400
X-Google-Sender-Auth: kSgfrBnPUpx_0oZGeCUgIW9hYG0
Message-ID: <CAMm+Lwiu4X5xxQdVpd_BS1yxfc7oTAm-YcuvS5=v7V3OVN5YRQ@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Jakob Breier <Jakob.Breier@rwth-aachen.de>
Content-Type: multipart/alternative; boundary="001a1134303a951e9c05112ad7aa"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/uQ0KGvcskwKJsOHbOI1BWoLSkys>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Elliptic Curves - curve form and coordinate systems (ends on March 12th)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Mar 2015 12:43:13 -0000
On Fri, Mar 13, 2015 at 8:18 AM, Jakob Breier <Jakob.Breier@rwth-aachen.de> wrote: > On 12.03.2015 20:19, Andrey Jivsov wrote: > >> * This proposal incurs 32 additional bytes of storage overhead for the >> public key, for the total of 64 bytes (compare this with 260+ bytes for RSA >> 2048). >> > > The storage costs and transmission costs might be insignificant for > machines, but I'd like to point out the human storage and transmission > costs. Take a look at SSH keys for example. Compare how well you can > visually parse several lines of keys in an authorized_keys file in these > three formats: > > ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRTSfbRohGanse3u4gnu8wOId85f5K > KyEzo/l > MabVM4J92n6r4NPgN46pQ3bTc8XzLO5zHXY/mPSwQru3Ks+ > 6Mcut7bDo0ohPcLcdIYGTbqXkfz3 > KNDbdXwPMcaPamLmugNnj9UK2cPe8Q7F9DGSLaQc1eiC0JS/ > Qm0gG3ULqX3DEDFQbLBzH326Lov > 9gplu/U7D0bBiM7q7VQs32sz11L4KWY3RzUhuy6bQ7GGrkGvp78l7f+ > 56AvQNeIV8fDOWKNE73s > Q3NybxWxQ771c5c+AZGYzkERlHWjxaxGA6V8ZUiE2VftHZ > MY4k6z4DC9hiadxwmr85qWriC7RrT > OjmN9 Alice-HomePc > > ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNT > YAAAAIbmlzdHAyNTYAAABBBLB > RUKndAEfMluniDolf8eJIdhh1l9C2iXKtnbvbM9vFbBMQ+ > l47i7wusn4G2RMYsFPbwlV4XQt4TT > sEwkrcLss= Alice-HomePc > > ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxtv8s7nwLqhkhryoY+w/ > u9ZrY7dr0ZPZhYuOS > bxTIb Alice-HomePc > +1 The main reasons I am interested in ECC systems as a replacement for RSA are: * The short key size is more compatible with URI/fingerprint. * New ways to deal with the problem of defective key generation[1]. * Better work factor safety margin (WF-128 rather than 112) * Only feasible approach beyond 128 bit WF. Performance is the easiest to measure but not the reason for making a change. [1] Comodo Group has pending IPR claims.
- Re: [Cfrg] Elliptic Curves - curve form and coord… Viktor Dukhovni
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Rene Struik
- Re: [Cfrg] Elliptic Curves - curve form and coord… Rene Struik
- Re: [Cfrg] Elliptic Curves - curve form and coord… D. J. Bernstein
- Re: [Cfrg] Elliptic Curves - curve form and coord… Rene Struik
- Re: [Cfrg] Elliptic Curves - curve form and coord… Ilari Liusvaara
- Re: [Cfrg] Elliptic Curves - curve form and coord… Alyssa Rowan
- Re: [Cfrg] Elliptic Curves - curve form and coord… Alyssa Rowan
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Ilari Liusvaara
- [Cfrg] (flaws with Curve25519 DH function, if one… Rene Struik
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Ilari Liusvaara
- Re: [Cfrg] Elliptic Curves - curve form and coord… Viktor Dukhovni
- Re: [Cfrg] Elliptic Curves - curve form and coord… Watson Ladd
- [Cfrg] (flaws with Curve25519 DH function, if one… Rene Struik
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Watson Ladd
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Nico Williams
- Re: [Cfrg] (flaws with Curve25519 DH function, if… David Leon Gil
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Viktor Dukhovni
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Nico Williams
- Re: [Cfrg] (flaws with Curve25519 DH function, if… CodesInChaos
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Salz, Rich
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Watson Ladd
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Ilari Liusvaara
- Re: [Cfrg] (flaws with Curve25519 DH function, if… CodesInChaos
- Re: [Cfrg] (flaws with Curve25519 DH function, if… Watson Ladd
- Re: [Cfrg] Elliptic Curves - curve form and coord… Alexey Melnikov
- [Cfrg] Elliptic Curves - curve form and coordinat… Alexey Melnikov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Watson Ladd
- Re: [Cfrg] Elliptic Curves - curve form and coord… Dan Brown
- Re: [Cfrg] Elliptic Curves - curve form and coord… Alyssa Rowan
- Re: [Cfrg] Elliptic Curves - curve form and coord… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - curve form and coord… Tony Arcieri
- Re: [Cfrg] Elliptic Curves - curve form and coord… Ilari Liusvaara
- Re: [Cfrg] Elliptic Curves - curve form and coord… Mike Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Nadim Kobeissi
- Re: [Cfrg] Elliptic Curves - curve form and coord… Adam Langley
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Adam Langley
- Re: [Cfrg] Elliptic Curves - curve form and coord… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - curve form and coord… Paul Lambert
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Salz, Rich
- Re: [Cfrg] Elliptic Curves - curve form and coord… Adam Langley
- Re: [Cfrg] Elliptic Curves - curve form and coord… Nico Williams
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Dan Brown
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Paterson, Kenny
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Jakob Breier
- Re: [Cfrg] Elliptic Curves - curve form and coord… Phillip Hallam-Baker
- Re: [Cfrg] Elliptic Curves - curve form and coord… Rene Struik
- Re: [Cfrg] Elliptic Curves - curve form and coord… Watson Ladd
- Re: [Cfrg] Elliptic Curves - curve form and coord… Rene Struik
- Re: [Cfrg] Elliptic Curves - curve form and coord… Nico Williams
- Re: [Cfrg] Elliptic Curves - curve form and coord… Watson Ladd
- Re: [Cfrg] Elliptic Curves - curve form and coord… Rene Struik
- Re: [Cfrg] Elliptic Curves - curve form and coord… Jakob Breier
- Re: [Cfrg] Elliptic Curves - curve form and coord… Ilari Liusvaara
- Re: [Cfrg] Elliptic Curves - curve form and coord… Watson Ladd
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Rene Struik
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - curve form and coord… Salz, Rich
- Re: [Cfrg] Elliptic Curves - curve form and coord… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - curve form and coord… Michael Hamburg