[CFRG] Fwd: Asking the advice on the draft of pairing-friendly curves
Taechan Kim <yoshiki1@snu.ac.kr> Wed, 06 January 2021 11:28 UTC
Return-Path: <yoshiki1@snu.ac.kr>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FD013A12F2 for <cfrg@ietfa.amsl.com>; Wed, 6 Jan 2021 03:28:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qdTwpKXjJVjd for <cfrg@ietfa.amsl.com>; Wed, 6 Jan 2021 03:28:51 -0800 (PST)
Received: from ospam1.snu.ac.kr (ospam1.snu.ac.kr [147.46.10.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 501E13A1311 for <cfrg@irtf.org>; Wed, 6 Jan 2021 03:28:50 -0800 (PST)
Received: from unknown (HELO ispam1.snu.ac.kr) (147.46.10.203) by 147.46.10.211 with ESMTP; 6 Jan 2021 20:28:45 +0900
X-Original-SENDERIP: 147.46.10.203
X-Original-SENDERCOUNTRY: KR, Korea, Republic of
X-Original-MAILFROM: yoshiki1@snu.ac.kr
X-Original-RCPTTO: cfrg@irtf.org
Received: from unknown (HELO mail-pj1-f41.google.com) (yoshiki1@209.85.216.41) by 147.46.10.203 with ESMTP; 6 Jan 2021 20:28:45 +0900
X-Original-SENDERIP: 209.85.216.41
X-Original-SENDERCOUNTRY: US, United States
X-Original-MAILFROM: yoshiki1@snu.ac.kr
X-Original-RCPTTO: cfrg@irtf.org
Received: by mail-pj1-f41.google.com with SMTP id v1so1401947pjr.2 for <cfrg@irtf.org>; Wed, 06 Jan 2021 03:28:45 -0800 (PST)
X-Gm-Message-State: AOAM5303gnQE6qyr+G/T9jRhdS9Ps9CgiQkdN8QFlFifqpv3iKyCyvKf qK27+4nhh3dEsEbUkUEZLeJoRRsikoQUtY5gb/I=
X-Google-Smtp-Source: ABdhPJwyXTJ+Sr8PnvkLtIhk50c+5nccYeHP1Qo7SbVbOw3faL+HTBMeCfkIuldkpzKRpmMS5CDoYBbo0ZjHH9OsL0g=
X-Received: by 2002:a17:902:8bc3:b029:dc:3876:1650 with SMTP id r3-20020a1709028bc3b02900dc38761650mr3776772plo.13.1609932523783; Wed, 06 Jan 2021 03:28:43 -0800 (PST)
MIME-Version: 1.0
References: <mailman.1768.1609141321.8582.cfrg@irtf.org> <CACT_LOE=Zu1yNaqFXDxfVtfdVNMf16UrK-vs8AiYzBbcrKH3dA@mail.gmail.com>
In-Reply-To: <CACT_LOE=Zu1yNaqFXDxfVtfdVNMf16UrK-vs8AiYzBbcrKH3dA@mail.gmail.com>
From: Taechan Kim <yoshiki1@snu.ac.kr>
Date: Wed, 06 Jan 2021 20:28:17 +0900
X-Gmail-Original-Message-ID: <CACT_LOGGv0pznQbBOQs98k3vd1mmKQ7yA0jeELhM3dGeKzsTPA@mail.gmail.com>
Message-ID: <CACT_LOGGv0pznQbBOQs98k3vd1mmKQ7yA0jeELhM3dGeKzsTPA@mail.gmail.com>
To: cfrg@irtf.org, yumi.sakemi@lepidum.co.jp, rsw@cs.stanford.edu, tetsutaro.kobayashi.dr@hco.ntt.co.jp, tsunekazu.saito.hg@hco.ntt.co.jp
Content-Type: multipart/alternative; boundary="00000000000031483d05b839a019"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/v-uav0DVHjr15fcu14GAWZYXAP4>
Subject: [CFRG] Fwd: Asking the advice on the draft of pairing-friendly curves
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jan 2021 11:28:55 -0000
Hi, I also strongly agree with prof. Scott. As mentioned by prof. Scott, I think pairing-based crypto opened many possibilities to not only cryptographic research but also real-world applications. On the other hand, a research of mine with Razvan suggests the parameterization of pairing should be carefully re-considered when deploying medium/large characteristic pairings. This draft by Sakemi et al. takes a serious concern on this aspect and delicately analyzes the parameters. I am glad to see if this standard helps the communities when considering to use the pairings, and I think this draft would be helpful a lot. Best regards, Taechan Kim 2020년 12월 28일 (월) 오후 4:42, <cfrg-request@irtf.org>님이 작성: > > ------------------------------ > > Message: 4 > Date: Mon, 28 Dec 2020 16:41:46 +0900 > From: Yumi Sakemi <yumi.sakemi@lepidum.co.jp> > To: Michael Scott <mike.scott@miracl.com> > Cc: CFRG <cfrg@irtf.org>, Tetsutaro Kobayashi > <tetsutaro.kobayashi.dr@hco.ntt.co.jp>, "Riad S. Wahby" > <rsw@cs.stanford.edu>, SAITO Tsunekazu > <tsunekazu.saito.hg@hco.ntt.co.jp> > Subject: Re: [CFRG] Asking the advice on the draft of pairing-friendly > curves > Message-ID: > < > CAA4D8KZekFEikWaFpfwu3ZNYkObs_B4Z4Vw-sjEX-MRcYr8GdA@mail.gmail.com> > Content-Type: text/plain; charset="UTF-8" > > Dear Prof. Scott > > Thank you for your encouraging message!! > We are very grateful for your support of our activities. > > In addition, we glad to know your strong motivation about the pairing > technologies. > We will proceed to meet your expectations. > > Best regards, > Yumi > > 2020?12?23?(?) 23:04 Michael Scott <mike.scott@miracl.com>: > > > > I would like to voice my strong support for this effort. > > > > Since pairings arrived as a new cryptographic tool in the year 2000, > they have transformed cryptography and flung open may new doors to new > avenues of research. If RSA was a cryptographic lump hammer, pairings are a > Swiss army knife. > > > > Alternative technologies have followed behind, some of them post-quantum > secure, but they have not as yet filled many of the niches currently > occupied by pairings. > > > > A good example of an application area would be Functional encryption, > which I mention because an email popped into my Inbox just yesterday > concerning an interesting event associated with the Real World crypto > conference in January ? see https://cryptohackathon.eu/ > > > > It needs to be recognised that for reasons not entirely clear to me, > many regard pairings with suspicion. They have a largely undeserved > reputation of being slow. Many papers seem to like to boast that their > scheme works ?without pairings?, as some kind of badge of honour. In fact > pairing-based schemes are completely practical. > > > > More seriously their security has been called into question, due to some > impressive cryptanalysis. I must admit I was surprised and deeply impressed > when pairings based on small characteristic super-singular curves were > spectacularly blown out of the water. I was also impressed, although much > less surprised, when methods were found to exploit the particular form of > discrete log problem that arises in the context of large characteristic > non-supersingular pairing-friendly curves. This has lead to the adoption of > modest increases in parameter sizes. > > > > However I would regard this as a natural progression for any new > cryptographic primitive. Parameter sizes generally creep up over time as > cryptanalytic efforts intensify, before eventually stabilising. Remember > 512-bit RSA keys. Observe the current post-quantum crypto scene. > > > > I would suggest that the security of pairings is comparable with that of > other discrete log based systems, and some 20 years after their arrival on > the cryptographic scene it is certainly time that their power was > recognised, and that standard curves should emerge for implementers to work > with in confidence. The world urgently needs better cryptography. > > > > Hopefully CFRG will not be found wanting in offering its support for > these efforts. Personally I have always found the proposers of this > standard to be unfailingly polite and responsive to my feedback. > > > > If de facto standards that have not undergone proper community scrutiny > start to emerge (as industry implementers lose patience waiting for > ?proper? standards), then, well, that would be a pity. > > > > > > Mike Scott > > > > > > > -- > Yumi Sakemi, Ph. D. > Lepidum Co. Ltd. > > E-Mail: yumi.sakemi@lepidum.co.jp > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > CFRG mailing list > CFRG@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg > > > ------------------------------ > > End of CFRG Digest, Vol 188, Issue 31 > ************************************* >
- [CFRG] Asking the advice on the draft of pairing-… Yumi Sakemi
- Re: [CFRG] Asking the advice on the draft of pair… Michael Scott
- Re: [CFRG] Asking the advice on the draft of pair… Yumi Sakemi
- [CFRG] Fwd: Asking the advice on the draft of pai… Taechan Kim