[CFRG] Fwd: Asking the advice on the draft of pairing-friendly curves

Taechan Kim <yoshiki1@snu.ac.kr> Wed, 06 January 2021 11:28 UTC

Return-Path: <yoshiki1@snu.ac.kr>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 8FD013A12F2 for <cfrg@ietfa.amsl.com>; Wed, 6 Jan 2021 03:28:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id qdTwpKXjJVjd for <cfrg@ietfa.amsl.com>; Wed, 6 Jan 2021 03:28:51 -0800 (PST)
Received: from ospam1.snu.ac.kr (ospam1.snu.ac.kr []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 501E13A1311 for <cfrg@irtf.org>; Wed, 6 Jan 2021 03:28:50 -0800 (PST)
Received: from unknown (HELO ispam1.snu.ac.kr) ( by with ESMTP; 6 Jan 2021 20:28:45 +0900
X-Original-SENDERCOUNTRY: KR, Korea, Republic of
X-Original-MAILFROM: yoshiki1@snu.ac.kr
X-Original-RCPTTO: cfrg@irtf.org
Received: from unknown (HELO mail-pj1-f41.google.com) (yoshiki1@ by with ESMTP; 6 Jan 2021 20:28:45 +0900
X-Original-SENDERCOUNTRY: US, United States
X-Original-MAILFROM: yoshiki1@snu.ac.kr
X-Original-RCPTTO: cfrg@irtf.org
Received: by mail-pj1-f41.google.com with SMTP id v1so1401947pjr.2 for <cfrg@irtf.org>; Wed, 06 Jan 2021 03:28:45 -0800 (PST)
X-Gm-Message-State: AOAM5303gnQE6qyr+G/T9jRhdS9Ps9CgiQkdN8QFlFifqpv3iKyCyvKf qK27+4nhh3dEsEbUkUEZLeJoRRsikoQUtY5gb/I=
X-Google-Smtp-Source: ABdhPJwyXTJ+Sr8PnvkLtIhk50c+5nccYeHP1Qo7SbVbOw3faL+HTBMeCfkIuldkpzKRpmMS5CDoYBbo0ZjHH9OsL0g=
X-Received: by 2002:a17:902:8bc3:b029:dc:3876:1650 with SMTP id r3-20020a1709028bc3b02900dc38761650mr3776772plo.13.1609932523783; Wed, 06 Jan 2021 03:28:43 -0800 (PST)
MIME-Version: 1.0
References: <mailman.1768.1609141321.8582.cfrg@irtf.org> <CACT_LOE=Zu1yNaqFXDxfVtfdVNMf16UrK-vs8AiYzBbcrKH3dA@mail.gmail.com>
In-Reply-To: <CACT_LOE=Zu1yNaqFXDxfVtfdVNMf16UrK-vs8AiYzBbcrKH3dA@mail.gmail.com>
From: Taechan Kim <yoshiki1@snu.ac.kr>
Date: Wed, 6 Jan 2021 20:28:17 +0900
X-Gmail-Original-Message-ID: <CACT_LOGGv0pznQbBOQs98k3vd1mmKQ7yA0jeELhM3dGeKzsTPA@mail.gmail.com>
Message-ID: <CACT_LOGGv0pznQbBOQs98k3vd1mmKQ7yA0jeELhM3dGeKzsTPA@mail.gmail.com>
To: cfrg@irtf.org, yumi.sakemi@lepidum.co.jp, rsw@cs.stanford.edu, tetsutaro.kobayashi.dr@hco.ntt.co.jp, tsunekazu.saito.hg@hco.ntt.co.jp
Content-Type: multipart/alternative; boundary="00000000000031483d05b839a019"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/v-uav0DVHjr15fcu14GAWZYXAP4>
Subject: [CFRG] Fwd: Asking the advice on the draft of pairing-friendly curves
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jan 2021 11:28:55 -0000


I also strongly agree with prof. Scott.

As mentioned by prof. Scott, I think pairing-based crypto opened many
possibilities to not only cryptographic research but also real-world
On the other hand, a research of mine with Razvan suggests the
parameterization of pairing should be carefully re-considered when
deploying medium/large characteristic pairings.

This draft by Sakemi et al. takes a serious concern on this aspect and
delicately analyzes the parameters.
I am glad to see if this standard helps the communities when considering to
use the pairings, and I think this draft would be helpful a lot.

Best regards,
Taechan Kim

2020년 12월 28일 (월) 오후 4:42, <cfrg-request@irtf.org>님이 작성:

> ------------------------------
> Message: 4
> Date: Mon, 28 Dec 2020 16:41:46 +0900
> From: Yumi Sakemi <yumi.sakemi@lepidum.co.jp>
> To: Michael Scott <mike.scott@miracl.com>
> Cc: CFRG <cfrg@irtf.org>rg>,  Tetsutaro Kobayashi
>         <tetsutaro.kobayashi.dr@hco.ntt.co.jp>jp>,  "Riad S. Wahby"
>         <rsw@cs.stanford.edu>du>, SAITO Tsunekazu
>         <tsunekazu.saito.hg@hco.ntt.co.jp>
> Subject: Re: [CFRG] Asking the advice on the draft of pairing-friendly
>         curves
> Message-ID:
>         <
> CAA4D8KZekFEikWaFpfwu3ZNYkObs_B4Z4Vw-sjEX-MRcYr8GdA@mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
> Dear Prof. Scott
> Thank you for your encouraging message!!
> We are very grateful for your support of our activities.
> In addition, we glad to know your strong motivation about the pairing
> technologies.
> We will proceed to meet your expectations.
> Best regards,
> Yumi
> 2020?12?23?(?) 23:04 Michael Scott <mike.scott@miracl.com>om>:
> >
> >  I would like to voice my strong support for this effort.
> >
> > Since pairings arrived as a new cryptographic tool in the year 2000,
> they have transformed cryptography and flung open may new doors to new
> avenues of research. If RSA was a cryptographic lump hammer, pairings are a
> Swiss army knife.
> >
> > Alternative technologies have followed behind, some of them post-quantum
> secure, but they have not as yet filled many of the niches currently
> occupied by pairings.
> >
> > A good example of an application area would be Functional encryption,
> which I mention because an email popped into my Inbox just yesterday
> concerning an interesting event associated with the Real World crypto
> conference in January ? see https://cryptohackathon.eu/
> >
> > It needs to be recognised that for reasons not entirely clear to me,
> many regard pairings with suspicion. They have a largely undeserved
> reputation of being slow. Many papers seem to like to boast that their
> scheme works ?without pairings?, as some kind of badge of honour. In fact
> pairing-based schemes are completely practical.
> >
> > More seriously their security has been called into question, due to some
> impressive cryptanalysis. I must admit I was surprised and deeply impressed
> when pairings based on small characteristic super-singular curves were
> spectacularly blown out of the water. I was also impressed, although much
> less surprised, when methods were found to exploit the particular form of
> discrete log problem that arises in the context of large characteristic
> non-supersingular pairing-friendly curves. This has lead to the adoption of
> modest increases in parameter sizes.
> >
> > However I would regard this as a natural progression for any new
> cryptographic primitive. Parameter sizes generally creep up over time as
> cryptanalytic efforts intensify, before eventually stabilising. Remember
> 512-bit RSA keys. Observe the current post-quantum crypto scene.
> >
> > I would suggest that the security of pairings is comparable with that of
> other discrete log based systems, and some 20 years after their arrival on
> the cryptographic scene it is certainly time that their power was
> recognised, and that standard curves should emerge for implementers to work
> with in confidence. The world urgently needs better cryptography.
> >
> > Hopefully CFRG will not be found wanting in offering its support for
> these efforts. Personally I have always found the proposers of this
> standard to be unfailingly polite and responsive to my feedback.
> >
> > If de facto standards that have not undergone proper community scrutiny
> start to emerge (as industry implementers lose patience waiting for
> ?proper? standards), then, well, that would be a pity.
> >
> >
> > Mike Scott
> >
> >
> --
> Yumi Sakemi, Ph. D.
> Lepidum Co. Ltd.
> E-Mail: yumi.sakemi@lepidum.co.jp
> ------------------------------
> Subject: Digest Footer
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
> ------------------------------
> End of CFRG Digest, Vol 188, Issue 31
> *************************************