From nobody Wed Jan 6 03:28:55 2021 Return-Path: X-Original-To: cfrg@ietfa.amsl.com Delivered-To: cfrg@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FD013A12F2 for ; Wed, 6 Jan 2021 03:28:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qdTwpKXjJVjd for ; Wed, 6 Jan 2021 03:28:51 -0800 (PST) Received: from ospam1.snu.ac.kr (ospam1.snu.ac.kr [147.46.10.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 501E13A1311 for ; Wed, 6 Jan 2021 03:28:50 -0800 (PST) Received: from unknown (HELO ispam1.snu.ac.kr) (147.46.10.203) by 147.46.10.211 with ESMTP; 6 Jan 2021 20:28:45 +0900 X-Original-SENDERIP: 147.46.10.203 X-Original-SENDERCOUNTRY: KR, Korea, Republic of X-Original-MAILFROM: yoshiki1@snu.ac.kr X-Original-RCPTTO: cfrg@irtf.org Received: from unknown (HELO mail-pj1-f41.google.com) (yoshiki1@209.85.216.41) by 147.46.10.203 with ESMTP; 6 Jan 2021 20:28:45 +0900 X-Original-SENDERIP: 209.85.216.41 X-Original-SENDERCOUNTRY: US, United States X-Original-MAILFROM: yoshiki1@snu.ac.kr X-Original-RCPTTO: cfrg@irtf.org Received: by mail-pj1-f41.google.com with SMTP id v1so1401947pjr.2 for ; Wed, 06 Jan 2021 03:28:45 -0800 (PST) X-Gm-Message-State: AOAM5303gnQE6qyr+G/T9jRhdS9Ps9CgiQkdN8QFlFifqpv3iKyCyvKf qK27+4nhh3dEsEbUkUEZLeJoRRsikoQUtY5gb/I= X-Google-Smtp-Source: ABdhPJwyXTJ+Sr8PnvkLtIhk50c+5nccYeHP1Qo7SbVbOw3faL+HTBMeCfkIuldkpzKRpmMS5CDoYBbo0ZjHH9OsL0g= X-Received: by 2002:a17:902:8bc3:b029:dc:3876:1650 with SMTP id r3-20020a1709028bc3b02900dc38761650mr3776772plo.13.1609932523783; Wed, 06 Jan 2021 03:28:43 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Taechan Kim Date: Wed, 6 Jan 2021 20:28:17 +0900 X-Gmail-Original-Message-ID: Message-ID: To: cfrg@irtf.org, yumi.sakemi@lepidum.co.jp, rsw@cs.stanford.edu, tetsutaro.kobayashi.dr@hco.ntt.co.jp, tsunekazu.saito.hg@hco.ntt.co.jp Content-Type: multipart/alternative; boundary="00000000000031483d05b839a019" Archived-At: Subject: [CFRG] Fwd: Asking the advice on the draft of pairing-friendly curves X-BeenThere: cfrg@irtf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Crypto Forum Research Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jan 2021 11:28:55 -0000 --00000000000031483d05b839a019 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, I also strongly agree with prof. Scott. As mentioned by prof. Scott, I think pairing-based crypto opened many possibilities to not only cryptographic research but also real-world applications. On the other hand, a research of mine with Razvan suggests the parameterization of pairing should be carefully re-considered when deploying medium/large characteristic pairings. This draft by Sakemi et al. takes a serious concern on this aspect and delicately analyzes the parameters. I am glad to see if this standard helps the communities when considering to use the pairings, and I think this draft would be helpful a lot. Best regards, Taechan Kim 2020=EB=85=84 12=EC=9B=94 28=EC=9D=BC (=EC=9B=94) =EC=98=A4=ED=9B=84 4:42, = =EB=8B=98=EC=9D=B4 =EC=9E=91=EC=84=B1: > > ------------------------------ > > Message: 4 > Date: Mon, 28 Dec 2020 16:41:46 +0900 > From: Yumi Sakemi > To: Michael Scott > Cc: CFRG , Tetsutaro Kobayashi > , "Riad S. Wahby" > , SAITO Tsunekazu > > Subject: Re: [CFRG] Asking the advice on the draft of pairing-friendly > curves > Message-ID: > < > CAA4D8KZekFEikWaFpfwu3ZNYkObs_B4Z4Vw-sjEX-MRcYr8GdA@mail.gmail.com> > Content-Type: text/plain; charset=3D"UTF-8" > > Dear Prof. Scott > > Thank you for your encouraging message!! > We are very grateful for your support of our activities. > > In addition, we glad to know your strong motivation about the pairing > technologies. > We will proceed to meet your expectations. > > Best regards, > Yumi > > 2020?12?23?(?) 23:04 Michael Scott : > > > > I would like to voice my strong support for this effort. > > > > Since pairings arrived as a new cryptographic tool in the year 2000, > they have transformed cryptography and flung open may new doors to new > avenues of research. If RSA was a cryptographic lump hammer, pairings are= a > Swiss army knife. > > > > Alternative technologies have followed behind, some of them post-quantu= m > secure, but they have not as yet filled many of the niches currently > occupied by pairings. > > > > A good example of an application area would be Functional encryption, > which I mention because an email popped into my Inbox just yesterday > concerning an interesting event associated with the Real World crypto > conference in January ? see https://cryptohackathon.eu/ > > > > It needs to be recognised that for reasons not entirely clear to me, > many regard pairings with suspicion. They have a largely undeserved > reputation of being slow. Many papers seem to like to boast that their > scheme works ?without pairings?, as some kind of badge of honour. In fact > pairing-based schemes are completely practical. > > > > More seriously their security has been called into question, due to som= e > impressive cryptanalysis. I must admit I was surprised and deeply impress= ed > when pairings based on small characteristic super-singular curves were > spectacularly blown out of the water. I was also impressed, although much > less surprised, when methods were found to exploit the particular form of > discrete log problem that arises in the context of large characteristic > non-supersingular pairing-friendly curves. This has lead to the adoption = of > modest increases in parameter sizes. > > > > However I would regard this as a natural progression for any new > cryptographic primitive. Parameter sizes generally creep up over time as > cryptanalytic efforts intensify, before eventually stabilising. Remember > 512-bit RSA keys. Observe the current post-quantum crypto scene. > > > > I would suggest that the security of pairings is comparable with that o= f > other discrete log based systems, and some 20 years after their arrival o= n > the cryptographic scene it is certainly time that their power was > recognised, and that standard curves should emerge for implementers to wo= rk > with in confidence. The world urgently needs better cryptography. > > > > Hopefully CFRG will not be found wanting in offering its support for > these efforts. Personally I have always found the proposers of this > standard to be unfailingly polite and responsive to my feedback. > > > > If de facto standards that have not undergone proper community scrutiny > start to emerge (as industry implementers lose patience waiting for > ?proper? standards), then, well, that would be a pity. > > > > > > Mike Scott > > > > > > > -- > Yumi Sakemi, Ph. D. > Lepidum Co. Ltd. > > E-Mail: yumi.sakemi@lepidum.co.jp > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > CFRG mailing list > CFRG@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg > > > ------------------------------ > > End of CFRG Digest, Vol 188, Issue 31 > ************************************* > --00000000000031483d05b839a019 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,
=

I also strongly agree with prof= . Scott.

As mentioned by prof. Scott, I think pairing-based crypto = opened many possibilities to not only cryptographic research but also real-= world applications.
On the other hand, a research of mine with Razvan su= ggests the parameterization of pairing should be carefully re-considered wh= en deploying medium/large characteristic pairings.

This draft by Sak= emi et al. takes a serious concern on this aspect and delicately analyzes t= he parameters.
I am glad to see if this standard helps the communities w= hen considering to use the pairings, and I think this draft would be helpfu= l a lot.

Best regards,
T= aechan Kim

2020=EB=85=84 12=EC=9B=94 28=EC=9D=BC (=EC=9B=94) =EC=98=A4=ED=9B= =84 4:42, <cf= rg-request@irtf.org>=EB=8B=98=EC=9D=B4 =EC=9E=91=EC=84=B1:
=

------------------------------

Message: 4
Date: Mon, 28 Dec 2020 16:41:46 +0900
From: Yumi Sakemi <yumi.sakemi@lepidum.co.jp>
To: Michael Scott <mike.scott@miracl.com>
Cc: CFRG <cfrg@irtf.o= rg>,=C2=A0 Tetsutaro Kobayashi
=C2=A0 =C2=A0 =C2=A0 =C2=A0 <tetsutaro.kobayashi.dr@hco.ntt.co.jp>= ,=C2=A0 "Riad S. Wahby"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 <rsw@cs.stanford.edu>, SAITO Tsunekazu
=C2=A0 =C2=A0 =C2=A0 =C2=A0 <tsunekazu.saito.hg@hco.ntt.co.jp>
Subject: Re: [CFRG] Asking the advice on the draft of pairing-friendly
=C2=A0 =C2=A0 =C2=A0 =C2=A0 curves
Message-ID:
=C2=A0 =C2=A0 =C2=A0 =C2=A0 <CAA4D8KZekFEik= WaFpfwu3ZNYkObs_B4Z4Vw-sjEX-MRcYr8GdA@mail.gmail.com>
Content-Type: text/plain; charset=3D"UTF-8"

Dear Prof. Scott

Thank you for your encouraging message!!
We are very grateful for your support of our activities.

In addition, we glad to know your strong motivation about the pairing
technologies.
We will proceed to meet your expectations.

Best regards,
Yumi

2020?12?23?(?) 23:04 Michael Scott <mike.scott@miracl.com>:
>
>=C2=A0 I would like to voice my strong support for this effort.
>
> Since pairings arrived as a new cryptographic tool in the year 2000, t= hey have transformed cryptography and flung open may new doors to new avenu= es of research. If RSA was a cryptographic lump hammer, pairings are a Swis= s army knife.
>
> Alternative technologies have followed behind, some of them post-quant= um secure, but they have not as yet filled many of the niches currently occ= upied by pairings.
>
> A good example of an application area would be Functional encryption, = which I mention because an email popped into my Inbox just yesterday concer= ning an interesting event associated with the Real World crypto conference = in January ? see https://cryptohackathon.eu/
>
> It needs to be recognised that for reasons not entirely clear to me, m= any regard pairings with suspicion. They have a largely undeserved reputati= on of being slow. Many papers seem to like to boast that their scheme works= ?without pairings?, as some kind of badge of honour. In fact pairing-based= schemes are completely practical.
>
> More seriously their security has been called into question, due to so= me impressive cryptanalysis. I must admit I was surprised and deeply impres= sed when pairings based on small characteristic super-singular curves were = spectacularly blown out of the water. I was also impressed, although much l= ess surprised, when methods were found to exploit the particular form of di= screte log problem that arises in the context of large characteristic non-s= upersingular pairing-friendly curves. This has lead to the adoption of mode= st increases in parameter sizes.
>
> However I would regard this as a natural progression for any new crypt= ographic primitive. Parameter sizes generally creep up over time as cryptan= alytic efforts intensify, before eventually stabilising. Remember 512-bit R= SA keys. Observe the current post-quantum crypto scene.
>
> I would suggest that the security of pairings is comparable with that = of other discrete log based systems, and some 20 years after their arrival = on the cryptographic scene it is certainly time that their power was recogn= ised, and that standard curves should emerge for implementers to work with = in confidence. The world urgently needs better cryptography.
>
> Hopefully CFRG will not be found wanting in offering its support for t= hese efforts. Personally I have always found the proposers of this standard= to be unfailingly polite and responsive to my feedback.
>
> If de facto standards that have not undergone proper community scrutin= y start to emerge (as industry implementers lose patience waiting for ?prop= er? standards), then, well, that would be a pity.
>
>
> Mike Scott
>
>


--
Yumi Sakemi, Ph. D.
Lepidum Co. Ltd.

E-Mail: yumi= .sakemi@lepidum.co.jp



------------------------------

Subject: Digest Footer

_______________________________________________
CFRG mailing list
CFRG@irtf.org
https://www.irtf.org/mailman/listinfo/cfrg


------------------------------

End of CFRG Digest, Vol 188, Issue 31
*************************************
--00000000000031483d05b839a019--