Re: [CFRG] [irsg] [Technical Errata Reported] RFC7748 (7879)
Colin Perkins <csp@csperkins.org> Mon, 08 April 2024 09:43 UTC
Return-Path: <csp@csperkins.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2156C14F695; Mon, 8 Apr 2024 02:43:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=csperkins.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KFb0yj0dUJpC; Mon, 8 Apr 2024 02:43:03 -0700 (PDT)
Received: from mx1.mythic-beasts.com (mx1.mythic-beasts.com [IPv6:2a00:1098:0:86:1000:0:2:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB68FC14F721; Mon, 8 Apr 2024 02:43:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=csperkins.org; s=mythic-beasts-k1; h=Date:Subject:To:From; bh=F+hqeBtWW5QHWW/KDoPZf5eKeqXsBtO6mm+OBXaPeDs=; b=x+mRig0m60Gaab5evRnywDwBln qEQMgQ3PH5htE4GjnVGVMuMlyYn7Cne7nh7PmEYku6nd66L3MNsDHK9Eg2wPIt1eO9zEWZL6CNS0C 1x+grahmPBh5GPhJP2gkS628CAux667Ig7Png7imVJywBn+Fi8GG9RtwClHFlwIxftmzo+33Sn1u/ AfC5BNJNG5Wd4hrR6CvCjUTqcUTriqOa5vlFOYMpoRWPfWi/j7X2ea4dehBTaZK8iuO1WG0jsX6Wt 9qvcebpWzzwdVz0cJ81UpjLbKpQaaU73Gl7x1Go3CE6uR3FdkD6Vumt7fSiXdv/HP7oXo2r3OGiCV PvoXmn8g==;
Received: by mailhub-cam-d.mythic-beasts.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <csp@csperkins.org>) id 1rtlWh-00BTa9-0R; Mon, 08 Apr 2024 10:42:55 +0100
From: Colin Perkins <csp@csperkins.org>
To: Rebecca VanRheenen <rvanrheenen@amsl.com>
Cc: Mike Hamburg <mike@shiftleft.org>, RFC Editor <rfc-editor@rfc-editor.org>, agl@google.com, sean@sn3rd.com, irsg@irtf.org, cfrg@irtf.org, nawrashussein2@gmail.com
Date: Mon, 08 Apr 2024 10:42:40 +0100
X-Mailer: MailMate (1.14r6025)
Message-ID: <5D3B86CB-DC3F-4332-AEFD-DFF1D0DFB6CD@csperkins.org>
In-Reply-To: <F9D4C23B-F297-4F3F-BA3D-FBA33CC2B754@amsl.com>
References: <20240402202257.9242D18FFDB3@rfcpa.amsl.com> <62303774-46EF-4BBB-A4C4-9E6B59B2C48F@shiftleft.org> <5F6CC754-6168-4D98-A4B9-A97785AA781A@csperkins.org> <F9D4C23B-F297-4F3F-BA3D-FBA33CC2B754@amsl.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_MailMate_B03FB2BE-21A2-4AC3-BD44-8F3AF7192242_="
X-BlackCat-Spam-Score: 0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/vfRln3ZqEfVJEuBoN7tuqgEi9HU>
Subject: Re: [CFRG] [irsg] [Technical Errata Reported] RFC7748 (7879)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2024 09:43:09 -0000
Hi RFC Editor, all, Thanks – I hadn't noticed the duplicate, but I'm pleased we settled on the same resolution. I would suggest that rather than delete the errata, it be marked as Rejected with a note that it's a duplicate of errata report 5651 (the discussion in the mailing list archive will then be meaningful; we should keep the history). Thanks, Colin On 5 Apr 2024, at 20:36, Rebecca VanRheenen wrote: > Hi Colin and others, > > We note that this erratum reports the same issue as was reported in > errata report 5651 (https://www.rfc-editor.org/errata/eid5651). > > If no objections, we will delete this report. If needed, we can also > add additional notes to errata report 5651. Just let us know. > > Thank you, > RFC Editor/rv > > > >> On Apr 3, 2024, at 3:19 PM, Colin Perkins <csp@csperkins.org> wrote: >> >> Hi, >> >> To confirm: the outcome here should be to reject the errata, with a >> note that both the current text in the RFC and the errata are >> correct, so no update is needed? >> >> Colin >> >> >> On 2 Apr 2024, at 22:42, Mike Hamburg wrote: >> >> Hello Nawras, >> >> Thanks for reporting this. The calculation can be done with either AA >> setting “a24” = (A-2)/4, or with BB setting “a24” = (A+2)/4. >> Both calculations appear in the literature. We happened to follow >> the Curve25519 paper instead of the original Montgomery paper when >> making the RFC. >> >> See eg >> https://crypto.stackexchange.com/questions/67942/difference-on-montgomery-curve-equation-between-efd-and-rfc7748 >> >> Regards, >> — Mike >> >>> On Apr 2, 2024, at 16:22, RFC Errata System >>> <rfc-editor@rfc-editor.org> wrote: >>> >>> The following errata report has been submitted for RFC7748, >>> "Elliptic Curves for Security". >>> >>> -------------------------------------- >>> You may review the report below and at: >>> https://www.rfc-editor.org/errata/eid7879 >>> >>> -------------------------------------- >>> Type: Technical >>> Reported by: Nawras Hussein Sabbry <nawrashussein2@gmail.com> >>> >>> Section: 5 >>> >>> Original Text >>> ------------- >>> z_2 = E * (AA + a24 * E) >>> >>> Corrected Text >>> -------------- >>> z_2 = E * (BB + a24 * E) >>> >>> Notes >>> ----- >>> In the for loop on page 8, the variable AA should be replaced with >>> BB in Z_2. This modification is necessary because the mathematical >>> formula for point doubling on the Montgomery curve according to >>> (https://en.wikipedia.org/wiki/Montgomery_curve#Montgomery_arithmetic) >>> indicates that Z2n (equivalent to Z_2 in this case) is calculated as >>> follows: Z2n = 4XnZn((Xn-Zn)^2 + ((A+2)/4)(4XnZn)). It is observed >>> in this equation that the operation in the (Xn-Zn)^2 part involves >>> subtraction similar to the variable B, while the operation in the >>> variable A involves addition. Considering this discrepancy, it is >>> suggested to substitute AA with BB for correctness. >>> >>> Instructions: >>> ------------- >>> This erratum is currently posted as "Reported". (If it is spam, it >>> will be removed shortly by the RFC Production Center.) Please >>> use "Reply All" to discuss whether it should be verified or >>> rejected. When a decision is reached, the verifying party >>> will log in to change the status and edit the report, if necessary. >>> >>> -------------------------------------- >>> RFC7748 (draft-irtf-cfrg-curves-11) >>> -------------------------------------- >>> Title : Elliptic Curves for Security >>> Publication Date : January 2016 >>> Author(s) : A. Langley, M. Hamburg, S. Turner >>> Category : INFORMATIONAL >>> Source : Crypto Forum Research Group >>> Stream : IRTF >>> Verifying Party : IRSG
- [CFRG] [Technical Errata Reported] RFC7748 (7879) RFC Errata System
- Re: [CFRG] [Technical Errata Reported] RFC7748 (7… Mike Hamburg
- Re: [CFRG] [irsg] [Technical Errata Reported] RFC… Colin Perkins
- Re: [CFRG] [irsg] [Technical Errata Reported] RFC… Adam Langley
- Re: [CFRG] [irsg] [Technical Errata Reported] RFC… Rebecca VanRheenen
- Re: [CFRG] [irsg] [Technical Errata Reported] RFC… Colin Perkins