IETF Logo Mail Archive

Re: [CFRG] Second RGLC on draft-irtf-cfrg-pairing-friendly-curves

Yumi Sakemi <yumi.sakemi@infours.co.jp> Mon, 13 September 2021 18:43 UTC

Return-Path: <yumi.sakemi@lepidum.co.jp>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5F733A1403 for <cfrg@ietfa.amsl.com>; Mon, 13 Sep 2021 11:43:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=infours-co-jp.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ch9zl3ULI09Z for <cfrg@ietfa.amsl.com>; Mon, 13 Sep 2021 11:43:37 -0700 (PDT)
Received: from mail-ot1-x333.google.com (mail-ot1-x333.google.com [IPv6:2607:f8b0:4864:20::333]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 723DE3A13FD for <cfrg@irtf.org>; Mon, 13 Sep 2021 11:43:37 -0700 (PDT)
Received: by mail-ot1-x333.google.com with SMTP id c42-20020a05683034aa00b0051f4b99c40cso14712508otu.0 for <cfrg@irtf.org>; Mon, 13 Sep 2021 11:43:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infours-co-jp.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=XhGbtD4IHESScRojZxlNMJK/o8J+84fokP1ya+2OjEc=; b=Osimao6kywVTWCtPilVOU4ZHnKVi916lnC84ANn/exhBIepeD+XfmreSUqPUfLo8Py uatIw3n2Z9mRBs4xQBonOpbG29XTEPnG5d9zkIlNOidQSA9XctZ8T2V/LysD66zdrGY0 m3RUxomkblnkM+4opkkVfVtXonOSeLTabP3GOm77i4YJwsRs3vv6vDivXh/lT8jUx7b3 bWWSPDRXI9gah5p+SsFOu0NF6pXuILeHBqTUadwhGkbzKag3x0FGjz0t2Et/+j3tSuAe dVbAV0nnuFZW4sz5FmEjR7qA17x56cdGzXGrqlLF/WWFSCCSo2YQzlDyuL+pA1Z3UXPH QABA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=XhGbtD4IHESScRojZxlNMJK/o8J+84fokP1ya+2OjEc=; b=CFHgohKkQaG+fOfGeI7SnIAK5+ODoczbJadrvMK7ez+l4bWkbeOOuVVAwn9YZkA8FT 6kr9a63ItTtw9pU++wCk6l530UqbPSHNnE/IiuK9sl7HDW5GIWYdmrW1r+3C+ENl78G9 xnTE208MfVWJjNii1+JmilWFyI+A/3rI8UelqaqkanicGmxOyutAOQp/tUAXseRDTKYr QIPPTpxfpdTR0M7Lr5LTs9A3rWpwUBRgbYdSuHwcKrhRqzRnx1z1Ca7kY6TBOffHCDpi iI8n0rWTp9GVLbqgNfou06uPW73o7C8LxykceP8YurSWlNsszwCTfqmszLCO4fS0sElb HSdQ==
X-Gm-Message-State: AOAM530yoLshxKFNUdt+7gA+khz8cRieJcIIwVcr3h8fNkmZJFWyEBd+ F7fdcEFzG3YAZ+4WJdRBJ25on2aJD+X0niCIm9eSWw==
X-Google-Smtp-Source: ABdhPJysUebvGiIZj39ZYQaASi2bdOSv0VetrAXq/01/8LwbTYH9dxKfR7nQ+aW6RJruDkZotD6wAGcJ3T5PwlZ1Sp0=
X-Received: by 2002:a9d:71db:: with SMTP id z27mr10936693otj.292.1631558615790; Mon, 13 Sep 2021 11:43:35 -0700 (PDT)
MIME-Version: 1.0
References: <CAMr0u6kV-YsAuAMRh6OVArhZ6DftZSCumqYNOQQ5BWq0cgxW3Q@mail.gmail.com> <CACsn0ckkXdVk2maphAoOGm9K6pYkBUOQ+H8sNtpQ5X5Y1k4Yxw@mail.gmail.com>
In-Reply-To: <CACsn0ckkXdVk2maphAoOGm9K6pYkBUOQ+H8sNtpQ5X5Y1k4Yxw@mail.gmail.com>
From: Yumi Sakemi <yumi.sakemi@infours.co.jp>
Date: Tue, 14 Sep 2021 03:43:25 +0900
Message-ID: <CAA4D8KZ4=_1qv64MadxeBK85X-oqdwgraGVg2oe0byF2nHeYJQ@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>, Rene Struik <rstruik.ext@gmail.com>
Cc: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>, CFRG <cfrg@irtf.org>, cfrg-chairs@ietf.org, SAITO Tsunekazu <tsunekazu.saito.hg@hco.ntt.co.jp>, Tetsutaro Kobayashi <tetsutaro.kobayashi.dr@hco.ntt.co.jp>, "Riad S. Wahby" <rsw@cs.stanford.edu>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/wtPdQL4d07V9f24rotokH2MuOi0>
Subject: Re: [CFRG] Second RGLC on draft-irtf-cfrg-pairing-friendly-curves
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Sep 2021 18:43:43 -0000

Dear Rene and Watson

I'm so sorry for my late reply.
Thank you for your comments.
I checked and discussed with my co-authors about comments from Rene and Watson.
As a result, we came up with the idea that the position of our I-D
might be different from what Rene and Watson commented on our I-D.
Below are the stances we understand when making comments from Rene and
Watson and the positions/stances of our I-D.

- Rene's stance
It is the point of view that the I-D should be for educational
purposes regarding pairing.
For example, the quality of the I-D is inadequate for a textbook and
inappropriate for an IRTF draft.

- Watson's stance
 Standardization of pairing implementation.
 For example, there is a lack of detailed explanation of the
implementation method in the I-D.

To be clarified by Prof. Colin and Stanislav in the 2nd RGLC, the
stance of our activities is to make an informational RFC
about “secure parameters of pairing-friendly curves” promoting Secure
Pairing Cryptography on the Internet.

Kim's attack in 2016 led to a review of the security of pairing-friendly curves
no matter how there are still many implementations that contain
insecure parameters.
To solve this problem, we focus on providing an informative document
that implementers of
pairing-based cryptographies can refer to when selecting secure parameters.
Therefore, it is out of our scope in our I-D that a specific document
aimed at standardization and education of pairing algorithms.

We would appreciate it if you could reconfirm the stance and purpose of our I-D.

Best regards,
Yumi


<<FOR YOUR INFORMATION>>
In the following, I would like to explain the background and purpose
of our activities again for your reference.
As shown in our I-D, there are many kinds of types and parameters for
pairing-friendly curves, and it is difficult for implementers of
pairing-based cryptographies to select which parameter is secure.
For example, the parameters of pairing-friendly curves given in
standard specifications such as ISO and TCG have not been updated
since before Kim's attack in 2016, so implementers may refer to
insecure and inappropriate parameters when referring to these standard
specifications.
To address this issue, we propose to publish RFC for secure parameters
of pairing-friendly curves so that pairing implementors can safely
select secure parameters.

The proposed parameters in our I-D were selected based on the
selection policy of "security" and "widely used" after organizing the
security of parameters of pairing-friendly curves shown in standard
specifications, libraries, and applications.

On the other hand, again, we do not aim to standardize the method of
pairing implementation.
A pairing implementation consists of many arithmetic operations,
including operations on finite fields, twist techniques, operations on
elliptic curves, pairing operations, and applications of pairing.
Since many approaches to accelerate each type of operation have been
proposed, we don't want to limit the implementation methods in our
I-D.
Nevertheless, the existence of methods to improve the efficiency of
pairing computation is useful as references, so we have made
references to textbooks, papers, and other publications to present
carefully selected information.
Another way to look at it is that acceleration methods may have
patents against them, so we avoid such risks.

2021年9月10日(金) 7:43 Watson Ladd <watsonbladd@gmail.com>:
>
> On Fri, Aug 13, 2021 at 11:40 AM Stanislav V. Smyshlyaev
> <smyshsv@gmail.com> wrote:
> >
> > Dear CFRG participants,
> >
> > This message starts a second RGLC on "Pairing-Friendly Curves" (draft-irtf-cfrg-pairing-friendly-curves-10), that will end on September, 8th.
> >
> > See https://datatracker.ietf.org/doc/draft-irtf-cfrg-pairing-friendly-curves/ for the latest version of the draft.
> >
> > We are having the second RGLC since Yumi Sakemi has provided (see https://mailarchive.ietf.org/arch/msg/cfrg/-1nTbbVRlkP5wV2odEYFac-jK08/) updated replies for the questions raised after the first RGLC.
> >
> > Please send your comments, as well as expression of support to publish as an RFC (or possible reasons for not doing so) in reply to this message or directly to CFRG chairs.
>
> The timing of this WGLC was a bit unfortunate for me, and I apologize
> for my late submission.
>
> I think this draft has many issues. It doesn't limit the number of
> choices, it doesn't provide enough information to implementers, it's
> filled with extraneous information about history and applications and
> much useful information is in the appendices. I don't think this
> draft's publication will help authors who would like to point to a
> reference for BLS12 and how to implement it.
>
> Sincerely,
> Watson Ladd
>
> --
> Astra mortemque praestare gradatim
>
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg



-- 
Yumi Sakemi, Ph. D.
 Infours Inc.

E-Mail: yumi.sakemi@infours.co.jp

v2.23.0 | Report a Bug | By Email