Re: [CFRG] Second RGLC on draft-irtf-cfrg-pairing-friendly-curves
Yumi Sakemi <yumi.sakemi@infours.co.jp> Mon, 13 September 2021 18:43 UTC
Return-Path: <yumi.sakemi@lepidum.co.jp>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5F733A1403 for <cfrg@ietfa.amsl.com>; Mon, 13 Sep 2021 11:43:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=infours-co-jp.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ch9zl3ULI09Z for <cfrg@ietfa.amsl.com>; Mon, 13 Sep 2021 11:43:37 -0700 (PDT)
Received: from mail-ot1-x333.google.com (mail-ot1-x333.google.com [IPv6:2607:f8b0:4864:20::333]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 723DE3A13FD for <cfrg@irtf.org>; Mon, 13 Sep 2021 11:43:37 -0700 (PDT)
Received: by mail-ot1-x333.google.com with SMTP id c42-20020a05683034aa00b0051f4b99c40cso14712508otu.0 for <cfrg@irtf.org>; Mon, 13 Sep 2021 11:43:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infours-co-jp.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=XhGbtD4IHESScRojZxlNMJK/o8J+84fokP1ya+2OjEc=; b=Osimao6kywVTWCtPilVOU4ZHnKVi916lnC84ANn/exhBIepeD+XfmreSUqPUfLo8Py uatIw3n2Z9mRBs4xQBonOpbG29XTEPnG5d9zkIlNOidQSA9XctZ8T2V/LysD66zdrGY0 m3RUxomkblnkM+4opkkVfVtXonOSeLTabP3GOm77i4YJwsRs3vv6vDivXh/lT8jUx7b3 bWWSPDRXI9gah5p+SsFOu0NF6pXuILeHBqTUadwhGkbzKag3x0FGjz0t2Et/+j3tSuAe dVbAV0nnuFZW4sz5FmEjR7qA17x56cdGzXGrqlLF/WWFSCCSo2YQzlDyuL+pA1Z3UXPH QABA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=XhGbtD4IHESScRojZxlNMJK/o8J+84fokP1ya+2OjEc=; b=CFHgohKkQaG+fOfGeI7SnIAK5+ODoczbJadrvMK7ez+l4bWkbeOOuVVAwn9YZkA8FT 6kr9a63ItTtw9pU++wCk6l530UqbPSHNnE/IiuK9sl7HDW5GIWYdmrW1r+3C+ENl78G9 xnTE208MfVWJjNii1+JmilWFyI+A/3rI8UelqaqkanicGmxOyutAOQp/tUAXseRDTKYr QIPPTpxfpdTR0M7Lr5LTs9A3rWpwUBRgbYdSuHwcKrhRqzRnx1z1Ca7kY6TBOffHCDpi iI8n0rWTp9GVLbqgNfou06uPW73o7C8LxykceP8YurSWlNsszwCTfqmszLCO4fS0sElb HSdQ==
X-Gm-Message-State: AOAM530yoLshxKFNUdt+7gA+khz8cRieJcIIwVcr3h8fNkmZJFWyEBd+ F7fdcEFzG3YAZ+4WJdRBJ25on2aJD+X0niCIm9eSWw==
X-Google-Smtp-Source: ABdhPJysUebvGiIZj39ZYQaASi2bdOSv0VetrAXq/01/8LwbTYH9dxKfR7nQ+aW6RJruDkZotD6wAGcJ3T5PwlZ1Sp0=
X-Received: by 2002:a9d:71db:: with SMTP id z27mr10936693otj.292.1631558615790; Mon, 13 Sep 2021 11:43:35 -0700 (PDT)
MIME-Version: 1.0
References: <CAMr0u6kV-YsAuAMRh6OVArhZ6DftZSCumqYNOQQ5BWq0cgxW3Q@mail.gmail.com> <CACsn0ckkXdVk2maphAoOGm9K6pYkBUOQ+H8sNtpQ5X5Y1k4Yxw@mail.gmail.com>
In-Reply-To: <CACsn0ckkXdVk2maphAoOGm9K6pYkBUOQ+H8sNtpQ5X5Y1k4Yxw@mail.gmail.com>
From: Yumi Sakemi <yumi.sakemi@infours.co.jp>
Date: Tue, 14 Sep 2021 03:43:25 +0900
Message-ID: <CAA4D8KZ4=_1qv64MadxeBK85X-oqdwgraGVg2oe0byF2nHeYJQ@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>, Rene Struik <rstruik.ext@gmail.com>
Cc: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>, CFRG <cfrg@irtf.org>, cfrg-chairs@ietf.org, SAITO Tsunekazu <tsunekazu.saito.hg@hco.ntt.co.jp>, Tetsutaro Kobayashi <tetsutaro.kobayashi.dr@hco.ntt.co.jp>, "Riad S. Wahby" <rsw@cs.stanford.edu>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/wtPdQL4d07V9f24rotokH2MuOi0>
Subject: Re: [CFRG] Second RGLC on draft-irtf-cfrg-pairing-friendly-curves
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Sep 2021 18:43:43 -0000
Dear Rene and Watson I'm so sorry for my late reply. Thank you for your comments. I checked and discussed with my co-authors about comments from Rene and Watson. As a result, we came up with the idea that the position of our I-D might be different from what Rene and Watson commented on our I-D. Below are the stances we understand when making comments from Rene and Watson and the positions/stances of our I-D. - Rene's stance It is the point of view that the I-D should be for educational purposes regarding pairing. For example, the quality of the I-D is inadequate for a textbook and inappropriate for an IRTF draft. - Watson's stance Standardization of pairing implementation. For example, there is a lack of detailed explanation of the implementation method in the I-D. To be clarified by Prof. Colin and Stanislav in the 2nd RGLC, the stance of our activities is to make an informational RFC about “secure parameters of pairing-friendly curves” promoting Secure Pairing Cryptography on the Internet. Kim's attack in 2016 led to a review of the security of pairing-friendly curves no matter how there are still many implementations that contain insecure parameters. To solve this problem, we focus on providing an informative document that implementers of pairing-based cryptographies can refer to when selecting secure parameters. Therefore, it is out of our scope in our I-D that a specific document aimed at standardization and education of pairing algorithms. We would appreciate it if you could reconfirm the stance and purpose of our I-D. Best regards, Yumi <<FOR YOUR INFORMATION>> In the following, I would like to explain the background and purpose of our activities again for your reference. As shown in our I-D, there are many kinds of types and parameters for pairing-friendly curves, and it is difficult for implementers of pairing-based cryptographies to select which parameter is secure. For example, the parameters of pairing-friendly curves given in standard specifications such as ISO and TCG have not been updated since before Kim's attack in 2016, so implementers may refer to insecure and inappropriate parameters when referring to these standard specifications. To address this issue, we propose to publish RFC for secure parameters of pairing-friendly curves so that pairing implementors can safely select secure parameters. The proposed parameters in our I-D were selected based on the selection policy of "security" and "widely used" after organizing the security of parameters of pairing-friendly curves shown in standard specifications, libraries, and applications. On the other hand, again, we do not aim to standardize the method of pairing implementation. A pairing implementation consists of many arithmetic operations, including operations on finite fields, twist techniques, operations on elliptic curves, pairing operations, and applications of pairing. Since many approaches to accelerate each type of operation have been proposed, we don't want to limit the implementation methods in our I-D. Nevertheless, the existence of methods to improve the efficiency of pairing computation is useful as references, so we have made references to textbooks, papers, and other publications to present carefully selected information. Another way to look at it is that acceleration methods may have patents against them, so we avoid such risks. 2021年9月10日(金) 7:43 Watson Ladd <watsonbladd@gmail.com>: > > On Fri, Aug 13, 2021 at 11:40 AM Stanislav V. Smyshlyaev > <smyshsv@gmail.com> wrote: > > > > Dear CFRG participants, > > > > This message starts a second RGLC on "Pairing-Friendly Curves" (draft-irtf-cfrg-pairing-friendly-curves-10), that will end on September, 8th. > > > > See https://datatracker.ietf.org/doc/draft-irtf-cfrg-pairing-friendly-curves/ for the latest version of the draft. > > > > We are having the second RGLC since Yumi Sakemi has provided (see https://mailarchive.ietf.org/arch/msg/cfrg/-1nTbbVRlkP5wV2odEYFac-jK08/) updated replies for the questions raised after the first RGLC. > > > > Please send your comments, as well as expression of support to publish as an RFC (or possible reasons for not doing so) in reply to this message or directly to CFRG chairs. > > The timing of this WGLC was a bit unfortunate for me, and I apologize > for my late submission. > > I think this draft has many issues. It doesn't limit the number of > choices, it doesn't provide enough information to implementers, it's > filled with extraneous information about history and applications and > much useful information is in the appendices. I don't think this > draft's publication will help authors who would like to point to a > reference for BLS12 and how to implement it. > > Sincerely, > Watson Ladd > > -- > Astra mortemque praestare gradatim > > _______________________________________________ > CFRG mailing list > CFRG@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg -- Yumi Sakemi, Ph. D. Infours Inc. E-Mail: yumi.sakemi@infours.co.jp
- [CFRG] Second RGLC on draft-irtf-cfrg-pairing-fri… Stanislav V. Smyshlyaev
- Re: [CFRG] Second RGLC on draft-irtf-cfrg-pairing… Michael Scott
- Re: [CFRG] Second RGLC on draft-irtf-cfrg-pairing… Colin Perkins
- Re: [CFRG] Second RGLC on draft-irtf-cfrg-pairing… Yumi Sakemi
- Re: [CFRG] Second RGLC on draft-irtf-cfrg-pairing… Yumi Sakemi
- Re: [CFRG] Second RGLC on draft-irtf-cfrg-pairing… Rene Struik
- Re: [CFRG] Second RGLC on draft-irtf-cfrg-pairing… Watson Ladd
- Re: [CFRG] Second RGLC on draft-irtf-cfrg-pairing… Yumi Sakemi
- Re: [CFRG] Second RGLC on draft-irtf-cfrg-pairing… Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] Second RGLC on draft-irtf-cfrg-pairing… Riad S. Wahby
- Re: [CFRG] Second RGLC on draft-irtf-cfrg-pairing… Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] Second RGLC on draft-irtf-cfrg-pairing… Watson Ladd
- Re: [CFRG] Second RGLC on draft-irtf-cfrg-pairing… Peter Gutmann
- Re: [CFRG] Second RGLC on draft-irtf-cfrg-pairing… Yumi Sakemi