[CFRG] Comments on draft-irtf-cfrg-bls-signature-04: can we pick one?
Watson Ladd <watsonbladd@gmail.com> Mon, 02 August 2021 16:26 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BF333A0C1A for <cfrg@ietfa.amsl.com>; Mon, 2 Aug 2021 09:26:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JGnyKTNDaqZU for <cfrg@ietfa.amsl.com>; Mon, 2 Aug 2021 09:26:02 -0700 (PDT)
Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21C9E3A0C0A for <cfrg@irtf.org>; Mon, 2 Aug 2021 09:26:01 -0700 (PDT)
Received: by mail-ej1-x634.google.com with SMTP id nd39so31811233ejc.5 for <cfrg@irtf.org>; Mon, 02 Aug 2021 09:26:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=Ff/vEjshPGbT0isJJkIucVfAXFI/9yrBsDDmWORYA64=; b=lDbG/tfept0qv2UAMH/x+GmtIQpLzZF0zuOV7jaR7P+5cP7V77iyvJh2ZuApImTtOY irgkROxpilC39BoCYCLXTb7b/345887qjFEeemNQAukrmEc0StAJZ1qmWDYM8RuDzXPC N5Uk0gjC0oOuWga7eJ4NIIpvbrH0srKjNScyKOnYYLdE0CCzQnJRbQHIH1fzhMZaHvN7 CNitIOIFar8dIl5Qte3nJ+swtrxU+KytXykPAXL3CuJ0tI0ajGGKoDRR6BTtklsKyV6N TI3uX9hIZEqck+Z3rvnlhgdrxGo6GzWaHm7k/WTQ9ksClE/ZSmvhh1QPXwV3L6K/+OCa GJ7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Ff/vEjshPGbT0isJJkIucVfAXFI/9yrBsDDmWORYA64=; b=LjFFTPu6VebMT2YmlVE+J/CWbVchywyh9opmpLl1SE7hfsPg46zKch6+YLmt1RayBt bYKDCF0lQfH3ErPrThQPmWDspv9cRb8VP/p9Eb8+Ef3+EgOM+ouibqF5DHn4d3OiCsi0 sQo6S3NMmZZqRa6+r4Zz++GbLhoIKLOdn16X0h3mg9WT/gNbHcym+dee1tJnui1hUyRi HsSwsy0ByCrLsHWw6ZvDKspplxUPAWYxL3+mJvddXkE/+zttxwDrxsc5H2WnelQVcMWb CUO4Thva5dxQEP3rU5qEw0RSartUWTHbFCfYzAF08JHx8wUn9qeMPYxjeK7G8kogExRr Sh5Q==
X-Gm-Message-State: AOAM531lYrDi4XNpdquCMRMX/mTcxFEU9fLG6d/74Ox/eSrNSCIhAnCn 6TCXvrYqzgqv2QoNhXQu22vTWnZ/R9mWh6UlLM1l/29m
X-Google-Smtp-Source: ABdhPJwmrt00CVaeZ3Jsyf63JKw1EIyLgCXc1P74uGWc6539KPDkZOAQZCemfyJD8GpEQ6U1iSXvYO1tfX+iyEg7Ymw=
X-Received: by 2002:a17:906:5799:: with SMTP id k25mr11089528ejq.110.1627921555038; Mon, 02 Aug 2021 09:25:55 -0700 (PDT)
MIME-Version: 1.0
From: Watson Ladd <watsonbladd@gmail.com>
Date: Mon, 02 Aug 2021 09:25:43 -0700
Message-ID: <CACsn0cnmKzB1qWFRFbJFmWUoO7xYCDgzkhXy_UpEkbwnVuaisg@mail.gmail.com>
To: CFRG <cfrg@irtf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/wtet3OfkFnky15tJWE8wKPChHOM>
Subject: [CFRG] Comments on draft-irtf-cfrg-bls-signature-04: can we pick one?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Aug 2021 16:26:08 -0000
Dear all, I'm concerned about presenting three different variants of substantially the same scheme, with differing security properties. I'm not entirely sure what the tradeoffs are between them, and not sure why we couldn't just pick one. The draft also doesn't mention the acceleration possible for multipairing product evaluation: I think this would be useful for implementors. Sincerely, Watson -- Astra mortemque praestare gradatim