Re: [Cfrg] RGLC on draft-irtf-cfrg-hash-to-curve-10

Watson Ladd <> Sat, 17 October 2020 22:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B050B3A1133 for <>; Sat, 17 Oct 2020 15:38:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id q4UsiMB5SSGc for <>; Sat, 17 Oct 2020 15:38:46 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4A50C3A1085 for <>; Sat, 17 Oct 2020 15:38:46 -0700 (PDT)
Received: by with SMTP id 184so8279068lfd.6 for <>; Sat, 17 Oct 2020 15:38:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=+WTMGk7ksZ6JZzYgtqZHmQEQxI3tFa7rmTTz8Dw1crw=; b=izaMvWT5clz9GRN8wQW+6fQY2s9lHs1qnHuIHlO+Zlfa4xy2s+5mdp9VeU2fg+UME5 4a2xrn9CAM4adU6ERbUtu9DQJ84lZuYOMm86sl/OQemq8M+fDuifwYXglerote+4wboH rKIx86RkQDkAQ52d/xIZaQivITYnAORmMGVkx9BewbjuzOSWLoEHLOfB8behaP53b36y 8CbdpnFsRfxKiei20hteVPHfHtv+w80ogm3cRWIWfUK5S1X9BSbOKRqoh8eZBM393mEO ghtBV83SFeeQaF/8AD/mrWV3EOx+22XHq7CTFP5NyhaO1FHJ1Kbfn8sh3B2bLwdtIHLR gc9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=+WTMGk7ksZ6JZzYgtqZHmQEQxI3tFa7rmTTz8Dw1crw=; b=dblbS/V0Sm0byr6zfbg7+rhkoarOL0XB/x46tGekQBL9NyFOVLqjoI0wHKkagECrmg uK/IeXS3Du2i8nNxQjlEpSo8poZKzR2skmzfqciVtkHzkltzezSwQ38YoxRyAmzWVZQD T89WVevAvrPv6buSfmlBpsZXj8Vrd/+RAGXvUnTcJYgfgvp5/89nhCX43n2XJW/BI6q4 HfBY+nzmXVLt0vYWVND1bTety2zcptFT5ICP/F5Rk6JdhUoSmvd3tFp5lmUNr0lIfYAE /PiHTZOLsYaOt3IeRk82/sWWOTa6SBdBnLRf/l0k5q3zxHa7XSlQK6o9V27s/5pBmLEw Tu/Q==
X-Gm-Message-State: AOAM530DsAYNa6Poc3LPE0R1kk5TRitKFWU3qJDkmsM4T4mDa/L6R5eY tC7KCj1cztFTN2tnim2T+pIN3Q0K91NA1Q1kqR8=
X-Google-Smtp-Source: ABdhPJwuNBAGNbAdtD15uVYcei4F/LJK94xVOphfKQhRX1Zb98RqDI9vNrDsazWRefyYWYHe1pUsRD0VFgiTMITCh5g=
X-Received: by 2002:a19:1c8:: with SMTP id 191mr3415471lfb.585.1602974324593; Sat, 17 Oct 2020 15:38:44 -0700 (PDT)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: Watson Ladd <>
Date: Sat, 17 Oct 2020 15:38:33 -0700
Message-ID: <>
To: "Stanislav V. Smyshlyaev" <>
Cc: CFRG <>,
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [Cfrg] RGLC on draft-irtf-cfrg-hash-to-curve-10
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 17 Oct 2020 22:38:48 -0000

On Sat, Oct 17, 2020 at 12:30 AM Stanislav V. Smyshlyaev
<> wrote:
> Dear CFRG participants,
> This message is starting 2 weeks RGLC on draft-irtf-cfrg-hash-to-curve-10 ("Hashing to Elliptic Curves"), that will end on November 1st 2020. If you've read the document and think that it is ready (or not ready) for publication as an RFC, please send a message in reply to this email or directly to CFRG chairs ( If you have detailed comments, these would also be very helpful at this point.

I think it's ready but have three nitpicky concerns far, far,
downstream of the RGLC, which may be entirely offbase.

My first concern is with the references to a number of active drafts.
I don't want to accidentally make a giant cluster if we don't
absolutely have to. Switching these to papers describing the
applications would be a way around it, but maybe there are others.

My second nitpicky concern is with the normativity of section H: the
behavior of this code could change, especially if using F.gen() in an
extension field. It's probably very sensitive to the details of how
the fields are constructed, so I think users of this document should
be encouraged to define suites in terms a bit more strongly than are

My third nitpicky concern is archiving the hash2curve-repo. There are
several times implementers are referred to it, but it's a github repo.
The RFC series has outlasted many companies and storage media. However
stable that looks now, it isn't forever. Rotted references are an ever
present threat.

Watson Ladd

Astra mortemque praestare gradatim