IETF Logo Mail Archive

[CFRG] Questions regarding draft-irtf-cfrg-hash-to-curve-10

Björn Haase <bjoern.haase@endress.com> Wed, 02 December 2020 11:58 UTC

Return-Path: <bjoern.haase@endress.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1ECEE3A1109 for <cfrg@ietfa.amsl.com>; Wed, 2 Dec 2020 03:58:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=endress.com header.b=wfZh5hdI; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=endress.com header.b=KlULY/AE
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id giH6nFbbF9dX for <cfrg@ietfa.amsl.com>; Wed, 2 Dec 2020 03:58:55 -0800 (PST)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80070.outbound.protection.outlook.com [40.107.8.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A2543A097C for <cfrg@ietf.org>; Wed, 2 Dec 2020 03:58:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=endress.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oTJ9czjbmTg0WPnn2kMOPIMmiXsp3r42ZB4j3y6qbZY=; b=wfZh5hdIETn+T4iCYAFWgDyWsK7pgmJPGMueN2ORiHk28DZgJpgq10JX+vOj9qzBdokLqfp8nyZo6VxYkn2hZ02RDH9eA002MTaQd+e2lw9JFkQ/B7neWda1IAFWOuBECSN+TEUdJWpiCi+AJdWP5eNfiPVRW2za6GwIasc2Qcs=
Received: from AM5PR0701CA0011.eurprd07.prod.outlook.com (2603:10a6:203:51::21) by VI1PR05MB5328.eurprd05.prod.outlook.com (2603:10a6:803:b0::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17; Wed, 2 Dec 2020 11:58:52 +0000
Received: from VE1EUR03FT035.eop-EUR03.prod.protection.outlook.com (2603:10a6:203:51:cafe::f5) by AM5PR0701CA0011.outlook.office365.com (2603:10a6:203:51::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.16 via Frontend Transport; Wed, 2 Dec 2020 11:58:51 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 13.79.242.66) smtp.mailfrom=endress.com; ietf.org; dkim=fail (body hash did not verify) header.d=endress.com;ietf.org; dmarc=pass action=none header.from=endress.com;
Received-SPF: Pass (protection.outlook.com: domain of endress.com designates 13.79.242.66 as permitted sender) receiver=protection.outlook.com; client-ip=13.79.242.66; helo=iqsuite.endress.com;
Received: from iqsuite.endress.com (13.79.242.66) by VE1EUR03FT035.mail.protection.outlook.com (10.152.18.110) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3632.17 via Frontend Transport; Wed, 2 Dec 2020 11:58:51 +0000
Received: from mail pickup service by iqsuite.endress.com with Microsoft SMTPSVC; Wed, 2 Dec 2020 12:58:51 +0100
Received: from EUR01-HE1-obe.outbound.protection.outlook.com ([104.47.0.56]) by iqsuite.endress.com over TLS secured channel with Microsoft SMTPSVC(8.5.9600.16384); Wed, 2 Dec 2020 12:58:50 +0100
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FlGnm3Hmw9WfN5SYyg4hWfYDNQeFEXPmO1Ft4ale6+vGvhUQfuTTdpofipyuE7No5HE6iEzAqQomKHtL480PxgIf0ltbx/Fp5Nl+5CasW9n4SJ5QtC8qiTNa36mefHzkFANAatQai0+pBx14dVycU2JIOCGO0GuTaaMNLDZmgb+dJygISHsT2jPCb9rjsDnWRxJSywJkOCUDUI2sUkMoSxbLki/NeVgN75YBGFf4dVRobtbgYgdTRJMa4eAKymNNKcuXkmCiY5MHK2BPHHFhFpBe37cDZyfEsiLX99OeKAhHSBSobv5BObQOZlahAcXZJF5/GW1d11cF+jnbbzgIiA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ImylBBUZHEVX9yXTIu9K5SzhJU0jkl3rgHp9ra+4xwk=; b=LoYYTJYug1PTxZnQH2rTucI2bSG8Ylfi0/rN4P7/KWiVb7hFha9vcKlvlhQUG4Nos3yAeoC0oyYPcNXXKvoNKsGyydUVhqB6WaGl/v49uNZiXNwg5ierLnb+7c++MgB3USjtxsB6ZW29ty099huyUWH5GEojV/jNZhqlgYUgUk4drgjB5Dgp2W970YAvh328WiqEuJy4X/pewYpxtw2KtbNbJhdMZho3FwSPqlxTb9jZAxrhihaLtipBDzTlB/IT23ZRFDunb6lNTGtsq68b4BvRKxMW9hCyQiLclqbHnzyPT2eqK6zuixdf6Wx2okNiB5aca+ejEkWKN5ZxvIpzVg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=endress.com; dmarc=pass action=none header.from=endress.com; dkim=pass header.d=endress.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=endress.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ImylBBUZHEVX9yXTIu9K5SzhJU0jkl3rgHp9ra+4xwk=; b=KlULY/AEc3+PzrDmcV4D/gMreB2xm8ENBRP4McAWs3d+EFIi+ApkJbs8u7qonTWXIv3iOO0GnuyJ7grdHgc2A2dVMlTMokNhjZdhiwhGlLon3CNuTgM0zdpa6udqXCT4xFSdCU+X55mF8Wmmcl0E344lek91NEvU75qpEMf9T38=
Received: from VE1PR05MB7533.eurprd05.prod.outlook.com (2603:10a6:800:1ad::16) by VI1PR0502MB3696.eurprd05.prod.outlook.com (2603:10a6:803:2::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.25; Wed, 2 Dec 2020 11:58:47 +0000
Received: from VE1PR05MB7533.eurprd05.prod.outlook.com ([fe80::c0f1:d696:58ac:410d]) by VE1PR05MB7533.eurprd05.prod.outlook.com ([fe80::c0f1:d696:58ac:410d%4]) with mapi id 15.20.3632.018; Wed, 2 Dec 2020 11:58:47 +0000
From: Björn Haase <bjoern.haase@endress.com>
To: "cfrg@ietf.org" <cfrg@ietf.org>
Thread-Topic: Questions regarding draft-irtf-cfrg-hash-to-curve-10
Thread-Index: AdbIoWbUcUjwW1+/Tm6Vfmo0GbxY2A==
Content-Class:
Date: Wed, 02 Dec 2020 11:58:47 +0000
Message-ID: <VE1PR05MB7533515A32908677C520B48283F30@VE1PR05MB7533.eurprd05.prod.outlook.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Enabled=True; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_SiteId=52daf2a9-3b73-4da4-ac6a-3f81adc92b7e; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Owner=bjoern.haase@endress.com; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_SetDate=2020-12-02T11:58:45.4847373Z; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Name=Not Protected; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Application=Microsoft Azure Information Protection; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_ActionId=cd3d8460-a894-411d-a9ec-76c44fd17487; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Extended_MSFT_Method=Automatic
Authentication-Results-Original: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=endress.com;
x-originating-ip: [165.225.72.66]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: 661f6851-d7a6-4fb7-29af-08d896b9a2bd
x-ms-traffictypediagnostic: VI1PR0502MB3696:|VI1PR05MB5328:
X-Microsoft-Antispam-PRVS: <VI1PR05MB5328BBF51A521427DD91D10583F30@VI1PR05MB5328.eurprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: IiKJeWSADsY/VHwTOXlFrNpvLLMq44Og488mhgzpfXkNHIlBDhIjp9XPeLYNt80zmsFU7ZegFr6mwk9CYAmViLrSO/iEL/JkAhjEHV+CeUZLqTgOcW8issg0Va3aBej5NKO7XojZwr/kiizSn0qG6YHQ8gRs6lvnOSAfKCPvSvfeeLbpahKDNesQHgIZZKBKHMovcQReSGl+M1H86toTKZAPH5NFBtMEwX+6mCSqkAHO/Ip61ACe+gUqFM4vJG4+bkwgrTXqWMsO6dTqJQ0YTzHTekAo4y+VUquJD8Mh5PmQiqHLLxtZCeLuHxZDVQ+CLZy2NUfV7CMhtXJJuzCdsGrmsLkpIiJQUiAKXkH1U0S9fiFFT+iQlWYGn1UdC20WRkjwyNXUJRTGg0DX3x1xmw==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VE1PR05MB7533.eurprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(396003)(136003)(376002)(366004)(39860400002)(33656002)(966005)(6506007)(66556008)(66476007)(26005)(76116006)(5660300002)(8936002)(52536014)(83380400001)(64756008)(186003)(55236004)(86362001)(478600001)(55016002)(66574015)(85182001)(66446008)(71200400001)(19627235002)(9686003)(66946007)(166002)(4326008)(54906003)(2906002)(8676002)(316002)(6916009)(85202003)(7696005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: lICh7eU3vDSdm3d+fSt9qes4RVNYrcYAyMVtVVQLVcj/9Fb8WNMAQ+CCGqWFYOGRaEoy1qVL5wtZtUzyapQlU09mxov8D/NkuwJJWSvk2ssgjIprnpl+QvDbMa+RCavMgHvxvlXA0CM/14PcJQc1MM2OTT2hbr633l03w/eaa5SxAAAxR3kJOgSZF6HEOykDhRC/oPG+osHaIk0FOLNq6LrMnjGlxW49ssK2VA1rkYva4v+/t0mCU9HTBs45cI0mQ30I2ZKuVWV4eiEFLMFQ7batyVNDvVBxvhJyTTLBYAlw/wn54DAxYRP22M7HOLmqE3EteoxmutaAfcoWHgIZe4Lw0t0OUXRcYhC1tGTF9lcCjY573lksWT6ee7xn9LrQh9Cq7eoh3no7cdjv0i0GhiHXk4IMqUfH+OghFYI3fbEqBk8h7SHqANG3e3dMuip1tUsfCzrABHZkgnl2USx/M/nI0C7+zNjlkz6tRGVCxD+Jfh4OJcQcV8v3g+1TyLdS+6SViTu+EixWxb3t3bSNrSZS6ASaC5MK3TQMBNRl/bgrecrQALISztWcPiuryZC4mZnK22s1yWb2aOYWnRZfw5eQZRtMAnPzexIw+uyGCRcMY6e9xtHH0UP3rJrurK/Yv2EbO4Sq2fk6UEV0HQmscE5RJcZJ2ExOZX79JhKohlpHyxKdRukI6Zyq2rh9jNvphjdQL0PfjqILvL1Pd/ljOYQDmwBBKU1XKDLMNlUHmJA/9Y5Lj/UdhfM8L04gRl1+WUSBHaSKtMCASda33j44tC+1zElzsWuFCOSGbsJdNw1gw7sG5bdmRPzEoMLEhlE1+AW2zrlEZ3xK8HzkeGoz+Fbf0X+JDtdaF6ivNH7NZyGVE/mRRrAJ11IgLDy4XLL/r73qcTDqekIDlLrTWCQ8K+oKG84y3tMSZrHVJb5/lGG+fu+nR/yz+s+mheWcaDjhsuPohtMrY+VrrE7KYOGPjvf4xaCdPzOQXtOaz8YjAKU=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_VE1PR05MB7533515A32908677C520B48283F30VE1PR05MB7533eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0502MB3696
X-OriginalArrivalTime: 02 Dec 2020 11:58:50.0200 (UTC) FILETIME=[7F6B3D80:01D6C8A2]
X-Trailer: 1
X-GBS-PROC: AgsAjmFE1cNfBw/Wel7vcaSowV9uFMRbmQ5jSvW97FY=
X-GRP-TAN: IQNE02@C25A2D1D59444594990F0A87F36491C5
X-iqsuite-process: processed
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT035.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: de310495-2a04-4756-8f66-08d896b9a019
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: RpE8I35LA/f978cueJeXjdC7rlrJN64mhoCB16RqOrEP0eBmD8bxlSDFuptZp49zsnsNpTbIiZFpQePfkhRoOXFfp8Tkkjw6xNHnJ/2uVFe6pxH873KJxLYX61eYdGLN2pPJ7E821bUIakEP0sb4mizJdgQI6tluokXUM11/AUsOQk57pM+grZwxlHEy7cilAdbbCPywfUBqcVOWYBAcU9q/rjaCmVu98kGz+zxC2Ca3FlecrwKCN8kuZBE3TdS8rGJTY4n4qE22uKDJNq8PNmrdl/vpRurW2JD5DDhOObxT2EU4JochxilImjDZxt9+xVTXMKwuWzP+WQW1JhRDS7mxTweH8GWAaIlGlfluBFMl/4V5Vfuhq39UwIDl0/JrT7MEt0BKDXApxzSxpBQSVlK/E0gIICH8tMvgRHc6kjsUPG/zsxwXQHQmqHmjsCMdRxilH3xo/8IfV7abwwfgvv5oPC+H8v98DPsK2vS6PJE=
X-Forefront-Antispam-Report: CIP:13.79.242.66; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:iqsuite.endress.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(4636009)(136003)(396003)(346002)(376002)(39860400002)(46966005)(186003)(26005)(86362001)(6506007)(8936002)(8676002)(107886003)(55236004)(85182001)(83380400001)(336012)(966005)(316002)(478600001)(82310400003)(85202003)(54906003)(66574015)(33964004)(7696005)(55016002)(356005)(19627235002)(70206006)(81166007)(9686003)(5660300002)(82740400003)(33656002)(15974865002)(4326008)(6916009)(2906002)(47076004)(52536014)(166002); DIR:OUT; SFP:1101;
X-OriginatorOrg: endress.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Dec 2020 11:58:51.5387 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 661f6851-d7a6-4fb7-29af-08d896b9a2bd
X-MS-Exchange-CrossTenant-Id: 52daf2a9-3b73-4da4-ac6a-3f81adc92b7e
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=52daf2a9-3b73-4da4-ac6a-3f81adc92b7e; Ip=[13.79.242.66]; Helo=[iqsuite.endress.com]
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: TreatMessagesAsInternal-VE1EUR03FT035.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR05MB5328
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/ZRdE5Vy8jJ3a7JU_UzTjzvMwxvw>
Subject: [CFRG] Questions regarding draft-irtf-cfrg-hash-to-curve-10
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 11:58:58 -0000

Hello Riad, Hello Christopher,

As requested, I have filed an issue in the GIT draft regarding an update of our CPace security analysis.

I am currently reviewing one other aspect regarding the hash_to_curve construction, where the result of two mappings is added.

hash_to_curve(msg)
Input: msg, an arbitrary-length byte string.
Output: P, a point in G.

Steps:
1. u = hash_to_field(msg, 2)
2. Q0 = map_to_curve(u[0])
3. Q1 = map_to_curve(u[1])
4. R = Q0 + Q1 # Point addition
5. P = clear_cofactor(R)
6. return P

The important aspect would be, that the result P comes from a uniform distribution.

I am aware of a result from Coron, Icart, brier and Madore “Efficient Indifferentiable Hashing into Ordinary Elliptic Curves.” where they saw the need for using rather something of the type of
P = Q0 + x * Q1.

In “Indifferentiable Deterministic Hashing to Elliptic and Hyperelliptic Curves” there is a discussion that, even if uniformity could not be guaranteed, at least some weaker property of “well-distributed encodings” holds, which they show for SWU.

https://eprint.iacr.org/2010/539.pdf

I am having now the questions: Are you aware of a result that extends this to Elligator2? If I understood the paper correctly, the case of SSWU should be covered as part of the general properties of SWU. The guarantees seem to be linked to the property of the map that it is “well distributed” (where I did not yet understand the full implication of the character sums definition …).

Yours,

Björn.


Mit freundlichen Grüßen I Best Regards 

Dr. Björn Haase 


Senior Expert Electronics | TGREH Electronics Hardware

Endress+Hauser Liquid Analysis

Endress+Hauser Conducta GmbH+Co.KG | Dieselstrasse 24 | 70839 Gerlingen | Germany
Phone: +49 7156 209 377 | Fax: +49 7156 209 221
bjoern.haase@endress.com |  www.ehla.endress.com 



Endress+Hauser Conducta GmbH+Co.KG
Amtsgericht Stuttgart HRA 201908
Sitz der Gesellschaft: Gerlingen
Persönlich haftende Gesellschafterin:
Endress+Hauser Conducta Verwaltungsgesellschaft mbH
Sitz der Gesellschaft: Gerlingen
Amtsgericht Stuttgart HRA 201929
Geschäftsführer: Dr. Manfred Jagiella

 
Gemäss Datenschutzgrundverordnung sind wir verpflichtet, Sie zu informieren, wenn wir personenbezogene Daten von Ihnen erheben.
Dieser Informationspflicht kommen wir mit folgendem Datenschutzhinweis (https://www.endress.com/de/cookies-endress+hauser-website) nach.

 

Disclaimer: 

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer. This e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer unless explicitly and conspicuously designated or stated as such.

v2.29.0 | Report a Bug | By Email | System Status