IETF Logo Mail Archive

Re: [Crypto-panel] EXTERNAL: Request for review: The ristretto255 and decaf448 Groups

Thomas Pornin <thomas.pornin@nccgroup.com> Wed, 23 November 2022 21:33 UTC

Return-Path: <thomas.pornin@nccgroup.com>
X-Original-To: crypto-panel@ietfa.amsl.com
Delivered-To: crypto-panel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E395C1522B0 for <crypto-panel@ietfa.amsl.com>; Wed, 23 Nov 2022 13:33:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nccgroup.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id txEXjubqHrDV for <crypto-panel@ietfa.amsl.com>; Wed, 23 Nov 2022 13:33:28 -0800 (PST)
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2061c.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe5a::61c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04E55C1522AE for <crypto-panel@irtf.org>; Wed, 23 Nov 2022 13:33:27 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=i+ECv3y1cVfIX4ocLoR5OyTzSZZCZt7zsTMBGwsTQ5wuDeZ9+iU+h4Jcq7UDdVx9A2KplorGhnKPGQZq3T+L8vvDxQ2Vb1HP/AWLEUijFvQOGtw1jeX6PGAp0T7mgq4K5hk3RoT5MdGcXVyu6tsBG3cFRR9kJrAciJWSsGnAFixw7I55w6kcpnD6mweYBu4/erKq3hsJHwMZcYK4tg0xowKeMeYhZdYspHqdEs3N3ZnNJQJqi03EsMw+v5V29fb3NarKe/C6AO3VkN8nN/dXxxXFHDEBwSheVfrEdo9NE6nrRqMmy/D7QKC/v7y8k241NhUEknw7aCGb+FyJtIt2RA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dris1rDk73ww7s0P3H/jQXDv7WgGz4GXhaonp7UOdT4=; b=QRhrnFbKPFFPVFnnRFI+avvihtl4wvzMvvTzQ1v8UhT0sbtf7SbQqkIV/t3czBPhP5tjU4CeiDnNTdWYyliA2aQyyFdY3Q+58xTUoFEnM7Wf+tGATbRveY/R/+FnpG0Lc8c7awk3Gk4Tdbv/nuv5il/ekgfl2KknRYX21CvENxRX2E2bI5Wfeb5/odku7v93z7ZIP9+iagXooWyLuvA8c/eRUGT1QW68sRNpBL+QAVeklkQ89aG5xNIRL3QlVqAaKQ/T5s0Xz0evW6+ZrwLbZ655qaWQO4HKb/rN5gYEF1iqxqhp09aIml9FDNF1ugypsWAkORbDPXw/MqAOlBxJpw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nccgroup.com; dmarc=pass action=none header.from=nccgroup.com; dkim=pass header.d=nccgroup.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nccgroup.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dris1rDk73ww7s0P3H/jQXDv7WgGz4GXhaonp7UOdT4=; b=gQwN1Mz2QlEh5faax+F5hNeps4hIptii7R3lswtHlT5U3F2awPl+HivSStq6vgg99q0g/nzaCWRLCr6TQtaFplQL1VGJga83rtbniYFxlGyChaaw5mEiFJ2LbfcueqdVbRSvQsWt3tfGXsUMs5KPy1gEUY9kDTPis97UyVwATN0okosVTVL6afrnxA++OY+WJKBn54Y3FohDA8evvFEEXM8zWzXTVOx/4i9Kpm97HeSWsIJHKBNmqr1r6tTHfZ4bbXvivXgJbXijrTF2KgwbOrmBPScsiQ2r7+bZs7ko7jmP4gn9+dE2z/Hh85YeYzJthegKrDDP88gB9mWow7jCYA==
Received: from DM6PR06MB6187.namprd06.prod.outlook.com (2603:10b6:5:126::28) by BYAPR06MB4983.namprd06.prod.outlook.com (2603:10b6:a03:7d::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5857.17; Wed, 23 Nov 2022 21:33:21 +0000
Received: from DM6PR06MB6187.namprd06.prod.outlook.com ([fe80::867a:a70e:bd7e:39d7]) by DM6PR06MB6187.namprd06.prod.outlook.com ([fe80::867a:a70e:bd7e:39d7%4]) with mapi id 15.20.5857.017; Wed, 23 Nov 2022 21:33:20 +0000
From: Thomas Pornin <thomas.pornin@nccgroup.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>, "crypto-panel@irtf.org" <crypto-panel@irtf.org>
CC: "cfrg-chairs@ietf.org" <cfrg-chairs@ietf.org>, "ietf@hdevalence.ca" <ietf@hdevalence.ca>, "ietf@jackgrigg.com" <ietf@jackgrigg.com>, "ietf@shiftleft.org" <ietf@shiftleft.org>, "ietf@en.ciph.re" <ietf@en.ciph.re>, "ietf@gtank.cc" <ietf@gtank.cc>, "ietf@filippo.io" <ietf@filippo.io>
Thread-Topic: [Crypto-panel] EXTERNAL: Request for review: The ristretto255 and decaf448 Groups
Thread-Index: AQHY/4M1+2nMDDX/lku5cPGtNb5T3Q==
Date: Wed, 23 Nov 2022 21:33:20 +0000
Message-ID: <DM6PR06MB61870F2F3A0C090323F8EFE4820C9@DM6PR06MB6187.namprd06.prod.outlook.com>
References: <faa71873-cbe4-5f2f-7a09-d15d69c221a0@isode.com> <DM6PR06MB618726798EC726A5A981C81B82069@DM6PR06MB6187.namprd06.prod.outlook.com>
In-Reply-To: <DM6PR06MB618726798EC726A5A981C81B82069@DM6PR06MB6187.namprd06.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-CA
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nccgroup.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM6PR06MB6187:EE_|BYAPR06MB4983:EE_
x-ms-office365-filtering-correlation-id: b3fd2635-357d-45e0-9606-08dacd9a57e5
campaign: C_Default
signature: S_NoSignature
disclaimer: D_NoDisclaimer
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: BY9bHz43C9t0YTTznJHRiqwF8Vgm1Z+GjG24Ski+7s/XEhi9U2ZKR5gb7rQmXXfQ5M+BoFJvHOeBfgJNGUaWN0jzYgIcx1wOqLNpNXEH6s5rDt9UsRJq0zoSTdofii4jiWQ04ylg0M6rR1XBE+yDSpkOheMrO8C1K4WQSDTKnWAFi8QzYf/BzL0p4duSK/HztJ2H/pVXTsBNHYVuByaAmr+DGVLRugpCT0A40soB3ArxCGjPFI66OFecc3/h+GaSOUWkkZ/7maxUH1otz26D7EYKteNmUBriq56Q0UTKOyTcTMiGSwJi639QV8fNKwMxcc4zV0yMKxxqkmBMH1pNCP3Mw1Nqbu+7prQlq4bfmnUxN8u4xvGHb+uRsPmxUEVaEH2XkvWMAB4RjOmQ6DqqD40LOOaB2FXJLWXhn9/XoaAKOUWiR1jdbPV88P6k4e6BzGITGZHlZIzuuL+YbHQ26m6c6+3CkOND+Z9Sw0ERNwF5Nhv5g41U7Y7J6NqdqE/2ZfVwJjZk+qoT+ckk3L9VX01HmIpl47hrrNOIMD6/sSGz04K6qPNrXE4g2HaMGT4FoBy8jCJ46y1PInUmqBpU2RrZgPioee7KhsrcnXSWSgdNkN4UO8lhsAOsocmSzPbT5xUSInTNwMWnsprx6e9fY2BjxR1sSAXvNiC2rHXn1GBbeFSgh0yh/jz9JEwsxSy/cDeS91Q+4rPxV6LGF2/ktjJiqBN7uFXk2dnG0Wdz9P4=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR06MB6187.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(376002)(136003)(366004)(346002)(396003)(39840400004)(451199015)(66446008)(110136005)(2906002)(41300700001)(4326008)(8936002)(6506007)(33656002)(7696005)(52536014)(91956017)(44832011)(9686003)(53546011)(66476007)(8676002)(64756008)(86362001)(5660300002)(38070700005)(66556008)(66946007)(26005)(478600001)(55016003)(76116006)(166002)(45080400002)(54906003)(316002)(38100700002)(122000001)(83380400001)(71200400001)(186003)(966005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: NvSV1DNu8c/YKbBpEwYbB2IQuIxU9w1plEkcOFIBNI9QqeKOHySVJO8ODFpm9Iym/WaH6hfvYP+AOopT2IO52bQlnK2IBqMKylKVqn5+35ZL8ESg0IGgX8x9upV96KDK88bxSZEbHVktJLYv11WsMIcFrzX17Bu5wW/YtYgXlSX7MXkAoWVLeSJZdm4B1MlqfTxqnM+dVKT8cvkVbtIVlelG0Nqh9s+fx0uhRO8BbZZgicxGGcDY2cjz5Rj5QRWHtT6xvfIlcqFKMwhKoIvlK9yWIK2bDdD12/CzjFh8wyVn2oae2Tba0F6pDCJqjR/pEJ9br69Z5RpnhdDhoO8loH2MGpUjC8nUj4qmWSGBybf9sTjV/4EAg042oeoSU78FyuXy8jbuJkekk2+VYwks14puSb3yB7sn4wdKAuUjgsm8Okvo4R4vBBGrlEfj3kEMhBLDGR0d5xo9Ne/7w5BsXBAZNcTxFKWuzYmSCxspQBLSk7FyWIpUGZM9QjNVR6oq67QPOyn3ytdYuMlNZkZCncFBBFu+TaxxU0le78XKYkfPps01aR796YbvnxZ85oMsPISkazs4Laf+Qyim6ALBQhBTlq/ArJRT4CUUKMzvLhtrZjDzLVUuVFwHzffZWnBJMmPsj3FmZr8QlM6IMsLuN5uztSu7FChFUFraZKDBUVKGMv2gz9gtxMV4ERLpiUH0kYDIlFtMwwU5rmKj+DyJv81MtVqIqTLoQkkEdROHKN3pt8rIKMkkl2vxkcmuqG51pPmMhPJuMtgVSEDgrYeDIUDPmGuIH8EULL8YjW9LOrm3Qa7YxCswUBymCr6APkL6uH0eEd+BRvSWj0RtVzDHeOoNrmvxZfOuBymhYvUoHrTlITo6CkN3JXuZcVBqLcSLMkU/BseLZcqkAX4KdKrqbM7e+ftTgmu9ZhYHZNrLUokKRBbVizZvfB7tUjjaYy/cQw40PIgbJekLW7VWnFAaB5ypurDe+MjmDEsaHHtB0GzmnyywIy3+l7YcVkH+NVaxs/cnriWMc8U/jBMWBaJuwVkfpcDyke5NoRnTUuy7ZdDhnxrBGr/dHEZ1cibwC1B7/93Dm5UWvX7YWpMHoo5JpL2d6UEXX99UTD6qLTF41eE3e+nGgPNxtUetrYcX3NHcCIJjNBvdFRWqNIiEkqwZ9iV9MjC6/JoUn1EW82p57XiS4AhGbNnr150NSorol2ZiqHSVxjccfW3JRMf1No+4FDCQKZXg9oiFljYJUmCJdI0huP+HCYGSXBDlYHVHnwa1Wxk1GnQrnzGdR/HJBhEIERP0sD/NOfodV66V3zbyMmLfhLZKkwgXtqELOGJ8OlDGHZFUmfV/rReWBcdIlNeC0GmPfBi5XIkTwCc7BDcPwZ7awbMMrzd07qbluAIRM6Ett9YyuaQBqm8ftNRcf5ofsb/UE2Xc6NnIx/hquDnLO+KEB99B6tF6Ca0nz3v3bXS6HdlAuyKLwWVuNQCjoXPRsq43b2cLlHh/C17XFxaO4eDdxwppb6eTW+iotqUfszdn2bffOgGfPIgo6nYJeplPVsPvzWqOAyiIcJ574WThI5nTe2uIbOaPYLI5OBF6+MP1xgdpeK4WDZip1Rv571oDfUruV8//VBOlPZlvyu2+Ggc=
Content-Type: multipart/alternative; boundary="_000_DM6PR06MB61870F2F3A0C090323F8EFE4820C9DM6PR06MB6187namp_"
MIME-Version: 1.0
X-OriginatorOrg: nccgroup.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR06MB6187.namprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b3fd2635-357d-45e0-9606-08dacd9a57e5
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2022 21:33:20.9355 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: a41111be-486b-45f6-8bd0-ee01a62f368e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: j+sIMmDNcxOrjsu0sVmIxhzvuisXKluHDbFCkxWVaqI/m/e2D/cTjYO2Ly6QfpKCtLKUskcivxcVCBOn17PAMOXeXzToWV8gy65XzFsEb/Y=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR06MB4983
Archived-At: <https://mailarchive.ietf.org/arch/msg/crypto-panel/IBS41aU6OOUOPW-QvwxSov-ccW8>
Subject: Re: [Crypto-panel] EXTERNAL: Request for review: The ristretto255 and decaf448 Groups
X-BeenThere: crypto-panel@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Review Panel review coordination <crypto-panel.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/crypto-panel/>
List-Post: <mailto:crypto-panel@irtf.org>
List-Help: <mailto:crypto-panel-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Nov 2022 21:33:33 -0000

Here is my review. In summary, this draft is good and I support its publication as an RFC.
There is always a way to nitpick something, so here are some comments that are purely esthetical/typographical in nature:

Section 2: "a constant-time logical OR" -> this is the only place where
"constant-time" has an hyphen; in other places (e.g. title of section
2.2) it is written as "constant time", with a space. I believe both ways
exist and are valid, but a given document should choose one and use it
consistently.

Section 4.3.1: "an integer s in little-endian representation" -> it might
be clearer to say "an integer s in unsigned little-endian representation",
to highlight the fact that there is no sign bit.
-> same remark for section 5.3.1

Section 4.3.2: "the 32-byte little-endian encoding of s" -> maybe expand
that into "the 32-byte little-endian encoding of the canonical
representation of the field element s as an integer in the 0 to p-1
range". People might otherwise be tempted to cut corners and skip the
final reduction or something.
-> same remark for section 5.3.2

Section 4.3.4 (step 1): "in little-endian representation" -> "in unsigned
little-endian representation" (same as in section 4.3.1)
-> same remark for section 5.3.4

Section 9: "Riad S.  Wahby" -> here there are two spaces between "S."
and "Wahby" (at least in the ASCII text representation), which I think
is not typographically correct, because the dot is not a sentence
ending; it should read as "Riad S. Wahby". I suppose that the text
representation is automatically generated from some Markdown or XML
input, and that the unfortunate extra space is added in that process.

Apart from that, everything is fine.

Note: I have implemented ristretto255, and can thus positively confirm that all formulas and test vectors for ristretto255 are correct. I have NOT implemented decaf448, though, so I do not formally confirm correctness of that one; however, the formulas make sense.

Thomas

From: Crypto-panel <crypto-panel-bounces@irtf.org> on behalf of Thomas Pornin <thomas.pornin=40nccgroup.com@dmarc.ietf.org>
Date: Thursday, November 17, 2022 at 12:44
To: Alexey Melnikov <alexey.melnikov@isode.com>, crypto-panel@irtf.org <crypto-panel@irtf.org>
Cc: cfrg-chairs@ietf.org <cfrg-chairs@ietf.org>
Subject: Re: [Crypto-panel] EXTERNAL: Request for review: The ristretto255 and decaf448 Groups
I can review it.

Thomas

From: Crypto-panel <crypto-panel-bounces@irtf.org> on behalf of Alexey Melnikov <alexey.melnikov@isode.com>
Date: Thursday, November 17, 2022 at 12:41
To: crypto-panel@irtf.org <crypto-panel@irtf.org>
Cc: cfrg-chairs@ietf.org <cfrg-chairs@ietf.org>
Subject: EXTERNAL: [Crypto-panel] Request for review: The ristretto255 and decaf448 Groups
Dear Crypto Panel Experts,

The chairs would like to ask the Crypto Panel to provide a review to
help move "The ristretto255 and decaf448 Groups"
draft-irtf-cfrg-ristretto255-decaf448-04
(https://gbr01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-irtf-cfrg-ristretto255-decaf448%2F&amp;data=05%7C01%7Cthomas.pornin%40nccgroup.com%7C4acab1e2451a4dcce10908dac8c2e11a%7Ca41111be486b45f68bd0ee01a62f368e%7C0%7C0%7C638043036626907309%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=4whBipLwnWoH7gvpOhDbGyEhM0Xjv2jpxItbZ%2F%2BeZaY%3D&amp;reserved=0<https://gbr01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-irtf-cfrg-ristretto255-decaf448%2F&data=05%7C01%7Cthomas.pornin%40nccgroup.com%7C0da09539046f4ac936ee08dac8c36714%7Ca41111be486b45f68bd0ee01a62f368e%7C0%7C0%7C638043038847574165%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=T7YtpoPXEXIjdC0PWOhJTcw4mmBz5rb1oYSZ%2BZX5Q9c%3D&reserved=0>)
document forward.

Any volunteers?

Best Regards,
Alexey (on behalf of the CFRG Chairs)

_______________________________________________
Crypto-panel mailing list
Crypto-panel@irtf.org
https://gbr01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.irtf.org%2Fmailman%2Flistinfo%2Fcrypto-panel&amp;data=05%7C01%7Cthomas.pornin%40nccgroup.com%7C4acab1e2451a4dcce10908dac8c2e11a%7Ca41111be486b45f68bd0ee01a62f368e%7C0%7C0%7C638043036626907309%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=KJoEOjMe1B8HkkzMaBwGRDnjLtCXhb8p%2FWTlw8%2BKCBo%3D&amp;reserved=0<https://gbr01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.irtf.org%2Fmailman%2Flistinfo%2Fcrypto-panel&data=05%7C01%7Cthomas.pornin%40nccgroup.com%7C0da09539046f4ac936ee08dac8c36714%7Ca41111be486b45f68bd0ee01a62f368e%7C0%7C0%7C638043038847574165%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2FddzH92kEa%2FuncHvBBL4s2DjsD5SW3noRik0LHshJOI%3D&reserved=0>

v2.39.1 | Report a Bug | By Email | System Status