Re: [Lwip] Call for adoption of draft-struik-lwig-curve-representations-02
Mohit Sethi <mohit.m.sethi@ericsson.com> Tue, 04 September 2018 06:38 UTC
Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 885BB130DFA for <lwip@ietfa.amsl.com>; Mon, 3 Sep 2018 23:38:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Level:
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jqLXQxeW8qtZ for <lwip@ietfa.amsl.com>; Mon, 3 Sep 2018 23:38:58 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9984130DC5 for <lwip@ietf.org>; Mon, 3 Sep 2018 23:38:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1536043135; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=lEDPOhcqOltbsm5Hn9HidJcbGL09PaAY8WbbGmsxd0U=; b=hfSTMz1P+GilRxFpRkk3uH5GWOQskErN4HCquZNc0WYnBu9Sagi6UET5qfnLFWxq /TC/OhOV4U4qyxKNoI8LHvw3JPXuCMIug16TZ8UA1Nyndicl//G02/W5UGxGvPsL 7IXBeeAqJs15+ZdfbmDorJHRtrdgX6r4kXnVMgIJvlI=;
X-AuditID: c1b4fb3a-6ba019c000007a64-ff-5b8e287fd4f5
Received: from ESESBMB504.ericsson.se (Unknown_Domain [153.88.183.117]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id CE.72.31332.F782E8B5; Tue, 4 Sep 2018 08:38:55 +0200 (CEST)
Received: from ESESSMB503.ericsson.se (153.88.183.164) by ESESBMB504.ericsson.se (153.88.183.171) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Tue, 4 Sep 2018 08:38:55 +0200
Received: from nomadiclab.fi.eu.ericsson.se (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.191) with Microsoft SMTP Server id 15.1.1466.3 via Frontend Transport; Tue, 4 Sep 2018 08:38:55 +0200
Received: from nomadiclab.fi.eu.ericsson.se (localhost [127.0.0.1]) by nomadiclab.fi.eu.ericsson.se (Postfix) with ESMTP id 528C1481F6D; Tue, 4 Sep 2018 09:38:55 +0300 (EEST)
Received: from [127.0.0.1] (localhost [IPv6:::1]) by nomadiclab.fi.eu.ericsson.se (Postfix) with ESMTP id 0800C4804EC; Tue, 4 Sep 2018 09:38:54 +0300 (EEST)
To: Nikolas Rösener <nik_roe@uni-bremen.de>, lwip@ietf.org
References: <20180819190856.Horde.72-iC2Qq0HvxX0ckCy94u8L@webmail.uni-bremen.de>
From: Mohit Sethi <mohit.m.sethi@ericsson.com>
Message-ID: <9481d66c-416c-918b-25f7-0acfef35c9f5@ericsson.com>
Date: Tue, 04 Sep 2018 09:38:54 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <20180819190856.Horde.72-iC2Qq0HvxX0ckCy94u8L@webmail.uni-bremen.de>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-AV-Checked: ClamAV using ClamSMTP
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrILMWRmVeSWpSXmKPExsUyM2J7qW69Rl+0wfN51hbz9glb7Op7yuzA 5LFkyU8mj43v+9kDmKK4bFJSczLLUov07RK4Mp6evM9asF6o4kLDT8YGxnd8XYycHBICJhLn bt9hA7GFBI4ySvx8JdvFyAVkf2WUuP94EiuEc4FR4sT6L8wQzmZGib8v7zJBOAsZJaYsB3E4 OYQFQiU2zP0INktEwFdi9vozUHMDJG6uXgBWwyagJ9F57jjQJA4OXgF7icbuDJAwi4CKxMnX 11lBbFGBCInVy1+A2bwCghInZz5hAbE5BQIlZn3qBhvJLGAhMXP+eUYIW16ieetsZghbXOLW k/lMEK8pSyxoWcQIcYK6xNaOA4wTGEVmIRk7C8moWUhGzUIyagEjyypG0eLU4uLcdCMjvdSi zOTi4vw8vbzUkk2MwIg4uOW31Q7Gg88dDzEKcDAq8fCqyPRFC7EmlhVX5h5ilOBgVhLh9eMH CvGmJFZWpRblxxeV5qQWH2KU5mBREud1SrOIEhJITyxJzU5NLUgtgskycXBKNTBWqyo+0V/I ahliMv/7OSvX98KHajo6fA9tLlobLi3Gv+GM7tS8OleGF/KpMY+2nd0hWmIf6S21PLz6hlpV 89FlTRvfCB6483imwJq8idWLkxr9H9cvr34RqeyeYnJ8+v0T2dvsPfylOfO2iJur/NpRyyz3 KfD1jVdf1kx/ZWt+Xtq8NZN1gZkSS3FGoqEWc1FxIgAZGxAWhAIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/lwip/G1MUuEzzoIqvTGPVYg7oHpbtKOU>
Subject: Re: [Lwip] Call for adoption of draft-struik-lwig-curve-representations-02
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Lightweight IP stack. Official mailing list for IETF LWIG Working Group." <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lwip/>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Sep 2018 06:39:00 -0000
Hi Nikolas, Thank you for your feedback on the draft. Is any of the two libraries open source? I personally think that it would be nice to see some performance numbers in the draft. For example, is an implementation supporting both the curves with the same underlying primitives slower than two separate implementations? And how much code space or memory can be saved by re-using some of the underlying primitives? --Mohit On 08/19/2018 08:08 PM, Nikolas Rösener wrote: > Hi, > > my name is Nikolas Rösener - I am student at the Universität Bremen > currently writing my masters thesis on the topic of the performance of > curve model transformations. > > In my opinion draft-struik-lwig-curve-representations-02 already > presents a great summary of the possible transformations for the > Curve25519-family of curves. I implemented the transformations in two > different libraries, as part of my performance evaluation, and had no > problems following the formulae in the draft. > > In retrospect, I found that the following additional information would > have been very useful if I had attempted to implement the > transformations as part of a serious cryptographic primitive: > > - Test Vectors > - Recommendations for (the relevance of) dealing with the special > cases (point-at-infinity etc.) > - Usages with co-factor Diffie-Hellmann (NIST SP 800-56a) > - Usages with ECDSA (FIPS Pub 186-4) > > I had some further discussions with Rene on topics related to > retrofitting existing implementations with conversions (doing generic > modular reduction, providing transformation formulae for different > point formats, providing algorithms for recovering coordinates...). > The relevance of these of course depends on the direction the draft is > taking. > > Oh, and - personal preference - but I also think it makes quite a > difference to the ease and speed of implementing an ecc algorithm if > it is provided as three-operand-code in addition to the mathematic > formula (like e.g. https://hyperelliptic.org/EFD/). The former reduces > cognitive load and risk of manual errors. > > Best regards, > Nikolas Rösener > > > _______________________________________________ > Lwip mailing list > Lwip@ietf.org > https://www.ietf.org/mailman/listinfo/lwip
- [Lwip] Call for adoption of draft-struik-lwig-cur… Mohit Sethi
- Re: [Lwip] Call for adoption of draft-struik-lwig… Olaf Bergmann
- Re: [Lwip] Call for adoption of draft-struik-lwig… Nikolas Rösener
- Re: [Lwip] Call for adoption of draft-struik-lwig… Mohit Sethi
- Re: [Lwip] Call for adoption of draft-struik-lwig… Mohit Sethi
- Re: [Lwip] Call for adoption of draft-struik-lwig… Michael Richardson