IETF Logo Mail Archive

[Lwip] Fwd: New Version Notification for draft-ietf-lwig-curve-representations-23.txt

Rene Struik <rstruik.ext@gmail.com> Fri, 21 January 2022 23:32 UTC

Return-Path: <rstruik.ext@gmail.com>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 732523A162C; Fri, 21 Jan 2022 15:32:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hIBnJhzu4xQS; Fri, 21 Jan 2022 15:32:40 -0800 (PST)
Received: from mail-qk1-x731.google.com (mail-qk1-x731.google.com [IPv6:2607:f8b0:4864:20::731]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 862103A162B; Fri, 21 Jan 2022 15:32:40 -0800 (PST)
Received: by mail-qk1-x731.google.com with SMTP id z10so11807947qkf.7; Fri, 21 Jan 2022 15:32:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:references:content-language :to:cc:from:subject:in-reply-to; bh=YcbFlNnLeQ/+wdVa8LPuRRRQ2CxJI2kUPu1lQnLHgUA=; b=aIiV4Ojw4FNry11gQhRX5lv89lXjTV/nSDmhS2GagfPY/3tnSKYR/orRB+qSwwSzBO AQaXGD5uSEen/+f9b+NGBY3YdV6IP1LUgSEspbk03N7Tsp8FkwXGmEHv8rufXYEzJ9fJ 939K1MmT33sTsUjESlMsgk1YtgcXosSYYMTvOdrLmZbLlhj3nVne7eolI977vVc3kne0 KnGrqaLce95Bmki8hc4H6SZEHFCs2/2KKAYCwseK2umyo5N6WnJ3j1jNXMShw0lnXWwg uwAfqVHY2xMw2eaOhmX8AKrRgEGkm4DYBYj2PA3OtP1c6BV8Q/hx/SvileELQKSJGXfy Yf2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent :references:content-language:to:cc:from:subject:in-reply-to; bh=YcbFlNnLeQ/+wdVa8LPuRRRQ2CxJI2kUPu1lQnLHgUA=; b=prnq+GIxbXdk12KSsvYIlBUvSD5HgVF/iLV9xH3/e/kTI71xgRWSGZ1ISO+VlBYDvx +q/h9IdeKgNmIoRIZmt1CezzIIMuKTPQnhWS/du7UcgajXAO+tI/musRY2QhkWwiSuQx bFqBmsCTHP6rFDt/zpeL71w2swzAL3NpUBmoaMAAho+FKwBk8EbvDcr213mCX4OEywFz l/SeKIMkIiNhNtctBBD87WIYawj3f4m6mvo7f74XCm9iRPS5Vol1BI1ydUKhedw5ZcFJ nqFnEF3xTXPpPsUMfAPBi97OksUMTBkLezLMY7F6HHWlvz+OMED/vDByahnWdh1+pi9J mOVQ==
X-Gm-Message-State: AOAM533ilzNVtZz9BUHlTsu76MYzS27kcl2UMldoPDwN9CHKJJJEPkEQ MkpC0FM2O8fogGoPVgTxW2HMecxO9ww=
X-Google-Smtp-Source: ABdhPJw6XZdxWmS8bNZPlNdScnFAx34xjc1HGa8IOy0fOnfL7uAsZjbASzK1iPjEsXNNEVytnFmQEQ==
X-Received: by 2002:a05:620a:4687:: with SMTP id bq7mr4615238qkb.616.1642807958743; Fri, 21 Jan 2022 15:32:38 -0800 (PST)
Received: from ?IPV6:2607:fea8:8a0:1397:b920:3bac:c83:f4e3? ([2607:fea8:8a0:1397:b920:3bac:c83:f4e3]) by smtp.gmail.com with ESMTPSA id m21sm3996555qkp.91.2022.01.21.15.32.37 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 21 Jan 2022 15:32:38 -0800 (PST)
Content-Type: multipart/alternative; boundary="------------XAKqqOgnJP9pSw2V3Zxr9hoB"
Message-ID: <204cbd49-e74f-a11b-2e81-3328cd16488b@gmail.com>
Date: Fri, 21 Jan 2022 18:32:37 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0
References: <164280578662.16592.16625041318608542476@ietfa.amsl.com>
Content-Language: en-US
To: "lwip@ietf.org" <lwip@ietf.org>
Cc: "sec-ads@ietf.org" <sec-ads@ietf.org>, "ek.ietf@gmail.com" <ek.ietf@gmail.com>, Mohit Sethi <mohit.m.sethi@ericsson.com>
From: Rene Struik <rstruik.ext@gmail.com>
In-Reply-To: <164280578662.16592.16625041318608542476@ietfa.amsl.com>
X-Forwarded-Message-Id: <164280578662.16592.16625041318608542476@ietfa.amsl.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/lwip/Hw_dq-Y36Vq58we4MYrfpEBA1Iw>
Subject: [Lwip] Fwd: New Version Notification for draft-ietf-lwig-curve-representations-23.txt
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Lightweight IP stack. Official mailing list for IETF LWIG Working Group." <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lwip/>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jan 2022 23:32:43 -0000

Dear colleagues:

I updated the lwig curve draft, so as to take into account (1) another 
crypto review panel review this draft was subjected to by the powers 
that be; (2) discussions on ECDSA with the SHA3 family hash functions 
that took place on the COSE mailing list and offline Nov-early January.

Changes:

a) Section 7 (Implementation Status): included reference to ANSSI's 
(French information security agency) use of lwig curve draft, including 
motivations (hooray);

b) Appendix B.1 (Elliptic Curve Nomenclature): made definition of 
isomorphic curves in Appendix B.1 more precise, via one-sentence change 
(zero impact on draft, but done for completeness);

c) Appendix I (Data Conversions): added Definition of ASCII symbols 
(with reference to RFC 20);

d) Appendix Q (ECDSA): corrected numerical examples for ECDSA w/ 
Wei25519 and SHAKE-128 (Appendix Q.3.2) and ECDSA w/ Wei448 and 
SHAKE-256 (Appendix Q.3.3). Here, it turned out that the Python code in 
Sage that I used incorrectly implements the FIPS 202 specification of 
SHAKE128 and SHAKE256. To do this properly, I implemented all SHA3 
functions from scratch on the bit-level and had this vetted 
independently via contacts at NIST. To indicate that ECDSA w/ Wei448 and 
SHAKE256 uses FIPS 202-conformant SHAKE256, I added in Section 4.3 as 
reference to FIPS 202 "see Section 6.3 of [FIPS 202]"). BTW - adding 
ASCII (point c) above) above was motivated by desire to avoid 
bit/byte-ordering ambiguity and set the record straight.

I made a few (very few) typographical and cosmetic changes throughout 
the document, in an attempt to make the crypto review panel reviewer 
happy. (Time will tell.)

I hope this helps.

Best regards, Rene

-------- Forwarded Message --------
Subject: 	New Version Notification for 
draft-ietf-lwig-curve-representations-23.txt
Date: 	Fri, 21 Jan 2022 14:56:26 -0800
From: 	internet-drafts@ietf.org
To: 	Rene Struik <rstruik.ext@gmail.com>




A new version of I-D, draft-ietf-lwig-curve-representations-23.txt
has been successfully submitted by Rene Struik and posted to the
IETF repository.

Name: draft-ietf-lwig-curve-representations
Revision: 23
Title: Alternative Elliptic Curve Representations
Document date: 2022-01-21
Group: lwig
Pages: 150
URL: 
https://www.ietf.org/archive/id/draft-ietf-lwig-curve-representations-23.txt
Status: 
https://datatracker.ietf.org/doc/draft-ietf-lwig-curve-representations/
Htmlized: 
https://datatracker.ietf.org/doc/html/draft-ietf-lwig-curve-representations
Diff: 
https://www.ietf.org/rfcdiff?url2=draft-ietf-lwig-curve-representations-23

Abstract:
This document specifies how to represent Montgomery curves and
(twisted) Edwards curves as curves in short-Weierstrass form and
illustrates how this can be used to carry out elliptic curve
computations leveraging existing implementations and specifications
of, e.g., ECDSA and ECDH using NIST prime curves. We also provide
extensive background material that may be useful for implementers of
elliptic curve cryptography.




The IETF Secretariat

v2.23.0 | Report a Bug | By Email