Re: [Lwip] I-D Action: draft-ietf-lwig-curve-representations-20.txt
Rene Struik <rstruik.ext@gmail.com> Thu, 18 February 2021 01:24 UTC
Return-Path: <rstruik.ext@gmail.com>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E49043A1EA6 for <lwip@ietfa.amsl.com>; Wed, 17 Feb 2021 17:24:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oMqi5mR0NGj5 for <lwip@ietfa.amsl.com>; Wed, 17 Feb 2021 17:24:18 -0800 (PST)
Received: from mail-qv1-xf29.google.com (mail-qv1-xf29.google.com [IPv6:2607:f8b0:4864:20::f29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C76AE3A1D23 for <lwip@ietf.org>; Wed, 17 Feb 2021 17:24:18 -0800 (PST)
Received: by mail-qv1-xf29.google.com with SMTP id p6so215192qvm.12 for <lwip@ietf.org>; Wed, 17 Feb 2021 17:24:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:references:subject:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=jRt0HA00XcpfIF0nyTo+H0Ersbs8AeXkum6mK+oBpAQ=; b=uQOey4GbTEXi4Pc2rAhv2j/XH2MqTiA5N4tBo0lAEf6+vW4NVupXPFShUpCdS7/Unz omCs13UbWew/X4rSdD5aLo4iZaVFPtSh8ZR6ScDjObZSMINqtkF1h+37lzn9VbVkjf+q 0Ee1vV1NGM1CkXVt2bXLWd6GCRreF2VxZZXL9SlxaTWwgzeG9mhKq9KNIiDEU7aVYGXF BSjkj9aHVECGj/5ZES4fXtjHX5BxUF82g0fLRZkNMs+0plvI5+jaB6hGSuLVhISXZTK3 sn9BzNF6OdHd0WllmtO56AcmYwDBwP+Kx5L59KbrustLnVp5eQyz9J6M8NZ31eCQ40wZ P5hQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:references:subject:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=jRt0HA00XcpfIF0nyTo+H0Ersbs8AeXkum6mK+oBpAQ=; b=BCP3KHmxFslQ107IYI/Z5ueBj08EPxglgxRJLf+l8a00ARZke7ZhM+q7pChTHGa85A fxFvm7dBDXa2vt2agjBsDFmas9M/ghe7YxZNQcW6XWXlPf8ddP2LugTxVzK4VbbR3n2R Lm8nBUqfIJalJaaJ6j9RZ4GLXiCHudBUEUnYfLjvQ2XVYICehABdQayR1sK+o+RsKCoT 4oNzPBIAJvv829PbYNWipy5RUJRR3Cm1IuEBI4fkEy+sOJr8Y2FNnL4MCo8f7ISIkdp1 zzxD6s4QWUcvg4lVaZwjPGSlm98D+Pz4FkiHowvQQ/jlkR9pqh4sxay3iFbWTdmSt53C cQ2A==
X-Gm-Message-State: AOAM530Ng0q/PEdU/C0SO1snCxRXxqpUd6mbJF1BhLAKWCkjsqEQI2U0 CIaUpygE8muzMwjuHDYX/zwfDVYAhnM=
X-Google-Smtp-Source: ABdhPJwIQ/lWBdFonxs7bipqoI3SCDIq3hdYPywhvx62mtUN3NLvOIVbEGJRUfEV7iCvpB7svLzE2A==
X-Received: by 2002:a05:6214:208:: with SMTP id i8mr2020456qvt.31.1613611457632; Wed, 17 Feb 2021 17:24:17 -0800 (PST)
Received: from ?IPv6:2607:fea8:8a0:1397:757a:51c7:ccf3:200? ([2607:fea8:8a0:1397:757a:51c7:ccf3:200]) by smtp.gmail.com with ESMTPSA id h186sm2866906qke.129.2021.02.17.17.24.16 for <lwip@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 17 Feb 2021 17:24:17 -0800 (PST)
From: Rene Struik <rstruik.ext@gmail.com>
To: lwip@ietf.org
References: <160824793665.318.5190919020112195247@ietfa.amsl.com> <85982e4e-912a-c06f-003c-3f808b2a427b@gmail.com>
Message-ID: <f6852585-d7af-f55d-8bed-728e5a3c7fd9@gmail.com>
Date: Wed, 17 Feb 2021 20:24:16 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
MIME-Version: 1.0
In-Reply-To: <85982e4e-912a-c06f-003c-3f808b2a427b@gmail.com>
Content-Type: multipart/alternative; boundary="------------9CF025F6035CB05E9781CD90"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/lwip/YBLLAY_1pgkgpo1B8skHbllKQ4g>
Subject: Re: [Lwip] I-D Action: draft-ietf-lwig-curve-representations-20.txt
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Lightweight IP stack. Official mailing list for IETF LWIG Working Group." <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lwip/>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Feb 2021 01:24:21 -0000
Dear colleagues: Changes (compared to previous version v19): - removed the cose iana requests subsections, so as to avoid further pollution of discussion of this document (which is long overdue to get out). [Excerpt email RS of Feb 16, 2021, 11.50am EST; see https://mailarchive.ietf.org/arch/msg/lwip/9SH1J3OZoiwMZ8jx49OhOlZOtAg/ ] The iana cose "bickering" is about the value of 6 one-word character strings, in an otherwise quite voluminous, since 137 pages, document, where the value could be "new" or "reuse existing" (i.e., at most six bits of entropy). The current iana cose request may not be perfect. If it requires improvement, I can write some text to accommodate this *in parallel* to the IESG review. On 2020-12-18 9:50 a.m., Rene Struik wrote: > Dear colleagues: > > Changes: > - added reference to FIPS 140-2 accreditation requirements > (cross-referenced in Section 4.1 w.r.t., NIST-compliance ECDH25519); > - added references to draft NIST SP 800-186 and draft FIPS 186-5 (not > cross-referenced yet, but NIST SP 800-186 defines short-Weierstrass > version of Curve25519 [dubbed W-25519] and > FIPS 186-5 allows its use; similar for Curve448 [dubbed W-448 there]); > - added Note in Appendix K.1 that checking whether an element is a > square in GF(q) can be done more efficiently than actually computing > those; > - cross-referenced this Note in Appendix I.8 with public key > validation check of compressed points. > > The added technical material (on public key validation and square root > checking) is relevant for co-factor ECDH25519, where NIST-compliant > implementations have to check that the received curve point is on the > actual curve. Since ECDH computations do not require the y-coordinate > of a short-Weierstrass point, one can check whether a point is on the > curve this way (~1% cost vs. ~10%). > > While this added technical material note is purely informational > (again: service to the community), it helps in understanding that > NIST-compliant implementations do not add more cost than more lenient > once (that do not perform checks). > > Best regards, Rene > > On 2020-12-17 6:32 p.m., internet-drafts@ietf.org wrote: >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Light-Weight Implementation Guidance >> WG of the IETF. >> >> Title : Alternative Elliptic Curve Representations >> Author : Rene Struik >> Filename : draft-ietf-lwig-curve-representations-19.txt >> Pages : 137 >> Date : 2020-12-17 >> >> Abstract: >> This document specifies how to represent Montgomery curves and >> (twisted) Edwards curves as curves in short-Weierstrass form and >> illustrates how this can be used to carry out elliptic curve >> computations using existing implementations of, e.g., ECDSA and ECDH >> using NIST prime curves. We also provide extensive background >> material that may be useful for implementers of elliptic curve >> cryptography. >> >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-lwig-curve-representations/ >> >> There are also htmlized versions available at: >> https://tools.ietf.org/html/draft-ietf-lwig-curve-representations-19 >> https://datatracker.ietf.org/doc/html/draft-ietf-lwig-curve-representations-19 >> >> >> A diff from the previous version is available at: >> https://www.ietf.org/rfcdiff?url2=draft-ietf-lwig-curve-representations-19 >> >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> >> _______________________________________________ >> Lwip mailing list >> Lwip@ietf.org >> https://www.ietf.org/mailman/listinfo/lwip > > -- email: rstruik.ext@gmail.com | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 287-3867
- [Lwip] I-D Action: draft-ietf-lwig-curve-represen… internet-drafts
- Re: [Lwip] I-D Action: draft-ietf-lwig-curve-repr… Rene Struik
- Re: [Lwip] I-D Action: draft-ietf-lwig-curve-repr… Rene Struik