Re: [Lwip] I-D Action: draft-ietf-lwig-curve-representations-14
Daniel Migault <daniel.migault@ericsson.com> Mon, 16 November 2020 02:56 UTC
Return-Path: <daniel.migault@ericsson.com>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61DCD3A1021 for <lwip@ietfa.amsl.com>; Sun, 15 Nov 2020 18:56:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yuJd1DObC0Gd for <lwip@ietfa.amsl.com>; Sun, 15 Nov 2020 18:56:49 -0800 (PST)
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2063.outbound.protection.outlook.com [40.107.244.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1260D3A1023 for <lwip@ietf.org>; Sun, 15 Nov 2020 18:56:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Qez3yBQ1JjY5G5bhspibIs8pFIMm0jJl5FzJwimKTBdUGV3vOwODx7c4DNgs53eu9WuJPHL0rIvpSHWxy/4/4Qt+MIX/+2QT/uxr2m9lRyB9WrBFMbKUB+wtqe+MZgLIL0jATrDjdluwicapE7scfHzy/L4OLtZUfhpctsDKJc1yiRVxEmfdD/8YIuC0iP2SpAaE2aNUWrACiaiJvAZS1jnpSGp2K1pLTo25jK63wv3Qy3stPX3EAWyIdVo/uF5z5pL7kE1EG0/PvFFFTFLgtr8LqWh/ijkTwzXbg7gta3q6Xy2Ida+qn/PpuJ4IYQUxWhBQ8qxYxj9NvjiZrjU2Hw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M38mL4Tb/xt2gvV6e9Xz/B2MXD7E4EjrGTC4h4caNwQ=; b=DdlKy+25fjdw1pevf0zHFuK7IE1V8kqlH04y6P+tphuEhaYzMneHBEEaM/bH2mPeeaRT3NtcLnkd/TsTN28EwWuXexbs5PzQE59hMw4RDvcYFCI3bkhN7ndr27RQEMGpMCbtbFvmMyghwUNwX7uMdJO3FXbP2hELYd9UcftIPbQNDSAfzlETjz8gA+sUuBOLAvDDtBg01ZcPhlue36PIR9avAn4l+k/Dg3rHtBDeyj2Hh+jNgayFGvA5u9+s1to6Q+RgTlKnc1HAm0qK6A4xLrHqStf3fM9h7r4xBBOUQLwVE6pggDJgc5tbekSqivzjas5fCQGZkYJ8DZ+ePufHhg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M38mL4Tb/xt2gvV6e9Xz/B2MXD7E4EjrGTC4h4caNwQ=; b=LDiEHH/dR9BuQo+UOriFnIGi6sLmMA9yzxOc+TXQT8H6xeUdqr5j7aoz39jM8sKxytM1DSDZBQavY7G1S5kK3YTMf4hnHxxbpajEsXMJkyMtqkfFOjM/z16SqaCBAMsp82xo9eW7gaWp2vQYLj0LxvCeIaLx80EugrCWDUke6MA=
Received: from DM6PR15MB2379.namprd15.prod.outlook.com (2603:10b6:5:8a::16) by DM6PR15MB4070.namprd15.prod.outlook.com (2603:10b6:5:2b8::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.25; Mon, 16 Nov 2020 02:56:46 +0000
Received: from DM6PR15MB2379.namprd15.prod.outlook.com ([fe80::1929:ac0e:1f0d:fa54]) by DM6PR15MB2379.namprd15.prod.outlook.com ([fe80::1929:ac0e:1f0d:fa54%7]) with mapi id 15.20.3564.028; Mon, 16 Nov 2020 02:56:46 +0000
From: Daniel Migault <daniel.migault@ericsson.com>
To: Rene Struik <rstruik.ext@gmail.com>, "lwip@ietf.org" <lwip@ietf.org>
Thread-Topic: [Lwip] I-D Action: draft-ietf-lwig-curve-representations-14
Thread-Index: AQHWu6t2fvhOPup/qkm93ITXnWezsanKEEYQ
Date: Mon, 16 Nov 2020 02:56:46 +0000
Message-ID: <DM6PR15MB23798B7FCA394010C0AC4F10E3E30@DM6PR15MB2379.namprd15.prod.outlook.com>
References: <160436124839.18774.18222892622710640841@ietfa.amsl.com> <4fc6130c-aeae-178e-75b0-eb68e42cf11a@gmail.com> <07fc7ba3-0f7e-026b-006b-e79e134328a2@gmail.com>
In-Reply-To: <07fc7ba3-0f7e-026b-006b-e79e134328a2@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [96.22.11.129]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9b32f000-101b-42a8-5951-08d889db4195
x-ms-traffictypediagnostic: DM6PR15MB4070:
x-microsoft-antispam-prvs: <DM6PR15MB4070E38E76BD8A5F770847BCE3E30@DM6PR15MB4070.namprd15.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Ae4tDW4Ii0T1HXpnGmmLzzYsVtaATUE546dvUtu23yPcT4ihS8qeiNGopWNrhB8YMmgIVSzUUPYw2PIWUblpoYmm9jge1Zbq+JpK5PdW8D5i4TGHmqLIu2mqoB6Nw7tEwTYYfK3SCmZ2URr6hM6wdrnMl+00rrrSA6GWAylao/+tZokgi/HXYyLzcKruZaPnkujbLIBDOgAjYeTPYXNOsnlTWGNLb239pmfgXad1jO1xdhxkqhS+TYFPC8YgutovvysDmbsw+cU1n/llhsSBIpGk+T0Fwkguq+n8lBm7iFsy4+VfpBbOZWrsZ9UUjH533xVaxt0CpfSJk6cG8elg9PKMgF31lamWMTr7rUI5VHTwCGkI2VADqJGEYPjEhtwx85QkE7dXj2KyYCLz45w/1Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR15MB2379.namprd15.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(346002)(396003)(136003)(39850400004)(376002)(52536014)(71200400001)(83380400001)(110136005)(8676002)(316002)(66556008)(64756008)(66476007)(76116006)(5660300002)(66446008)(66946007)(8936002)(966005)(44832011)(2906002)(86362001)(9686003)(33656002)(66574015)(26005)(55016002)(6506007)(186003)(53546011)(478600001)(7696005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: KKYI20PucTFWBux7eeS+gp8hsHFlPw1FuAQtgmB73pQc3HAUG6NrNc0kz1p0i/F8tmq1RjtmA+NZdqyaXlWgjTxI+Y7VDR7egc6Ha6A/o+RCS2XQ/YtqMmaak7ASNqwFbYxnSMhGYRhz6pxf7c6Mik8JCLRabz13dFvsQ1W6Zd8nnjUp2hm5hCORgIQOJGAVX+85xpGFUkHR/zoHdcc9Hv7TDuMUT2zfymr5mc9zM4N7XGp/ieyFqlJHUOkacTyDdf9XybYwqDzB/jtvlxHaGmwgu+IxQCQzakApX6Ou8Huqa1YbnicorDnGduZEiXQionvGHeeGAZP8R/pduQPvczsvQA/uwrHE9HIwF4vSShOi12SXK8KupYBFNmBE14Z7bjalOpSIxh3NGumrc7ibxPwcUZ0rNZPB3rU+bY5EEWPHeL+wTIgz23qXVbUDHzs6YLyhNJvODeUuH9OE6ObBNWjJLhf/EzGtrDowzdwNH9eZai7N14HzWPkisaiyQtUWczDBqjHA+3ABjIagALeYzD9th0FNysuZD2ESSEqD5f1VwJzKoyN9FKtgmpWIxpSqmRZ3Ke+NTu6OdyAaiKg0VPptDmm8TMYiFG8YOh84s/0MUExNKanDw0nPd//QjQYbbri87thGMYT3JeU1KQ8YBQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR15MB2379.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9b32f000-101b-42a8-5951-08d889db4195
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2020 02:56:46.2935 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: I33sgKPI0x1m02iRTMM38wJxi6N4c9+V+q+IrMjlWpCNMTfX/qlwBztGK7uuF7DR/vloELhJqKGLJ8cwWejvxb27OByMsrGGRzT2f7JnbuQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR15MB4070
Archived-At: <https://mailarchive.ietf.org/arch/msg/lwip/4SMBNWUuyDzWzjgOJcRAoDPAsLw>
Subject: Re: [Lwip] I-D Action: draft-ietf-lwig-curve-representations-14
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Lightweight IP stack. Official mailing list for IETF LWIG Working Group." <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lwip/>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Nov 2020 02:56:54 -0000
I agree that standard track is more appropriated. I agree the document should go and be published. Yours, Daniel -----Original Message----- From: Lwip <lwip-bounces@ietf.org> On Behalf Of Rene Struik Sent: Sunday, November 15, 2020 6:59 PM To: lwip@ietf.org Subject: Re: [Lwip] I-D Action: draft-ietf-lwig-curve-representations-14 Dear colleagues: I just uploaded a minor update of the draft. Main change is that intended status is now "standards track" (rather than informational). This should take into account iana code point assignment requests, which apparently require this status. {I was told this could also be BCP, but I am not savvy enough on IETF processes to know what would work best (although bcp sounds pretty cool). tiny edits: - changed "bit-size" to "bit-length" and "byte-size" to "byte-length throughout (to make this fit with defined terms ad verbatim); - three minor editorial changes to help out the audience (in case they would have trouble with this themselves), viz. (a) added a sentence to Appendix B.1 on how to generate a random high-order point R:=k*P; (b) added a table in Appendix P.2 (Table 3) on how many random bits one needs to generate this k with negligible bias (this simply plugs in values in formulas that were there, organizing this in a simple table); (c) added a table at the end of Appendix K.6 (Table 2), which codifies in easy to grasp way the main crux of an otherwise difficult to read mathematical paper, organizing this in a simple table (earlier, I had simply referred to the paper). - one more editorial change: (d) added a short note to Appendix K.2 (Note 1) to debunk the myth that inversion (as used during ECDSA) is leaky. While these changes are editorial, I have seen ongoing confusion on how many random bits one needs to create, e..g, a pseudorandom private key, etc., (even in cfrg) and on what is leaky or not (cose), that I thought to simply roll-up my sleeves and add this to the document as a service to the community. Main change, though, is that the doc has a different status. I hope this helps. Best regards, Rene On 2020-11-03 10:04 a.m., Rene Struik wrote: > Dear colleagues: > > I updated the draft so as to take into account the comments received > during IETF Last Call. > > Changes: > > - added verbiage on use of Wei25519 and Wei448 with PKIX and CMS (now > Section 11) and request for OIDs to support this (now Section 12.1); > > - changed requested COSE algorithm registration values: (Section 12.2) > ECDSA25519 (was: -1; now: -9); ECDH25519 (was: -2; now: -24 {still > 1-octet, though}); (Section 12.3) ECDSA448 (was: -47; now: -48); > ECDH448 (was: -47; now: -48). Note RS: here, latter change due to > usurping the value of -47 by ECDSA w/ secp256k1 and SHA256 earlier > this summer; > > - added examples encodings so as to include all cousins of Curve448 > (now including also Wei448.1, now Appendix O.4); > > - added three more rows in Table 1 (Appendix K.4.2) so as to include > examples for all cousins of Curve448 (now including also Wei448, > Wei448.1, Wei448.-3); > > - added two notes to Appendix K.6 and slightly reformulated so as to > make these auxiliary functions easier to simply cross-reference and > instantiate in future (if desired); > > - fixed minor detail of 2-isogenous mapping between Wei448 and > Wei448.-3 (singling out point (tau,0) of order two in dual isogeny map > in Appendix N.2); > > - slightly changed encoding example for Edwards448 curve (Appendix > O.6), to make this consistent with potential future use of randomized > representation of curve points (Appendix K.5) if one were to ever use > this for enhanced privacy in big brother-esque scenarios; {details do > not matter for current draft, though} > > - some tiny editorials, including (1) consistent naming of "short" > Weierstrass curve as short-Weierstrass curves; (2) defined alternative > naming of "points in small subgroup" as "low-order points" as well > (Appendix B.1); (3) changed "smaller than 1/2" to "at most 1/2" (at > end of Appendix P.3). {here, perfectionism seems to get in the way} > > While the above list seems long, almost all of this is editorial or > simply adding other example encodings. The tiny "fix" above is, > however, a fix (but probably would only be noticeable by mathematicians). > > Best regards, Rene > > On 2020-11-02 6:54 p.m., internet-drafts@ietf.org wrote: >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Light-Weight Implementation Guidance >> WG of the IETF. >> >> Title : Alternative Elliptic Curve Representations >> Author : Rene Struik >> Filename : draft-ietf-lwig-curve-representations-13.txt >> Pages : 131 >> Date : 2020-11-02 >> >> Abstract: >> This document specifies how to represent Montgomery curves and >> (twisted) Edwards curves as curves in short-Weierstrass form and >> illustrates how this can be used to carry out elliptic curve >> computations using existing implementations of, e.g., ECDSA and >> ECDH >> using NIST prime curves. We also provide extensive background >> material that may be useful for implementers of elliptic curve >> cryptography. >> >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-lwig-curve-representation >> s/ >> >> There are also htmlized versions available at: >> https://tools.ietf.org/html/draft-ietf-lwig-curve-representations-13 >> https://datatracker.ietf.org/doc/html/draft-ietf-lwig-curve-represent >> ations-13 >> >> >> A diff from the previous version is available at: >> https://www.ietf.org/rfcdiff?url2=draft-ietf-lwig-curve-representatio >> ns-13 >> >> >> >> Please note that it may take a couple of minutes from the time of >> submission until the htmlized version and diff are available at >> tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> >> _______________________________________________ >> Lwip mailing list >> Lwip@ietf.org >> https://www.ietf.org/mailman/listinfo/lwip > > -- email: rstruik.ext@gmail.com | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 287-3867 _______________________________________________ Lwip mailing list Lwip@ietf.org https://www.ietf.org/mailman/listinfo/lwip
- [Lwip] I-D Action: draft-ietf-lwig-curve-represen… internet-drafts
- Re: [Lwip] I-D Action: draft-ietf-lwig-curve-repr… Rene Struik
- Re: [Lwip] I-D Action: draft-ietf-lwig-curve-repr… Rene Struik
- Re: [Lwip] I-D Action: draft-ietf-lwig-curve-repr… Rene Struik
- Re: [Lwip] I-D Action: draft-ietf-lwig-curve-repr… Daniel Migault