Re: [openpgp] Curve3617 in OpenPGP? Beyond rfc6637.

Gregory Maxwell <gmaxwell@gmail.com> Fri, 18 October 2013 08:42 UTC

Return-Path: <gmaxwell@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD73C21F9B08 for <openpgp@ietfa.amsl.com>; Fri, 18 Oct 2013 01:42:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AofmxhNT0cJu for <openpgp@ietfa.amsl.com>; Fri, 18 Oct 2013 01:42:13 -0700 (PDT)
Received: from mail-la0-x22d.google.com (mail-la0-x22d.google.com [IPv6:2a00:1450:4010:c03::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 7D5E621F9AF8 for <openpgp@ietf.org>; Fri, 18 Oct 2013 01:42:12 -0700 (PDT)
Received: by mail-la0-f45.google.com with SMTP id eh20so417678lab.4 for <openpgp@ietf.org>; Fri, 18 Oct 2013 01:42:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=lkIbWqQYzVk3Co4xoGZN+5V1BbAuRGw163b95vjH1Mo=; b=ydZ6VmwRzFl3K2R8r/g8W3yszkoN6NOsq8UStxvk7QJwpKEJElUd6cIFyXSqAmG/23 0XE2xA/MQPdzk8mKVmMUF5nUrmttoi7aPRYO7pZKbsZSgtQB78LWyfAycDfs0atyL0CR ogQuY+TuxtfvfJvj37Ci6AF4t6T9uV6diZIb4ydWol0vH1kYYowJBHNTgXNmqykvc1jW 0B+tqcI2L/xVZ5LBxHCAOCcUT9xSfzLWjpcslF/lRIrlb742reiFCWdH3Q9ScenWqLFP 5h6OC6A64dLU56hYTnWi14u6Vagk7IqmBzBl9xYGo4xyfkxSkQ618odatgTWqi1xmwkP GKaw==
MIME-Version: 1.0
X-Received: by 10.152.18.131 with SMTP id w3mr309135lad.47.1382085731247; Fri, 18 Oct 2013 01:42:11 -0700 (PDT)
Received: by 10.112.89.72 with HTTP; Fri, 18 Oct 2013 01:42:11 -0700 (PDT)
In-Reply-To: <87vc0vf0d9.fsf@vigenere.g10code.de>
References: <CAAS2fgRG2AbZsz_4aF33Pd167M4-6=-73WAAgxTAjLMdoGNLeQ@mail.gmail.com> <CBE39208-C436-4145-A645-10380145F200@callas.org> <87iowvghx3.fsf@vigenere.g10code.de> <CAAS2fgS+Z_OmCzavCsSubQi3oaX-gUt9uv6Uio-rA-wpszF5Wg@mail.gmail.com> <87vc0vf0d9.fsf@vigenere.g10code.de>
Date: Fri, 18 Oct 2013 01:42:11 -0700
Message-ID: <CAAS2fgQvoBZPsVyE9uthoXB_rSuuX5VF2HM-ihjmbsdmWKpKCw@mail.gmail.com>
From: Gregory Maxwell <gmaxwell@gmail.com>
To: Werner Koch <wk@gnupg.org>
Content-Type: text/plain; charset="UTF-8"
Cc: openpgp@ietf.org, Jon Callas <jon@callas.org>
Subject: Re: [openpgp] Curve3617 in OpenPGP? Beyond rfc6637.
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Oct 2013 08:42:13 -0000

On Fri, Oct 18, 2013 at 1:29 AM, Werner Koch <wk@gnupg.org> wrote:
> and actually it is faster to use because there is no need for
> uncompressing.

Not so at least for ECDH, e.g. the implementation in curve25519 uses a
multiplier that really does work on the X coordinate alone. For other
curves (which are not twist secure), generally time spent
uncompressing is not to much slower than the sqrt needed to check that
the point is on the curve.