[openpgp] Curve25519 for public key encryption

NIIBE Yutaka <gniibe@fsij.org> Sat, 26 April 2014 07:47 UTC

Return-Path: <gniibe@fsij.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 88E5A1A0455 for <openpgp@ietfa.amsl.com>; Sat, 26 Apr 2014 00:47:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.172
X-Spam-Status: No, score=-2.172 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.272] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id wSDDV_01zr5g for <openpgp@ietfa.amsl.com>; Sat, 26 Apr 2014 00:47:45 -0700 (PDT)
Received: from atom.fsij.org (atom.fsij.org []) by ietfa.amsl.com (Postfix) with ESMTP id 57FDD1A030D for <openpgp@ietf.org>; Sat, 26 Apr 2014 00:47:45 -0700 (PDT)
Received: from c203214.dynamic.ppp.asahi-net.or.jp ([] helo=[]) by atom.fsij.org with esmtpsa (TLS1.0:DHE_RSA_CAMELLIA_256_CBC_SHA1:256) (Exim 4.80) (envelope-from <gniibe@fsij.org>) id 1WdxKi-0007yo-1F; Sat, 26 Apr 2014 16:47:36 +0900
Message-ID: <1398498450.5174.1.camel@latx1.gniibe.org>
From: NIIBE Yutaka <gniibe@fsij.org>
To: openpgp@ietf.org
Date: Sat, 26 Apr 2014 16:47:30 +0900
Organization: Free Software Initiative of Japan
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.4.4-3
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-SA-Exim-Mail-From: gniibe@fsij.org
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000)
X-SA-Exim-Scanned: Yes (on atom.fsij.org)
Archived-At: http://mailarchive.ietf.org/arch/msg/openpgp/zi7pzv83IvPk-zTlRyLcb8LtyZs
Subject: [openpgp] Curve25519 for public key encryption
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Apr 2014 07:47:47 -0000


I am doing some experiment with GnuPG to support Curve25519 for public
key encryption.  When we apply draft-jivsov-ecc-compact-05 (that is,
using x-coordinate only), I think that we could extend the
specification of RFC6637 for Curve25519 naturally.

RFC6637 assumes that the cofactor is 1, while Curve25519's is 8.  But
this is no problem.  Since Curve25519's private key is defined as
multiple of 8 (= its cofactor), we don't need to change any
computation of ECDH.

Thus, I think that all that we need is OID of Curve25519, if it is OK
for us to keep using MPI format (in the original implementation of
Curve25519, representation is little endian).

If this support of Curve25519 in OpenPGP has no conflict to RFC6637 +
draft-jivsov-ecc-compact-05, I'm going to work enhancement of
OpenPGPcard (the smartcard specification) for Curve25519, too.

Any suggestions or comments?