[saag] Using Ed25519 / Ed448 for encryption
Phillip Hallam-Baker <phill@hallambaker.com> Wed, 03 October 2018 02:37 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C02A61311B9 for <saag@ietfa.amsl.com>; Tue, 2 Oct 2018 19:37:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KXC1C5_pqxg1 for <saag@ietfa.amsl.com>; Tue, 2 Oct 2018 19:37:24 -0700 (PDT)
Received: from mail-oi1-f177.google.com (mail-oi1-f177.google.com [209.85.167.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42AFD131181 for <saag@ietf.org>; Tue, 2 Oct 2018 19:37:24 -0700 (PDT)
Received: by mail-oi1-f177.google.com with SMTP id s69-v6so3260999oie.10 for <saag@ietf.org>; Tue, 02 Oct 2018 19:37:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=a+fKSmR7d5L/T5fbzmSBEmyYQ9KFk9RKGnJhmXG3x90=; b=BhTB19PPTHC4wa+JQrIOJu4zj0C+Vdcxi0vc8pVeBP5OBiUAZ6bTbxts3Ue6t0y5bC DcSEgqw8k9lfSzPZLjzSQnciw30LA3Hgw7mQWz9JMBbT8Y+oQgXMlw5d8JZm2XPtpkjL eUS7wm+652WbZQV0HBZgCbCb7aDpJGkow10l1S5zGFl7EeLH/nTMcKOcznltsBg3fprq n+EF2J4Fy1Lu025xQoyTOcL5RGkH7wvMyeitm1kdLwP/HPawQeaQ5Q0KecOy5AFkQDOu mdd6VsYm2Sq56pW736SzG/k63h5q/GUVcTBvDcO6Dg8hB8CdfwfvpIst89hrN0CWXNYI yODw==
X-Gm-Message-State: ABuFfoi3I9nnOuMV934Cuq50GXtrWzcURxwUHRZfSy9GXOlcL6XwaB2O dAswdW6PhBicqYBU63VQPo4VQzt/F8Unxn64lBCLKA==
X-Google-Smtp-Source: ACcGV61FW9gHyYnpVkeCuePU2Zkqshhsj6nQGTu5lMYfs3dbr+62X7N1gK7hpkHHYqyWzyNdmG9iog/PI4bfCAR6D2A=
X-Received: by 2002:aca:f4c2:: with SMTP id s185-v6mr8868473oih.245.1538534243127; Tue, 02 Oct 2018 19:37:23 -0700 (PDT)
MIME-Version: 1.0
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Tue, 02 Oct 2018 22:37:13 -0400
Message-ID: <CAMm+LwgMX87oz1aQ_Cb7HZSsm+QCwsFq3sihuknPqU4dy0BfEg@mail.gmail.com>
To: saag@ietf.org
Content-Type: multipart/alternative; boundary="000000000000095747057749eb9f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/QM80DmA-3iEBxlh_VU5B5wOQnnA>
Subject: [saag] Using Ed25519 / Ed448 for encryption
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Oct 2018 02:37:26 -0000
OK, so why would someone want to do this when we have the Montgomery curves? There are two answers. First, if there is going to be crypto accelerator hardware, VLSI fabs are likely to want to have one coprocessor for one algorithm rather than two. Second, the meta-cryptographic techniques I am using in the Mesh don't work using the Montgomery ladder approach. I need to be able to add arbitrary points. So to use the CurveX implementations, I would have to convert the points to Edwards, add and convert back. For the Mesh, I am just using Ed448 for both. But I am going to have to start thinking about other applications soon. Should I write a draft describing how to convert between the curves with some test vectors or a draft on my approach to using Ed448 for key agreement?
- [saag] Using Ed25519 / Ed448 for encryption Phillip Hallam-Baker
- Re: [saag] Using Ed25519 / Ed448 for encryption Mohit Sethi