Re: [saag] Using Ed25519 / Ed448 for encryption
Mohit Sethi <mohit.m.sethi@ericsson.com> Wed, 03 October 2018 04:23 UTC
Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 289FF131203 for <saag@ietfa.amsl.com>; Tue, 2 Oct 2018 21:23:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RDA2_pZDs5mC for <saag@ietfa.amsl.com>; Tue, 2 Oct 2018 21:23:19 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 145261311D3 for <saag@ietf.org>; Tue, 2 Oct 2018 21:23:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1538540597; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=UtZnGk3PToN6sWdCFrfMrAH7RIN2HTb+y1aQujo24p8=; b=Vi3faorBueiY/i/2YuheStfGA7BNHISErfKIuEdrU/GunuCdJsZPD909UUOqKWne 5P0/1V9xPg1oiAKwoqXEE+nmJGzEeBxAdNiE9zDEgIR2XQa9otWWML8gyR8ZnH5j mT6t/RcKcbZrlhq9cWXW9ltgky6EpVzuL6KzgPAoa18=;
X-AuditID: c1b4fb3a-395ff70000003197-fd-5bb44435e0ec
Received: from ESESSMB504.ericsson.se (Unknown_Domain [153.88.183.122]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id DF.46.12695.53444BB5; Wed, 3 Oct 2018 06:23:17 +0200 (CEST)
Received: from ESESSMB504.ericsson.se (153.88.183.165) by ESESSMB504.ericsson.se (153.88.183.165) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Wed, 3 Oct 2018 06:23:16 +0200
Received: from nomadiclab.fi.eu.ericsson.se (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.192) with Microsoft SMTP Server id 15.1.1466.3 via Frontend Transport; Wed, 3 Oct 2018 06:23:16 +0200
Received: from nomadiclab.fi.eu.ericsson.se (localhost [127.0.0.1]) by nomadiclab.fi.eu.ericsson.se (Postfix) with ESMTP id D1404480A17; Wed, 3 Oct 2018 07:23:16 +0300 (EEST)
Received: from [127.0.0.1] (localhost [IPv6:::1]) by nomadiclab.fi.eu.ericsson.se (Postfix) with ESMTP id 8ED59480460; Wed, 3 Oct 2018 07:23:16 +0300 (EEST)
To: Phillip Hallam-Baker <phill@hallambaker.com>, saag@ietf.org
References: <CAMm+LwgMX87oz1aQ_Cb7HZSsm+QCwsFq3sihuknPqU4dy0BfEg@mail.gmail.com>
From: Mohit Sethi <mohit.m.sethi@ericsson.com>
Message-ID: <0f1bbd14-455b-c471-d322-28b385c76bd9@ericsson.com>
Date: Wed, 03 Oct 2018 07:23:16 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <CAMm+LwgMX87oz1aQ_Cb7HZSsm+QCwsFq3sihuknPqU4dy0BfEg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------4E814BF131077E8E0879EE75"
Content-Language: en-US
X-AV-Checked: ClamAV using ClamSMTP
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupikeLIzCtJLcpLzFFi42KZGbG9StfUZUu0wbV7PBYTP8xmtJjS38nk wORxYfVXJo8lS34yBTBFcdmkpOZklqUW6dslcGVcfXiFqWCDWsXdzhtsDYzz5LoYOTkkBEwk nl9YyN7FyMUhJHCUUWLLrHZWCOcro8STD4+hMhcYJT62rWQGaRES2MwoMW2HEURiIaPEu7Nb GEESwgIWEmsvLAIrEhFwlPh2eRrQKA6gogCJb99KQMJsAnoSneeOg5XwCthLXD93GKyVRUBF YvLurawgtqhAhMTq5S9YIWoEJU7OfMICYnMKBEpsXL4NzGYWCJO4tqGbGcIWl7j1ZD4TxDvK EgtaFjFC3KkusbXjAOMERuFZSEbNQtI+C0k7hG0hMXP+eUYIW15i+9s5UDUaEq1z5rLDxJu3 zmZewMi+ilG0OLW4ODfdyEgvtSgzubg4P08vL7VkEyMwhg5u+W21g/Hgc8dDjAIcjEo8vIF6 W6KFWBPLiitzDzFKcDArifD2JW6OFuJNSaysSi3Kjy8qzUktPsQozcGiJM7rlGYRJSSQnliS mp2aWpBaBJNl4uCUamCcK/og+tTkLJeNbyu2r1XYe+j30wev5RYKb2kpuDL96QztbbNblx26 OZlX2UFk2fXs7lsODmqass6rrqyZ/eEHy8UZK38qhV69PT0kaOrJv69b/q//ffHNi2Rn36kC pQ8dju5bVrxNsGar0ramE5xWu93+uqw2WWTz89KvWktmtaRHu9OdZG+sXqvEUpyRaKjFXFSc CAByjFwlnQIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/x4rKzfOB3E7RKQceiGfxAUrFfDQ>
Subject: Re: [saag] Using Ed25519 / Ed448 for encryption
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Oct 2018 04:23:23 -0000
FYI: https://tools.ietf.org/html/draft-struik-lwig-curve-representations-02 "specifies how to represent Montgomery curves and (twisted) Edwards curves as curves in short-Weierstrass form and illustrates how this can be used to implement elliptic curve computations using existing implementations that already implement, e.g., ECDSA and ECDH using NIST prime curves." --Mohit On 10/03/2018 05:37 AM, Phillip Hallam-Baker wrote: > OK, so why would someone want to do this when we have the Montgomery > curves? There are two answers. > > First, if there is going to be crypto accelerator hardware, VLSI fabs > are likely to want to have one coprocessor for one algorithm rather > than two. > > Second, the meta-cryptographic techniques I am using in the Mesh don't > work using the Montgomery ladder approach. I need to be able to add > arbitrary points. So to use the CurveX implementations, I would have > to convert the points to Edwards, add and convert back. > > For the Mesh, I am just using Ed448 for both. But I am going to have > to start thinking about other applications soon. > > Should I write a draft describing how to convert between the curves > with some test vectors or a draft on my approach to using Ed448 for > key agreement? > > > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag
- [saag] Using Ed25519 / Ed448 for encryption Phillip Hallam-Baker
- Re: [saag] Using Ed25519 / Ed448 for encryption Mohit Sethi