Re: [Secdispatch] Preliminary agenda online
Rene Struik <rstruik.ext@gmail.com> Tue, 27 July 2021 13:20 UTC
Return-Path: <rstruik.ext@gmail.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 189CB3A0818
for <secdispatch@ietfa.amsl.com>; Tue, 27 Jul 2021 06:20:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id plYIAOHSbSfZ for <secdispatch@ietfa.amsl.com>;
Tue, 27 Jul 2021 06:20:54 -0700 (PDT)
Received: from mail-qt1-x82d.google.com (mail-qt1-x82d.google.com
[IPv6:2607:f8b0:4864:20::82d])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id AA07A3A0811
for <secdispatch@ietf.org>; Tue, 27 Jul 2021 06:20:54 -0700 (PDT)
Received: by mail-qt1-x82d.google.com with SMTP id l24so9477124qtj.4
for <secdispatch@ietf.org>; Tue, 27 Jul 2021 06:20:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=from:to:references:subject:message-id:date:user-agent:mime-version
:in-reply-to:content-transfer-encoding:content-language;
bh=9QWMGZQ6prXcxdZYVgi3x2C9tbm92JEDdf6BwTjIEkk=;
b=IB6YnQLG2aOj9PR0kI9zcmjjt79VjIRoQaSqI0eDuG/JnAZDz79wr5wUsLGrnA3cVf
IWeP0VNS4VrjCDTni+cb2vfk6XvsPy5c+92Gn1xSXPX0gdRyYJneyADQ1f6StDshaFo6
7JauIXs1GixadLJpzdzuzZRxlbGQxccx4H5lEye4GEut4bVWYp0ZAmFTriFLgvo7kcVr
1sU6B0hJjO+mLQv2DdU0KaZ5Yp4yYgoVC7zEdveKjuCZoHmeoh8mlShcdSXAXjJDBhvh
Ij6U7zAGZPJKKOl5gbV1V6AKeqgkbN5kQQGVoiwnEJRlZlgKxXmkRnnkXyyfc+tSOF//
MBWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:references:subject:message-id:date
:user-agent:mime-version:in-reply-to:content-transfer-encoding
:content-language;
bh=9QWMGZQ6prXcxdZYVgi3x2C9tbm92JEDdf6BwTjIEkk=;
b=rjrmlsBocoTEiJOHEU94JUrpQLdPabC5buGOkVjcirBN8fO9PLHMI9fyNJzlZpDvjU
Im75wBjpd0YpyeiuhQb+aHDIEiHo8MLz6TpJABLoJhRAgeHaSHHi1gLuxj5pzql2Oqbf
svPOkO3lCBTYlPdbcNamC2MS2qOFSIR+Hn7GS68/Wbmz8BuajcUpPH1t2/5mjD1cUh6S
zSuPtUCXzr3T3sNR4BPc7iYagKC7WthQQQLtVWgcJXoNGSdM1kmdcZPevIgexHC4NAoK
eJjsa1x2xGwRbD6kBszWHOUMRmHufioou1HbNesXMdoQveGVu2bg5ByzxcRz7szV8kYc
DZ4w==
X-Gm-Message-State: AOAM530GLMorPxQ5zrhTiumAkj8AcIlyjUECik8MTSPfBEURYND5mMG6
zVUWNPaMofiZYMvMO6MHsGigccXurB8=
X-Google-Smtp-Source: ABdhPJxSXH/pQ0LBJ3emgXbXeWQ2SVg5/J3HKB5/KdXlvCochYRKAfGyHZL9MybXOXKpSMH9cpCWMg==
X-Received: by 2002:ac8:4e88:: with SMTP id 8mr9036830qtp.269.1627392052833;
Tue, 27 Jul 2021 06:20:52 -0700 (PDT)
Received: from ?IPv6:2607:fea8:8a0:1397:a588:19a7:b0c1:ab84?
([2607:fea8:8a0:1397:a588:19a7:b0c1:ab84])
by smtp.gmail.com with ESMTPSA id 141sm1705667qki.15.2021.07.27.06.20.52
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Tue, 27 Jul 2021 06:20:52 -0700 (PDT)
From: Rene Struik <rstruik.ext@gmail.com>
To: Mohit Sethi M <mohit.m.sethi=40ericsson.com@dmarc.ietf.org>,
IETF SecDispatch <secdispatch@ietf.org>
References: <9218ba42-1a81-8a82-4850-be3ca57f2894@ericsson.com>
<919f0c47-c5ab-6bfa-48a0-93a7b2f0856b@gmail.com>
Message-ID: <37f39465-0373-0a33-475c-2584706814ed@gmail.com>
Date: Tue, 27 Jul 2021 09:20:48 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
Thunderbird/78.12.0
MIME-Version: 1.0
In-Reply-To: <919f0c47-c5ab-6bfa-48a0-93a7b2f0856b@gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/FXnznttsnNvlYcu_PX70itFJO_A>
Subject: Re: [Secdispatch] Preliminary agenda online
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>,
<mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>,
<mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jul 2021 13:20:59 -0000
Dear colleagues: At the end of my presentation yesterday, Ben Kaduk asked about batch ECDSA verification speed-ups with single signer and with multiple signers. The suggested speed-ups in the draft [1] are ~1.3x for single verification and up to ~6x for batch verification. If all signatures have been produced by different signers, one can achieve a speed-up of ~2.5x (still respectable). Usual caveats that these are ballpark figures (which depend on, e.g., relative cost of field multiplication and adds) apply. Ballparks above are for NIST curves with Jacobian addition rules. As already indicated in the email below (July 21st), the draft does not contain new crypto and only uses a public and reversible (r,s) to (r,-s) signature transformation, if need be. This should therefore allow for a very quick start-to-finish project, where enabling this simply depends on defining code points or another unique cross-reference and getting this out of the door. Best regards, Rene Ref: [1] draft-struik-secdispatch-verify-friendly-ecdsa-00 On 2021-07-21 11:15 a.m., Rene Struik wrote: > Hi Mohit: > > I would like to discuss > https://datatracker.ietf.org/doc/draft-struik-secdispatch-verify-friendly-ecdsa/ > > > This draft discusses representation of ECDSA signatures that allow > fast single verification and batch verification and which is > consistent with ordinary ECDSA signatures for prime-order curves (such > as with NIST prime curves, Brainpool curves, secp256k1). To enable > verifiers to reap these benefits one simply needs a flag (code point, > #) to indicate ECDSA signatures have been put into this > verification-friendly format. The representation change can be made by > any device, not just the signer, and can thereby be made retroactively > (without need for new signature). > > This draft does not deal with new crypto, only whipped-up > representations: it simply uses the well-known fact that if (r,s) is a > valid ECDSA signature, then so is (r,-s), to effectuate this switch > under certain conditions. > > Batch verification speed-ups (up to ~6x) have been known since the > 90s; single verification speed-ups (~1.3-1.4x) for at least 16 1/2 years. > > Intention is that IETF could (perhaps: should) use this across the > board, so as to reap benefits for verification devices that wish to do > so (one can still use slower techniques if one does not wish to > change). To realize this, one simply needs a brief description and > registration of flags to indicate this. {In other words, this could be > a very short project to get to wide-scale use. The current draft > contains most info already.} > > History with IETF: I discussed this with lamps at IETF-110 [1], but > despite positive feedback (from, e.g., Scott Fluhrer) lamps did not > include this with their recent re-charter yet. The simple technique is > broader than just lamps, though, and should be beneficial for any > deployment (certificate transparency, openpgp, pkix, etc.). This being > said, perhaps lamps would be a good starting point. > > Best regards, Rene > > Ref: [1] > https://datatracker.ietf.org/meeting/110/materials/slides-110-lamps-verification-friendly-ecdsa-00 > > [2] > https://datatracker.ietf.org/meeting/110/materials/minutes-110-lamps-01.pdf > > > On 2021-07-15 5:57 a.m., Mohit Sethi M wrote: >> Dear all, >> >> The preliminary agenda for Secdispatch @ IETF 111 is available online: >> https://datatracker.ietf.org/meeting/111/materials/agenda-111-secdispatch >> >> >> Let us know if you notice any discrepancies. >> >> @presenters/authors: please send your slides to >> secdispatch-chairs@ietf.org early enough. >> >> Kathleen, Richard, and Mohit >> >> _______________________________________________ >> Secdispatch mailing list >> Secdispatch@ietf.org >> https://www.ietf.org/mailman/listinfo/secdispatch > > -- email: rstruik.ext@gmail.com | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 287-3867
- [Secdispatch] Preliminary agenda online Mohit Sethi M
- Re: [Secdispatch] Preliminary agenda online Rene Struik
- Re: [Secdispatch] Preliminary agenda online Rene Struik