Re: [TLS] (selection criteria for crypto primitives) Re: sect571r1

Dan Brown <dbrown@certicom.com> Thu, 16 July 2015 11:29 UTC

Return-Path: <dbrown@certicom.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 255F31B39F0 for <tls@ietfa.amsl.com>; Thu, 16 Jul 2015 04:29:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8O9lXzY2RCqt for <tls@ietfa.amsl.com>; Thu, 16 Jul 2015 04:29:28 -0700 (PDT)
Received: from smtp-p01.blackberry.com (smtp-p01.blackberry.com [208.65.78.88]) by ietfa.amsl.com (Postfix) with ESMTP id 8FCB81B39EE for <tls@ietf.org>; Thu, 16 Jul 2015 04:29:27 -0700 (PDT)
Received: from xct102cnc.rim.net ([10.65.161.202]) by mhs210cnc.rim.net with ESMTP/TLS/AES128-SHA; 16 Jul 2015 07:29:22 -0400
Received: from XCT115CNC.rim.net (10.65.161.215) by XCT102CNC.rim.net (10.65.161.202) with Microsoft SMTP Server (TLS) id 14.3.210.2; Thu, 16 Jul 2015 07:29:21 -0400
Received: from XMB116CNC.rim.net ([fe80::45d:f4fe:6277:5d1b]) by XCT115CNC.rim.net ([::1]) with mapi id 14.03.0210.002; Thu, 16 Jul 2015 07:29:21 -0400
From: Dan Brown <dbrown@certicom.com>
To: Viktor Dukhovni <tls@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] (selection criteria for crypto primitives) Re: sect571r1
Thread-Index: AdC/uqfkb78N94uLW0qEgP5E41FxBA==
Date: Thu, 16 Jul 2015 11:29:20 +0000
Message-ID: <20150716112916.5333071.99080.4433@certicom.com>
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="utf-8"
Content-ID: <53731489DD2998458C2154EA4A19F591@rim.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Ea07VyXvZCIK_LeEMr-BG-hoxvU>
Subject: Re: [TLS] (selection criteria for crypto primitives) Re: sect571r1
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2015 11:29:30 -0000

r meant random as opposed to k which meant koblitz. 

the koblitz curve had a and b coefficients like 0 and 1, but the r curves had a and b derived from output of hash...

back in 2000 when SEC2 came out introducing these names (and OIDS) the attacks on special curves (MOV and SASS attacks) were much more recent, and the r type would avoid any similar attacks, if some were to follow. The idea that somebody could search a million curves to find a 1-in-a-million weakness was known but by comparison was a fantasy, so a much more remote threat. In 15 years, for prime field ECC no new attacks have shown, so one can focus on more speculative threats, and to choose better seeds, etc.‎
‎
  Original Message  
From: Viktor Dukhovni
Sent: Thursday, July 16, 2015 12:45 AM
To: tls@ietf.org
Reply To: tls@ietf.org
Subject: Re: [TLS] (selection criteria for crypto primitives) Re: sect571r1

On Thu, Jul 16, 2015 at 12:17:28AM -0400, Dave Garrett wrote:

> Side question: what is the meaning of the "r" in the naming convention we
> use? (e.g. secp521r1, & sect571r1 vs. sect571k1)

The "r" means that a mysterious seed can be used to "verify" that
the curve paramets are ("nothing up my sleeve") *r*andom.

-- 
Viktor.

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls