[TLS] Testing consensus for adding curve25519 to the EC named curve registry

Adam Langley <agl@google.com> Tue, 02 March 2010 00:20 UTC

Return-Path: <agl@google.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 257143A8BF0 for <tls@core3.amsl.com>; Mon, 1 Mar 2010 16:20:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.977
X-Spam-Status: No, score=-105.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id HIdRuBdJaRuN for <tls@core3.amsl.com>; Mon, 1 Mar 2010 16:20:53 -0800 (PST)
Received: from smtp-out.google.com (smtp-out.google.com []) by core3.amsl.com (Postfix) with ESMTP id 3C4063A7C0A for <tls@ietf.org>; Mon, 1 Mar 2010 16:20:44 -0800 (PST)
Received: from kpbe11.cbf.corp.google.com (kpbe11.cbf.corp.google.com []) by smtp-out.google.com with ESMTP id o220Kiij028689 for <tls@ietf.org>; Mon, 1 Mar 2010 16:20:44 -0800
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1267489244; bh=5FGO4s0cjuEx30ITABiy6n7OGMM=; h=MIME-Version:Date:Message-ID:Subject:From:To:Content-Type; b=ta11zPVYTVzgVsWYNgyXE6WsHTGg9OxHZDC1vlwcfPwqlvx4jGtOBprdVVMj292ta CWpKA4OdlWnhn73tL/WNA==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:date:message-id:subject:from:to:content-type:x-system-of-record; b=EFFRC/WuR4hOhFlippnHyjzq35sFGoihozc6N/laMa/r9bbb+HqWDiF0jg+3GcJc0 n/if8lqc+PGzA3Pu55hxA==
Received: from pwi2 (pwi2.prod.google.com []) by kpbe11.cbf.corp.google.com with ESMTP id o220KebU028808 for <tls@ietf.org>; Mon, 1 Mar 2010 18:20:43 -0600
Received: by pwi2 with SMTP id 2so1850450pwi.40 for <tls@ietf.org>; Mon, 01 Mar 2010 16:20:42 -0800 (PST)
MIME-Version: 1.0
Received: by with SMTP id z40mr2959879wfd.211.1267489242695; Mon, 01 Mar 2010 16:20:42 -0800 (PST)
Date: Mon, 1 Mar 2010 19:20:42 -0500
Message-ID: <a84d7bc61003011620i66fc7dfdre62b548fdd5ef7dd@mail.gmail.com>
From: Adam Langley <agl@google.com>
To: tls@ietf.org
Content-Type: text/plain; charset=UTF-8
X-System-Of-Record: true
Subject: [TLS] Testing consensus for adding curve25519 to the EC named curve registry
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2010 00:20:54 -0000

We would like to start testing EC DHE in order to give our users

In order to do this cheaply, one of the curves that we would like to
test with is curve25519[1]. There are several implementations of it
[2][3][4] and it's 3-4x faster than NIST's p256 (as implemented in
OpenSSL), while being constant-time.

Curve25519 doesn't currently appear on IANA's list of named curves[5]
and we would like to see it included.

As a first step I'd like to ask if there are any objections?



[1] http://cr.yp.to/ecdh/curve25519-20060209.pdf
[2] http://cr.yp.to/ecdh.html
[3] http://code.google.com/p/curve25519-donna/
[4] http://bench.cr.yp.to/results-dh.html
[5] http://www.iana.org/assignments/tls-parameters/