Re: [TLS] Point Compression

John Mattsson <john.mattsson@ericsson.com> Tue, 26 October 2021 07:58 UTC

From: John Mattsson <john.mattsson@ericsson.com>
To: Andrey Jivsov <crypto@brainhub.org>, Carl Mehner <c@cem.me>
CC: IETF TLS <tls@ietf.org>
Thread-Topic: [TLS] Point Compression
Thread-Index: AQHXhWLQXvYGDv5AnUqabBUFky4Dtatb8CwAgIlOHgCAAAfaAIAALUHl
Date: Tue, 26 Oct 2021 07:58:08 +0000
Message-ID: <HE1PR0701MB30508D2A018DDCC7127F830989849@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <CAEa9xj7Rrjps2QGr1x-aGmboU64ou+fhjJ4HW7aCYMPXPseXaA@mail.gmail.com> <CAKUk3bso3b-kFtLtR-S9bz9j6s366LXQs9-J17k_HrwL46ZgKQ@mail.gmail.com> <CAEa9xj5v6mupFDSr3wWwteh1TY4p1E4L_1eWBntMKO0jgQtgaw@mail.gmail.com> <CAKUk3bt5ALPeCgHo6gr4bRKEaD+i8jmEP_2iCkMrULDowYdNTw@mail.gmail.com>
In-Reply-To: <CAKUk3bt5ALPeCgHo6gr4bRKEaD+i8jmEP_2iCkMrULDowYdNTw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: NUEbDYNRL3bdC8zaSqItqTXcZ8Vqb+1HJX1dv0AABAk4wRVD1V144s5YkEQB/dRi5MQjzuczINI5XaSC3HDZzqowKVy59B/PHbHeLLf6K/lBICWvLXBvy0Amu80VP0qG9oI3DWUtuGfXEuKz9BsX0v4O+O92EVafgDjgdNgWZ/4/96NPvcq3iYt6zPlktwnnuaoSfy36dYO77dl0QVDM0DpFdYZn5PuZ70IQ4ja/VNg74nzeQnk8Ba4q+vgqb1bJlLhv19uiJGSpQzHIqrodmuUFufA6UuggaWjY8f7rE9XJFLLfq7uVCWqkJ0aAdi79jNvl50mYWVJxnlCTRvM3Ihr3y9ZdQxXV5Z6jMTUM/AQtWkXtkvHt87JUufvoFxWvBBklbp3lUXKDL6klFY/wnPsZzR180XqXXkuoPePUUkYXZWXdC5g+OEppAYtlPQc9eK4whse0D06V9oteWUzp1fy2fBwV7OR9U8OhX28H9fxXSZgX7ASjj9tLC872rG4xm4ZuN5lPSSftzET0jYVvjVpwHNkt6STlVtR1/8UA7JEQkkWEyV5awocoJ9JDjtuhb0oCjB3iEwFD67yVAGlnbCDwvnFwMbHPzc4cwkJyCODamZTTvBrclGcaDjtq/VMBZO4lk/qvFvKrXABAfcHQ001vBVnrREdoLNaulrs8QX1ieoZ3BAU7wkEGgPnnB3rPEAHjGL4+tcCN314XGzC71hC5uK4HqulOu6sLUydEFDjG+8wtnnfkj1QKu3Bc+gcf+gtEMHD/ObqOncgr8wX1ulwutrXizOHMVHEpOU94EAIDWZ5+qj5iI5cVX+mKQnCYvszbcZ7LDbdRPhp5iiOTRJs3ek6/0YbqHqBmBlCoUHevrPBK2+UpnBJW8m5Pze3p9GqMrKMo26aM02flN9EcTNcUW6rronp0GWH6kLMozBGxjiydG8seUajnmdZhN0YPLtdEtaGl7uOUEww5Ds4AhgCW34dRBPOdeEr81qf2lNSAkIFWH6ul+xTJ0RjVoh0iM22cCNzS+rDvjizzsplU0tBR5oyCpSYF0WttAdOz9955t71lkhQ7ZFt3Mf35+3eClRDhPgwYd3V/kILUf5k5u3LRzRQRIxYOedx5FJBbc9PkXurN5ORctQrKU0oSQhI/yIgwyNoaVWKyeqG117QqnxbVEu/h0b0uNLfCZoNArM4WXCXTD+Pcj6PHn2sOIaaUOnyCI2l9zIXGXQST36VY2fAoFK+WuuL5hpD0AGvdfgigzPpgi35zpdPkR3N5qhY/5tMJsU7s7FctkqFw3qhyPdZmfPxN53lgs+r/P6/mSLdRS8BT1dA48Su2YbiZqE+noeXeCCU7RF9UdwXPe59INfxubPyX+uQ0BS4dD2J1qz0HBwLiuFFU3cnlLcOI4IwP6a8mniMUqeZU4pQSBwoeK2XgvWIv2IYccytL7VNy1FgLg1JXNAk93mhexqtGbJYz1LPI9iAfyrHsrHmqe3hXkUpdDl9Y8yZthailLCU9HKIYNeKX0tgVPDCxV3MBKg2ICJZjplE5Su1KiVYPgx2qL4DpCX+Q6FYbuWs6ct4EmIrmessuqFWEOlqlTd0kOY94NPjBE+AXSYhZJon2T/BgotREm8uk4XvLNY0MygpDgjqKJop6FeDF/Y0FFZUAx9QVDgwzS3HvBe9uufLr0qKaTsnRxAXokhblh2iWR5qYv9k=
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB30508D2A018DDCC7127F830989849HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e6e08e5f-6764-4886-f8ee-08d9985659ad
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Oct 2021 07:58:08.7489 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: l+N4hfxGs6bwJ4eeQcPX0MFyon4JwNJ8zNAa0A5bFodAsrnFkiz3D9nAsq9PjU09zcF3OmnHyW7t+582l8DBxWgtTFo+DqHzoaJmcKKkth0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2441
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/R4uXQtXDlUR0UtX4ViGSxOFcxN0>
Subject: Re: [TLS] Point Compression
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Oct 2021 07:58:22 -0000

There are several active documents also defining compact representation.

After the discussion regarding HPKE there was a suggestion EDHOC should define a compract format that could be reused by other protocols. That was done in an Appendix.
https://datatracker.ietf.org/doc/html/draft-ietf-lake-edhoc-12#page-67

Also as an outcome of the HPKE discussions Dan Harkins has written on compact representation for HPKE submitted to CFRG. This also defines a a general format than can be reused by other protocols.
https://datatracker.ietf.org/doc/draft-harkins-cfrg-dnhpke/

> the support for 'regular' (SEC1) compressed curves is more widespread.

What is support in this case? An implementation can just use one of the values "02" and "03" or flip a coin. If you have support of 'regular' (SEC1) compressed curves, then compact representation is trivial.

Cheers,
John

From: TLS <tls-bounces@ietf.org> on behalf of Andrey Jivsov <crypto@brainhub.org>
Date: Tuesday, 26 October 2021 at 07:15
To: Carl Mehner <c@cem.me>
Cc: IETF TLS <tls@ietf.org>
Subject: Re: [TLS] Point Compression
Do we have evidence that "02 <x>" or "03 <x>" is more widespread than <x> for NIST curves? I haven't seen "02 <x>" or "03 <x>" in deployed products in TLS / X.509 at all. So, I feel that for TLS space the slate is clean regarding compression. X25519 uses one coordinate, which is simiiar to doing <x> for NIST curves...

[TLS] Point Compression Carl Mehner
Re: [TLS] Point Compression Andrey Jivsov
Re: [TLS] Point Compression Carl Mehner
Re: [TLS] Point Compression Andrey Jivsov
Re: [TLS] Point Compression John Mattsson
Re: [TLS] Point Compression Andrey Jivsov