Re: [TLS] Testing consensus for adding curve25519 to the EC named curve registry

Nick Mathewson <nickm@torproject.org> Mon, 09 September 2013 16:20 UTC

Return-Path: <nick.a.mathewson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFB3421E81B7 for <tls@ietfa.amsl.com>; Mon, 9 Sep 2013 09:20:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VwlDzmQbOPzm for <tls@ietfa.amsl.com>; Mon, 9 Sep 2013 09:20:20 -0700 (PDT)
Received: from mail-la0-x233.google.com (mail-la0-x233.google.com [IPv6:2a00:1450:4010:c03::233]) by ietfa.amsl.com (Postfix) with ESMTP id 5830A11E81D4 for <tls@ietf.org>; Mon, 9 Sep 2013 09:18:47 -0700 (PDT)
Received: by mail-la0-f51.google.com with SMTP id es20so5030112lab.24 for <tls@ietf.org>; Mon, 09 Sep 2013 09:18:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=3LRKHPPNgymd2bnSSb9/YQMRTBP5Ov6L7Hhh7fJ0yrE=; b=XicJKDMYGW4Zt4oW2+9JUfyXv5l27t5G5kVi7/cSCEEiYJaJl+QRHVjeokfjLOEhUF O6QehjuajutM6LlhTx0zR9EXW5wH3D3TvduTNV1HSW+o/Dji4fsoljg0/1AhiBvzvYu1 TAuXYvm9Z98Md+DwD6fBrm5qa71qus2aOYZ9gO5EO/NeM4X3NQASVRtk4nP9+WGOv2QO MW/vv+C1VRozipvEq989SBhmIqcqkXWSdjAD5nG8zePVPmWauwev9Yl2aDHulH+xY0xY 8aihRE/jp4VNyDrUUTyu5kR3cidMsr6Y20UZhfbW8hMG5ExG+FtBZWMdu+IrBFB+019z Ioew==
MIME-Version: 1.0
X-Received: by 10.152.37.41 with SMTP id v9mr17288158laj.9.1378743526300; Mon, 09 Sep 2013 09:18:46 -0700 (PDT)
Sender: nick.a.mathewson@gmail.com
Received: by 10.112.184.229 with HTTP; Mon, 9 Sep 2013 09:18:46 -0700 (PDT)
In-Reply-To: <56C25B1D-C80F-495A-806C-5DD268731CD4@qut.edu.au>
References: <a84d7bc61003011620i66fc7dfdre62b548fdd5ef7dd@mail.gmail.com> <522D25B9.7010506@funwithsoftware.org> <56C25B1D-C80F-495A-806C-5DD268731CD4@qut.edu.au>
Date: Mon, 9 Sep 2013 12:18:46 -0400
X-Google-Sender-Auth: PWbcm8HdWEqby3quT0pH-wk2qok
Message-ID: <CAKDKvuw_X4D0bhEUN5MQOeJUgPB8y6v7BspEk_p20Nw=QPgvpA@mail.gmail.com>
From: Nick Mathewson <nickm@torproject.org>
To: Douglas Stebila <stebila@qut.edu.au>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Testing consensus for adding curve25519 to the EC named curve registry
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2013 16:20:21 -0000

On Mon, Sep 9, 2013 at 7:12 AM, Douglas Stebila <stebila@qut.edu.au> wrote:
 [...]
> - The curve parameters were generated "verifiably at random", meaning a seed was chosen, and then the curve parameters a and b were generated by hashing the seed a pre-determined number of times using SHA-1.  (Appendix 4 of http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf, or Section 3.1.3.1 of SEC1 http://secg.org, or ANSI X9.62)

A possibly foolish question, but I couldn't find the answer in any of
the documents you listed:

Is it documented how the seeds were chosen?



(In either case, +1 on trying to making curve25519 named. In the FOSS
cryptography world nowadays, I see many more new users of curve25519
than of the NIST curves, because of efficiency and
ease-of-implementation issues.)

yrs,
-- 
Nick Mathewson