Re: [TLS] Testing consensus for adding curve25519 to the EC named curve registry

Douglas Stebila <stebila@qut.edu.au> Mon, 09 September 2013 23:40 UTC

Return-Path: <stebila@qut.edu.au>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E731411E80D1 for <tls@ietfa.amsl.com>; Mon, 9 Sep 2013 16:40:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.895
X-Spam-Level:
X-Spam-Status: No, score=-4.895 tagged_above=-999 required=5 tests=[AWL=1.000, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wJsTGxAOnZrY for <tls@ietfa.amsl.com>; Mon, 9 Sep 2013 16:40:52 -0700 (PDT)
Received: from QUTEXEDGE05.qut.edu.au (qutexedge05.qut.edu.au [131.181.191.22]) by ietfa.amsl.com (Postfix) with ESMTP id EFEE621F95DD for <tls@ietf.org>; Mon, 9 Sep 2013 16:40:51 -0700 (PDT)
Received: from qutexhub01.qut.edu.au (131.181.107.106) by qutexedge05.qut.edu.au (131.181.191.22) with Microsoft SMTP Server (TLS) id 14.2.247.3; Tue, 10 Sep 2013 09:40:43 +1000
Received: from QUTEXMBX01.qut.edu.au ([131.181.107.108]) by qutexhub01.qut.edu.au ([131.181.107.106]) with mapi; Tue, 10 Sep 2013 09:40:37 +1000
From: Douglas Stebila <stebila@qut.edu.au>
To: Nick Mathewson <nickm@torproject.org>
Date: Tue, 10 Sep 2013 09:40:34 +1000
Thread-Topic: [TLS] Testing consensus for adding curve25519 to the EC named curve registry
Thread-Index: Ac6ttfvoAfbegr4QQLax467ShCgnPw==
Message-ID: <FAAC109A-AFAC-4BE3-B680-4E474E6072AD@qut.edu.au>
References: <a84d7bc61003011620i66fc7dfdre62b548fdd5ef7dd@mail.gmail.com> <522D25B9.7010506@funwithsoftware.org> <56C25B1D-C80F-495A-806C-5DD268731CD4@qut.edu.au> <CAKDKvuw_X4D0bhEUN5MQOeJUgPB8y6v7BspEk_p20Nw=QPgvpA@mail.gmail.com>
In-Reply-To: <CAKDKvuw_X4D0bhEUN5MQOeJUgPB8y6v7BspEk_p20Nw=QPgvpA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Testing consensus for adding curve25519 to the EC named curve registry
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2013 23:40:57 -0000

On 2013/09/10, at 02:18, Nick Mathewson <nickm@torproject.org> wrote:

> On Mon, Sep 9, 2013 at 7:12 AM, Douglas Stebila <stebila@qut.edu.au> wrote:
> [...]
>> - The curve parameters were generated "verifiably at random", meaning a seed was chosen, and then the curve parameters a and b were generated by hashing the seed a pre-determined number of times using SHA-1.  (Appendix 4 of http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf, or Section 3.1.3.1 of SEC1 http://secg.org, or ANSI X9.62)
> 
> A possibly foolish question, but I couldn't find the answer in any of
> the documents you listed:
> 
> Is it documented how the seeds were chosen?

I haven't found any information on how the seeds were chosen.  The earliest reference I have listing the seeds is a September 1998 draft of ANSI X9.62, a copy of which is available here: https://github.com/ANSSI-FR/parsifal/blob/master/docs/tls/X9-62-1998--ECDSA.pdf, but this provides no reason for the choice of seeds.  Maybe there's someone from X9F on this mailing list who has some historical insight?

Douglas