Re: [TLS] Point Compression
Andrey Jivsov <crypto@brainhub.org> Fri, 30 July 2021 20:00 UTC
Return-Path: <andrey@brainhub.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AFC63A0D70 for <tls@ietfa.amsl.com>; Fri, 30 Jul 2021 13:00:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.278
X-Spam-Level:
X-Spam-Status: No, score=-0.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MISSING_HEADERS=1.021, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_SBL=0.5, URIBL_SBL_A=0.1] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VEjM5R0bUxxz for <tls@ietfa.amsl.com>; Fri, 30 Jul 2021 13:00:13 -0700 (PDT)
Received: from mail-lj1-f177.google.com (mail-lj1-f177.google.com [209.85.208.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C60BD3A0D68 for <TLS@ietf.org>; Fri, 30 Jul 2021 13:00:12 -0700 (PDT)
Received: by mail-lj1-f177.google.com with SMTP id u20so14036296ljo.0 for <TLS@ietf.org>; Fri, 30 Jul 2021 13:00:12 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:cc; bh=7dI7kHcVxASLAGSsUMPNDGdOI7eUaj1qbDcJLrtIWZ8=; b=DozpmigE56S9O4yJrHlFrhKx6HVn7GX2n24dymfNhEtaap3gdLgDm858VA0FEKoIco xIjiPE5gW28TM52O+rnZuEK3vnBURUUEnvP8DizZJQoF/9HiVOSWbTaFkc6CU1oe27n/ FgrE3ymQHGMNNcryIbKmEHcYUVVnD62e2o8ZHQw+GQeqF/4+yY991PwCQTiPPv9Pwspd NEAqUzkd5zya2BuGisD5Uqg5tbFlDqdCPKTG45BoPa0ONs0fv1EItUYkET4rpdkX9akh AqYDii+MGL3/FPUtHcBKtL9RJu0y2up1N2IHEtYJ4BfkduAriOCLn7N6d+rfU3MskGfJ U5Sw==
X-Gm-Message-State: AOAM533XKBODza69S/ruiDXY1EbEc4h/kgyQ0lRzJqe7YmJ72+ntgpOJ abO9z97p+j1ehWPYaAGgg/tEDbTn37HQGBGlwoasqf+iYsa33JvW/5E=
X-Google-Smtp-Source: ABdhPJxA9KbiZ4eSQQtnh3vm4NBdppZEGpJj0BQO2IxWv/0Qh6kNhcA1n9DTxkV9ncXkPQhR9E+VOMpLrgc6ItMwnrk=
X-Received: by 2002:a2e:bd84:: with SMTP id o4mr2758875ljq.334.1627675209799; Fri, 30 Jul 2021 13:00:09 -0700 (PDT)
MIME-Version: 1.0
References: <CAEa9xj7Rrjps2QGr1x-aGmboU64ou+fhjJ4HW7aCYMPXPseXaA@mail.gmail.com>
In-Reply-To: <CAEa9xj7Rrjps2QGr1x-aGmboU64ou+fhjJ4HW7aCYMPXPseXaA@mail.gmail.com>
From: Andrey Jivsov <crypto@brainhub.org>
Date: Fri, 30 Jul 2021 12:59:58 -0700
Message-ID: <CAKUk3bso3b-kFtLtR-S9bz9j6s366LXQs9-J17k_HrwL46ZgKQ@mail.gmail.com>
Cc: IETF TLS <TLS@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b0b20705c85caaf7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ujRsQFG9JVqfy3mkQ-TYKys73tQ>
Subject: Re: [TLS] Point Compression
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 20:00:17 -0000
I propose a method to compress NIST curves as defined in https://tools.ietf.org/id/draft-jivsov-ecc-compact-05.html Its main benefit is that the compressed point fits into field size / group order size. There is no additional byte needed. This encoding is enabled by by modifying key generation. If key generation code can be changed, the adjustment is one bignum subtraction. If key generation is a black box, e.g. as if it is done by an HSM, we generate another key pair until conditions are met. On average, adjustment is needed every second key generation. No adjustment is needed for ECDH. The method is solely based on published books and research papers from the past century. I hope this helps. On Fri, Jul 30, 2021 at 9:48 AM Carl Mehner <c@cem.me> wrote: > As requested during ekr's presentation > <https://youtu.be/SfuvB41YhyU?t=980>, I will volunteer to write up a > draft for defining new "supported groups" for compressed NIST curves. I > didn't see/hear any objections during the tls-wg meeting, but thought > I should probably confirm on the list before I got too far along in writing > it... > > -carl > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] Point Compression Carl Mehner
- Re: [TLS] Point Compression Andrey Jivsov
- Re: [TLS] Point Compression Carl Mehner
- Re: [TLS] Point Compression Andrey Jivsov
- Re: [TLS] Point Compression John Mattsson
- Re: [TLS] Point Compression Andrey Jivsov