Re: [TLS] Point Compression

Andrey Jivsov <> Fri, 30 July 2021 20:00 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7AFC63A0D70 for <>; Fri, 30 Jul 2021 13:00:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.278
X-Spam-Status: No, score=-0.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MISSING_HEADERS=1.021, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_SBL=0.5, URIBL_SBL_A=0.1] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id VEjM5R0bUxxz for <>; Fri, 30 Jul 2021 13:00:13 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C60BD3A0D68 for <>; Fri, 30 Jul 2021 13:00:12 -0700 (PDT)
Received: by with SMTP id u20so14036296ljo.0 for <>; Fri, 30 Jul 2021 13:00:12 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:cc; bh=7dI7kHcVxASLAGSsUMPNDGdOI7eUaj1qbDcJLrtIWZ8=; b=DozpmigE56S9O4yJrHlFrhKx6HVn7GX2n24dymfNhEtaap3gdLgDm858VA0FEKoIco xIjiPE5gW28TM52O+rnZuEK3vnBURUUEnvP8DizZJQoF/9HiVOSWbTaFkc6CU1oe27n/ FgrE3ymQHGMNNcryIbKmEHcYUVVnD62e2o8ZHQw+GQeqF/4+yY991PwCQTiPPv9Pwspd NEAqUzkd5zya2BuGisD5Uqg5tbFlDqdCPKTG45BoPa0ONs0fv1EItUYkET4rpdkX9akh AqYDii+MGL3/FPUtHcBKtL9RJu0y2up1N2IHEtYJ4BfkduAriOCLn7N6d+rfU3MskGfJ U5Sw==
X-Gm-Message-State: AOAM533XKBODza69S/ruiDXY1EbEc4h/kgyQ0lRzJqe7YmJ72+ntgpOJ abO9z97p+j1ehWPYaAGgg/tEDbTn37HQGBGlwoasqf+iYsa33JvW/5E=
X-Google-Smtp-Source: ABdhPJxA9KbiZ4eSQQtnh3vm4NBdppZEGpJj0BQO2IxWv/0Qh6kNhcA1n9DTxkV9ncXkPQhR9E+VOMpLrgc6ItMwnrk=
X-Received: by 2002:a2e:bd84:: with SMTP id o4mr2758875ljq.334.1627675209799; Fri, 30 Jul 2021 13:00:09 -0700 (PDT)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: Andrey Jivsov <>
Date: Fri, 30 Jul 2021 12:59:58 -0700
Message-ID: <>
Content-Type: multipart/alternative; boundary="000000000000b0b20705c85caaf7"
Archived-At: <>
Subject: Re: [TLS] Point Compression
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 30 Jul 2021 20:00:17 -0000

I propose a method to compress NIST curves as defined in

Its main benefit is that the compressed point fits into field size / group
order size. There is no additional byte needed.

This encoding is enabled by by modifying key generation. If key generation
code can be changed, the adjustment is one bignum subtraction. If key
generation is a black box, e.g. as if it is done by an HSM, we generate
another key pair until conditions are met.

On average, adjustment is needed every second key generation.

No adjustment is needed for ECDH.

The method is solely based on published books and research papers from the
past century.

I hope this helps.

On Fri, Jul 30, 2021 at 9:48 AM Carl Mehner <> wrote:

> As requested during ekr's presentation
> <>, I will volunteer to write up a
> draft for defining new "supported groups" for compressed NIST curves. I
> didn't see/hear any objections during the tls-wg meeting, but thought
> I should probably confirm on the list before I got too far along in writing
> it...
> -carl
> _______________________________________________
> TLS mailing list