Re: [TLS] Point Compression

Carl Mehner <> Tue, 26 October 2021 04:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CC4933A0E2A for <>; Mon, 25 Oct 2021 21:47:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id b3G2BdrOLixY for <>; Mon, 25 Oct 2021 21:47:23 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B1E7B3A0E3A for <>; Mon, 25 Oct 2021 21:47:22 -0700 (PDT)
Received: by with SMTP id bp15so16740666lfb.4 for <>; Mon, 25 Oct 2021 21:47:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=cem; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9tpdadCgRVbbyIL9dZSCtJv5jQLHyrXx5/yw5V7knfU=; b=f1ur3q2y2KAQNN7Avm9hF8fhTUP7hiaACl2FNmHUNv3sGqcyJepDgPwbeJPaiYNAOv WcmGOX/IxvcUBtzBqa8z2kEH9nlJMvaaipmX2+BUZglUvtRuU+CTov7n11VhWP0dMwL9 EaDpY48FVNKcnc67KSNyWyAnrQhA69FqBQ8sE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9tpdadCgRVbbyIL9dZSCtJv5jQLHyrXx5/yw5V7knfU=; b=vYpCUPOxc6GZWSFixGcwz3CAMNYIuFW/NaD2aP8dR16Ee7tcJMTuNavycNaWedAtvk 2dfvDjulguMq17Itt1qW5Q9TbEPiSzrUyOZCdvQ1jlOnRhO/ZL7QDqEmWZOXgKJRh2ER cbz5NzRZynmnnbJI7DNzSpfPTqyFjrJ8T4fc8warsUFVbisbfcnpg5nptvFYGlg9CyUi 1DaMvTxYFSYPmCqmWuQ94uPX72FirxYWExK0zAroE/l3JwYXUF+mnMSZxaN2sTSQGy8V HW9BVe294oy8bvW+6H0d7pS6zk4I3IMSG29NHAoG+RSaqr85z6zn3KOwPz49wo8y3wgA ai/w==
X-Gm-Message-State: AOAM532MoqFCgEbHbkN/V/ab+xlMJsOPETFONeFuLg8LBYJmSWC5XloT p2ErzAl84MElFRra3/3Ve+M80DqUqgpfRrbD+noIU5DS5XBxFg==
X-Google-Smtp-Source: ABdhPJwFU2UsdL6gA7yqAaDWrHsiB2YhlRil8bvx1wcdWwuSDdfMFZNLsg4bGzlgVGctqo+SXJjaS5w7ogFGyzK3iao=
X-Received: by 2002:a05:6512:1046:: with SMTP id c6mr3104453lfb.475.1635223639175; Mon, 25 Oct 2021 21:47:19 -0700 (PDT)
MIME-Version: 1.0
References: <> <>
In-Reply-To: <>
From: Carl Mehner <>
Date: Mon, 25 Oct 2021 23:47:08 -0500
Message-ID: <>
To: IETF TLS <>, Eric Rescorla <>
Content-Type: multipart/alternative; boundary="0000000000002445f805cf3a2c45"
Archived-At: <>
Subject: Re: [TLS] Point Compression
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 26 Oct 2021 04:47:28 -0000

I uploaded a draft for the IANA assignments for compressed code points for
the NIST curves:
In it, I elected to not pursue the format to encode the types of keys
specified in draft-jivsov-ecc-compact
<>, mostly
because the support for 'regular' (SEC1) compressed curves is more
widespread. However, I'm not against using the method described by Andrey
if we want to shave off one more byte and require software updates to
handle the different format required.

ekr, (seeking advice for next steps): do you think this would fit better as
a footnote in the cTLS update presentation at ietf112 or do you think it
would need extra discussion?

On Fri, Jul 30, 2021 at 3:00 PM Andrey Jivsov <> wrote:

> I propose a method to compress NIST curves as defined in
> Its main benefit is that the compressed point fits into field size / group
> order size. There is no additional byte needed.
> <snip>
> On Fri, Jul 30, 2021 at 9:48 AM Carl Mehner <> wrote:
>> As requested during ekr's presentation
>> <>, I will volunteer to write up a
>> draft for defining new "supported groups" for compressed NIST curves. I
>> didn't see/hear any objections during the tls-wg meeting, but thought
>> I should probably confirm on the list before I got too far along in writing
>> it...
>> -carl