Re: [TLS] On Curve25519 and other possibilities (e.g. ietf256p, ietf384p, ietf521p,
Andrey Jivsov <crypto@brainhub.org> Sat, 28 June 2014 07:03 UTC
Return-Path: <crypto@brainhub.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11E021A02EC for <tls@ietfa.amsl.com>; Sat, 28 Jun 2014 00:03:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.799
X-Spam-Level:
X-Spam-Status: No, score=0.799 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JaqWX6Pixqt5 for <tls@ietfa.amsl.com>; Sat, 28 Jun 2014 00:03:53 -0700 (PDT)
Received: from qmta12.emeryville.ca.mail.comcast.net (qmta12.emeryville.ca.mail.comcast.net [IPv6:2001:558:fe2d:44:76:96:27:227]) by ietfa.amsl.com (Postfix) with ESMTP id 902571A0269 for <tls@ietf.org>; Sat, 28 Jun 2014 00:03:53 -0700 (PDT)
Received: from omta01.emeryville.ca.mail.comcast.net ([76.96.30.11]) by qmta12.emeryville.ca.mail.comcast.net with comcast id Kj1k1o0020EPcho01j3t4U; Sat, 28 Jun 2014 07:03:53 +0000
Received: from [192.168.1.145] ([71.202.164.227]) by omta01.emeryville.ca.mail.comcast.net with comcast id Kj3s1o00B4uhcbK8Mj3stp; Sat, 28 Jun 2014 07:03:53 +0000
Message-ID: <53AE68D8.70605@brainhub.org>
Date: Sat, 28 Jun 2014 00:03:52 -0700
From: Andrey Jivsov <crypto@brainhub.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tls@ietf.org
References: <65D2FD736B6B2B48B2EAD2BD189DC9CC16B433@LLE2K10-MBX01.mitll.ad.local>
In-Reply-To: <65D2FD736B6B2B48B2EAD2BD189DC9CC16B433@LLE2K10-MBX01.mitll.ad.local>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1403939033; bh=lb4svwOb36mhC3X3lsO0Ny0tGi/yTSwJG5lNde1/Gkw=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=OnAOCQ/jE/rqS+iXhp/bdWdoW94/2RkI9rCMr4tm/OpLubT/rbIx6Z74hsf9MGLtq yEh4JrrxIQyTjI3fN140WEht8lYNOFp3R1Gv3uwwEJ3JSXocqxFy1BSN/g1DoROVtw LHzMSjX8hrSg7rqgL6w16APumm50xtYiC4AXutbYW3P9wk8ckfL/zcUoS2ZmMPnQ96 YuqfpjjYNSaUuSaR4za93gH4WY4u3dEVuMUDnB9FPTINKxwOq520X/awOMG2txQAF+ NffiBhbMxkrnIhPJ8N0SvjiAeQ1RBc5bVdgCC419UO1Oh4WwnjlHG9EmLp7aWp34CQ eacT5Icw0mLAg==
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/yYrYRRubI6oKSCb6dvItgJnDM6A
Subject: Re: [TLS] On Curve25519 and other possibilities (e.g. ietf256p, ietf384p, ietf521p,
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Jun 2014 07:03:55 -0000
Here is an idealistic, but not unfeasible proposal that could lead to easier/broader adoption. One way to attempt to unify the diverse world of ECC curves is to focus on the underlying field, as opposed the curve itself. Consider Fp operations with p=2^255-19 or p=2^256-189. In other words, for n={256,384,512}, chose the closest C: p=2^n-C is a prime and make this p "MUST". People who demand random primes will have to play along and accept less "randomness" in their curves. This makes it more likely that the standard bodies, including national standards, agree to commit to a unified Fp, even when they are unable to embrace a single curve. This is a more realistic goal than to expect that one curve will satisfy everybody. The performance in the Fp dominates the higher-level operation in ECC field. In software, Fp operations will be special-cased for p and various CPU architectures. It seems to me that such a fixed Fp will work as an incentive to add hardware support (for Fp). This allows the ECC code to have an interoperable, potentially hardware-assited layer, that is shared between all the curves (for the same n). While we are on this, why was the Curve25519 not made to be Curve256189? (I don't think that 19 v.s. 189 would matter on x86) I suppose that the rest of the paper carries over unchanged (other than that the choice of the floating point registers is dated by now for modern x86 CPUs.) Thank you.
- [TLS] On Curve25519 and other possibilities (e.g.… Michael StJohns
- Re: [TLS] On Curve25519 and other possibilities (… Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] On Curve25519 and other possibilities (… Eric Rescorla
- Re: [TLS] On Curve25519 and other possibilities (… Hanno Böck
- Re: [TLS] On Curve25519 and other possibilities (… Martin Thomson
- Re: [TLS] On Curve25519 and other possibilities (… Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] On Curve25519 and other possibilities (… Adam Langley
- Re: [TLS] On Curve25519 and other possibilities (… Viktor Dukhovni
- Re: [TLS] On Curve25519 and other possibilities (… Watson Ladd
- Re: [TLS] On Curve25519 and other possibilities (… Salz, Rich
- Re: [TLS] On Curve25519 and other possibilities (… Peter Gutmann
- Re: [TLS] On Curve25519 and other possibilities (… Peter Gutmann
- Re: [TLS] On Curve25519 and other possibilities (… Watson Ladd
- Re: [TLS] On Curve25519 and other possibilities (… Viktor Dukhovni
- Re: [TLS] On Curve25519 and other possibilities (… Alyssa Rowan
- [TLS] Hardware Implementations .. Re: On Curve255… Hannes Tschofenig
- Re: [TLS] Hardware Implementations .. Re: On Curv… Joachim Strömbergson
- Re: [TLS] On Curve25519 and other possibilities (… Paul Hoffman
- Re: [TLS] Hardware Implementations .. Re: On Curv… Hannes Tschofenig
- Re: [TLS] On Curve25519 and other possibilities (… Stephen Farrell
- Re: [TLS] On Curve25519 and other possibilities (… Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] On Curve25519 and other possibilities (… Andrey Jivsov
- Re: [TLS] On Curve25519 and other possibilities (… Nigel Smart
- Re: [TLS] On Curve25519 and other possibilities (… Watson Ladd
- Re: [TLS] On Curve25519 and other possibilities (… Alyssa Rowan
- Re: [TLS] On Curve25519 and other possibilities (… Michael StJohns
- Re: [TLS] On Curve25519 and other possibilities (… Andrey Jivsov
- Re: [TLS] On Curve25519 and other possibilities (… Eric Rescorla
- Re: [TLS] On Curve25519 and other possibilities (… Andrey Jivsov
- Re: [TLS] On Curve25519 and other possibilities (… Michael StJohns
- Re: [TLS] On Curve25519 and other possibilities (… Michael StJohns
- Re: [TLS] On Curve25519 and other possibilities (… Andrey Jivsov
- Re: [TLS] On Curve25519 and other possibilities (… Eric Rescorla
- Re: [TLS] On Curve25519 and other possibilities (… Salz, Rich
- Re: [TLS] On Curve25519 and other possibilities (… Michael StJohns
- Re: [TLS] On Curve25519 and other possibilities (… Watson Ladd
- Re: [TLS] On Curve25519 and other possibilities (… Michael StJohns
- Re: [TLS] On Curve25519 and other possibilities (… Eric Rescorla
- Re: [TLS] On Curve25519 and other possibilities (… Dan Brown
- Re: [TLS] On Curve25519 and other possibilities (… Stephen Farrell
- Re: [TLS] On Curve25519 and other possibilities (… Michael StJohns
- Re: [TLS] On Curve25519 and other possibilities (… Michael StJohns
- Re: [TLS] On Curve25519 and other possibilities (… Eric Rescorla
- Re: [TLS] Off-topic: RC4 Peter Yee
- [TLS] On counting Paul Hoffman
- Re: [TLS] On Curve25519 and other possibilities (… Salz, Rich
- Re: [TLS] On counting Adam Caudill
- [TLS] Off-topic: RC4 Paul Hoffman
- Re: [TLS] On Curve25519 and other possibilities (… Salz, Rich
- Re: [TLS] On Curve25519 and other possibilities (… Watson Ladd
- Re: [TLS] On Curve25519 and other possibilities (… Michael StJohns
- Re: [TLS] On Curve25519 and other possibilities (… Michael StJohns
- Re: [TLS] On Curve25519 and other possibilities (… Watson Ladd
- Re: [TLS] On Curve25519 and other possibilities (… Salz, Rich
- Re: [TLS] On Curve25519 and other possibilities (… Nigel Smart
- Re: [TLS] On Curve25519 standardization Michael StJohns
- Re: [TLS] On Curve25519 and other possibilities (… Michael StJohns
- Re: [TLS] On Curve25519 and other possibilities (… Watson Ladd
- Re: [TLS] On Curve25519 and other possibilities (… Fedor Brunner
- Re: [TLS] On Curve25519 and other possibilities (… Peter Gutmann
- Re: [TLS] On Curve25519 and other possibilities (… Johannes Merkle
- Re: [TLS] On Curve25519 and other possibilities (… Watson Ladd
- Re: [TLS] On Curve25519 and other possibilities (… Andrey Jivsov
- Re: [TLS] On Curve25519 and other possibilities (… Johannes Merkle
- Re: [TLS] On Curve25519 and other possibilities (… Alyssa Rowan
- Re: [TLS] On Curve25519 and other possibilities (… Johannes Merkle
- Re: [TLS] On Curve25519 and other possibilities (… Blumenthal, Uri - 0668 - MITLL